Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

avifil.dll unable to clean/delete/quarantine [Solved]

Started by vvv447 , Feb 14 2009 10:05 AM

  • This topic is locked This topic is locked

#1
vvv447
Posted 14 February 2009 - 10:05 AM

vvv447

    Member

  • Member
  • PipPip
  • 15 posts
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

14.02.2009 17:10:32
mbam-log-2009-02-14 (17-10-32).txt

Scan type: Full Scan (C:\|D:\|L:\|N:\|)
Objects scanned: 160581
Time elapsed: 1 hour(s), 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdtta.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
vvv447
Posted 14 February 2009 - 10:06 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile of random's system information tool 1.05 (written by random/random)
Run by 1 at 2009-02-14 17:13:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (77%) free of 80 GB
Total RAM: 2047 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:48, on 14.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\TRENDware\TEW504UB\ACU.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
L:\Software\SYMANT~1.2-N\INSTAL~1\NSCTOP.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\StrongDC++\StrongDC.exe
C:\Documents and Settings\1\Рабочий стол\RSIT.exe
C:\Program Files\trend micro\1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {27C57E1A-0B8F-4FB9-91F6-F2B38567AE73} - C:\WINDOWS\system32\avifil.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on

/fr:on /appData:on
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\TRENDware\TEW504UB\ACU.exe" -nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: 802.11a_g Wireless Client Utility.lnk = ?
O4 - Global Startup: Ускоренный запуск Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp

Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi...b?1269032225296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.mi...b?1206016445125
O17 - HKLM\System\CCS\Services\Tcpip\..\{14746F4B-1A8D-4B1E-B6FE-3B5B09C1DFE0}: NameServer = 85.255.112.16;85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A619F4-3DEF-4F9D-ABF7-CE26522AADE2}: NameServer = 85.255.112.16;85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{14746F4B-1A8D-4B1E-B6FE-3B5B09C1DFE0}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{14746F4B-1A8D-4B1E-B6FE-3B5B09C1DFE0}: NameServer = 85.255.112.16;85.255.112.79
O17 - HKLM\System\CS3\Services\Tcpip\..\{14746F4B-1A8D-4B1E-B6FE-3B5B09C1DFE0}: NameServer = 85.255.112.16;85.255.112.79
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common

Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - L:\Software\SYMANT~1.2-N\INSTAL~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 14262 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27C57E1A-0B8F-4FB9-91F6-F2B38567AE73}]
C:\WINDOWS\system32\avifil.dll [2008-11-25 116480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-31 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-19 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"=C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe [2007-03-26 53248]
"zzzHPSETUP"=E:\Setup.exe []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]
"vptray"=C:\PROGRA~1\SYMANT~1\\vptray.exe [2008-09-30 125368]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-31 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-03-02 1667584]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-06-24 53096]
"basicsmssmenu"=C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"ACU"=C:\Program Files\TRENDware\TEW504UB\ACU.exe [2005-04-21 323584]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-10-09 270128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe [2007-05-03 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-11-06 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-11-06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2008-10-09 270128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^1^Главное

меню^Программы^Автозагрузка^StrongDC++.lnk]
C:\PROGRA~1\STRONG~1\StrongDC.exe [2006-11-05 2736128]

C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
802.11a_g Wireless Client Utility.lnk - C:\Program Files\TRENDware\TEW504UB\WLACU.exe
Ускоренный запуск Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\1\Главное меню\Программы\Автозагрузка
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2008-09-30 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
shell\Open\command - C:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
shell\Open\command - D:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com l:
shell\Open\command - L:\resycled\boot.com l:


======List of files/folders created in the last 3 months======

2010-03-19 23:57:53 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-03-19 23:57:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-03-19 23:57:52 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-03-19 23:57:52 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-03-19 23:12:54 ----A---- C:\WINDOWS\system32\RemSvc.exe
2010-03-19 23:12:54 ----A---- C:\WINDOWS\system32\ASWLSVC.exe
2010-03-19 23:12:54 ----A---- C:\WINDOWS\system32\ASWL2K.exe
2010-03-14 16:51:44 ----SD---- C:\Documents and Settings\1\Application Data\Microsoft
2010-03-14 16:51:44 ----D---- C:\Documents and Settings\1\Application Data\Identities
2010-03-14 16:51:44 ----ASH---- C:\Documents and Settings\1\Application Data\desktop.ini
2010-03-14 16:48:45 ----D---- C:\WINDOWS\Minidump
2010-03-14 16:48:40 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-06 19:13:55 ----A---- C:\WINDOWS\system32\h323log.txt
2010-03-06 19:10:01 ----A---- C:\WINDOWS\system32\usbui.dll
2010-03-06 19:09:27 ----A---- C:\WINDOWS\imsins.BAK
2010-03-06 19:09:25 ----SHD---- C:\WINDOWS\Installer
2010-03-06 19:09:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-06 19:09:24 ----D---- C:\Program Files\Common Files\ODBC
2010-03-06 19:09:24 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-06 19:09:21 ----RD---- C:\Program Files
2010-03-06 19:09:21 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-03-06 19:09:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-06 19:09:21 ----D---- C:\Program Files\Common Files
2010-03-06 19:09:18 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-03-06 19:09:18 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-03-06 19:09:18 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-03-06 19:09:17 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-03-06 19:09:16 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-03-06 19:09:16 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-03-06 19:09:15 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-03-06 19:09:15 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-03-06 19:09:15 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-03-06 19:09:14 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdycc.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbduzb.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdur.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdtat.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdmon.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdkyr.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdkaz.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdbu.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdblr.dll
2010-03-06 19:09:11 ----A---- C:\WINDOWS\system32\kbdaze.dll
2010-03-06 19:09:10 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-06 19:09:10 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-06 19:09:10 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-03-06 19:09:10 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-03-06 19:09:09 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-03-06 19:09:08 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-03-06 19:09:08 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-03-06 19:09:07 ----A---- C:\WINDOWS\system32\batt.dll
2010-03-06 19:09:07 ----A---- C:\WINDOWS\notepad.exe
2010-03-06 19:09:06 ----A---- C:\WINDOWS\system32\storprop.dll
2010-03-06 19:09:02 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-03-06 19:09:01 ----RA---- C:\WINDOWS\SET21.tmp
2010-03-06 19:09:00 ----RA---- C:\WINDOWS\SET8.tmp
2010-03-06 19:08:57 ----RA---- C:\WINDOWS\SET4.tmp
2010-03-06 19:08:56 ----RA---- C:\WINDOWS\SET3.tmp
2010-03-06 19:08:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-06 19:08:52 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-06 19:08:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-06 19:08:28 ----A---- C:\WINDOWS\setuplog.txt
2010-03-06 19:08:26 ----SHD---- C:\System Volume Information
2010-03-06 19:08:26 ----D---- C:\Documents and Settings
2010-03-06 19:06:59 ----RASH---- C:\boot.ini
2010-03-06 19:00:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-06 19:00:31 ----RSD---- C:\WINDOWS\Fonts
2010-03-06 19:00:31 ----RD---- C:\WINDOWS\Web
2010-03-06 19:00:31 ----HD---- C:\WINDOWS\inf
2010-03-06 19:00:31 ----D---- C:\WINDOWS\WinSxS
2010-03-06 19:00:31 ----D---- C:\WINDOWS\twain_32
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Temp
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\wins
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\wbem
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\usmt
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\spool
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\ShellExt
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\Setup
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\ras
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\oobe
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\npp
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\mui
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\IME
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\icsxml
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\ias
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\export
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\drivers
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\dhcp
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\config
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\3com_dmi
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\3076
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\2052
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1054
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1049
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1042
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1041
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1037
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1033
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1031
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1028
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32\1025
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system32
2010-03-06 19:00:31 ----D---- C:\WINDOWS\system
2010-03-06 19:00:31 ----D---- C:\WINDOWS\security
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Resources
2010-03-06 19:00:31 ----D---- C:\WINDOWS\repair
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Provisioning
2010-03-06 19:00:31 ----D---- C:\WINDOWS\PeerNet
2010-03-06 19:00:31 ----D---- C:\WINDOWS\pchealth
2010-03-06 19:00:31 ----D---- C:\WINDOWS\mui
2010-03-06 19:00:31 ----D---- C:\WINDOWS\msapps
2010-03-06 19:00:31 ----D---- C:\WINDOWS\msagent
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Media
2010-03-06 19:00:31 ----D---- C:\WINDOWS\java
2010-03-06 19:00:31 ----D---- C:\WINDOWS\ime
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Help
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Driver Cache
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Debug
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Cursors
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Connection Wizard
2010-03-06 19:00:31 ----D---- C:\WINDOWS\Config
2010-03-06 19:00:31 ----D---- C:\WINDOWS\AppPatch
2010-03-06 19:00:31 ----D---- C:\WINDOWS\addins
2010-03-06 19:00:31 ----D---- C:\WINDOWS
2010-03-06 19:00:30 ----A---- C:\WINDOWS\DUMP397e.tmp
2010-03-06 19:00:30 ----A---- C:\WINDOWS\DUMP30e3.tmp
2010-03-06 19:00:30 ----A---- C:\WINDOWS\DUMP2b07.tmp
2010-03-06 19:00:30 ----A---- C:\WINDOWS\DUMP29fe.tmp
2010-03-06 19:00:30 ----A---- C:\WINDOWS\DUMP26f0.tmp
2010-03-06 17:52:15 ----A---- C:\WINDOWS\smscfg.ini
2010-03-06 17:26:37 ----SHD---- C:\RECYCLER
2010-03-06 17:10:17 ----A---- C:\ASWL2K.ini
2010-03-06 17:08:36 ----A---- C:\WINDOWS\system32\ASUSW32N50.dll
2010-03-06 17:08:33 ----D---- C:\Program Files\ASUS
2010-03-06 17:04:41 ----D---- C:\WINDOWS\nview
2010-03-06 17:04:41 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-03-06 17:04:18 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-03-06 16:46:27 ----D---- C:\WINDOWS\system32\Attansic
2010-03-06 16:46:25 ----D---- C:\Program Files\Attansic
2010-03-06 16:46:11 ----D---- C:\WINDOWS\system32\Lang
2010-03-06 16:45:02 ----RA---- C:\WINDOWS\system32\ChCfg.exe
2010-03-06 16:44:48 ----D---- C:\WINDOWS\system32\RTCOM
2010-03-06 16:44:46 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-03-06 16:44:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-03-06 16:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2010-03-06 16:44:20 ----RA---- C:\WINDOWS\SoundMan.exe
2010-03-06 16:44:19 ----RA---- C:\WINDOWS\SkyTel.exe
2010-03-06 16:44:18 ----RA---- C:\WINDOWS\RtlUpd.exe
2010-03-06 16:44:16 ----RA---- C:\WINDOWS\RTLCPL.exe
2010-03-06 16:44:08 ----RA---- C:\WINDOWS\RTHDCPL.exe
2010-03-06 16:44:07 ----RA---- C:\WINDOWS\MicCal.exe
2010-03-06 16:44:05 ----RA---- C:\WINDOWS\Alcmtr.exe
2010-03-06 16:44:04 ----RA---- C:\WINDOWS\alcwzrd.exe
2010-03-06 16:44:03 ----D---- C:\Program Files\Realtek
2010-03-06 16:44:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-06 16:44:00 ----RA---- C:\WINDOWS\RtlExUpd.dll
2010-03-06 16:44:00 ----A---- C:\WINDOWS\HideWin.exe
2010-03-06 16:43:57 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-06 16:42:48 ----D---- C:\WINDOWS\ASUSInstAll
2010-03-06 16:37:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-06 16:37:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-06 16:37:12 ----D---- C:\Program Files\Intel
2010-03-06 16:37:02 ----D---- C:\Intel
2010-03-06 16:31:07 ----A---- C:\WINDOWS\Ascd_log.ini
2010-03-06 16:30:56 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-03-06 16:28:28 ----HD---- C:\Program Files\Uninstall Information
2010-03-06 16:24:15 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-06 16:24:13 ----SD---- C:\WINDOWS\system32\Microsoft
2010-03-06 16:24:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-06 16:18:04 ----D---- C:\WINDOWS\system32\xircom
2010-03-06 16:18:04 ----D---- C:\Program Files\xerox
2010-03-06 16:18:04 ----D---- C:\Program Files\microsoft frontpage
2010-03-06 16:18:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-06 16:17:52 ----A---- C:\WINDOWS\control.ini
2010-03-06 16:17:52 ----A---- C:\AUTOEXEC.BAT
2010-03-06 16:17:46 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-06 16:17:44 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-03-06 16:17:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-06 16:17:15 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-06 16:17:15 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-06 16:17:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-06 16:17:09 ----HD---- C:\Program Files\WindowsUpdate
2010-03-06 16:17:07 ----D---- C:\Program Files\Online Services
2010-03-06 16:16:55 ----D---- C:\WINDOWS\system32\DirectX
2010-03-06 16:16:37 ----A---- C:\WINDOWS\system32\atrace.dll
2010-03-06 16:16:34 ----A---- C:\WINDOWS\system32\desktop.ini
2010-03-06 16:16:34 ----A---- C:\WINDOWS\desktop.ini
2010-03-06 16:16:28 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-03-06 16:16:27 ----A---- C:\WINDOWS\system32\acctres.dll
2010-03-06 16:16:26 ----D---- C:\Program Files\Common Files\Services
2010-03-06 16:16:24 ----SD---- C:\WINDOWS\Tasks
2010-03-06 16:16:24 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-03-06 16:16:23 ----D---- C:\Program Files\Common Files\MSSoap
2010-03-06 16:16:20 ----D---- C:\WINDOWS\srchasst
2010-03-06 16:16:19 ----D---- C:\WINDOWS\system32\Macromed
2010-03-06 16:16:16 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-03-06 16:16:16 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-03-06 16:16:16 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-03-06 16:16:15 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-03-06 16:16:15 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-03-06 16:16:15 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-03-06 16:16:15 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-03-06 16:16:11 ----D---- C:\Program Files\Movie Maker
2010-03-06 16:16:08 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-03-06 16:16:08 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-03-06 16:16:08 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-03-06 16:16:07 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-03-06 16:16:04 ----D---- C:\WINDOWS\system32\Restore
2010-03-06 16:16:04 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-03-06 16:16:04 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-03-06 16:16:04 ----A---- C:\WINDOWS\system32\srclient.dll
2010-03-06 16:16:04 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-03-06 16:16:04 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-03-06 16:16:03 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-03-06 16:16:03 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-03-06 16:16:03 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-03-06 16:16:03 ----A---- C:\WINDOWS\system32\ils.dll
2010-03-06 16:16:02 ----A---- C:\WINDOWS\system32\msconf.dll
2010-03-06 16:16:02 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-03-06 16:16:00 ----D---- C:\Program Files\NetMeeting
2010-03-06 16:16:00 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-03-06 16:16:00 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-03-06 16:15:59 ----A---- C:\WINDOWS\system32\inetres.dll
2010-03-06 16:15:59 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-03-06 16:15:57 ----D---- C:\Program Files\Outlook Express
2010-03-06 16:15:57 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-03-06 16:15:57 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-03-06 16:15:57 ----A---- C:\WINDOWS\system32\mstask.dll
2010-03-06 16:15:56 ----A---- C:\WINDOWS\system32\isign32.dll
2010-03-06 16:15:56 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-03-06 16:15:56 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-03-06 16:15:56 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-03-06 16:15:51 ----D---- C:\Program Files\Common Files\System
2010-03-06 16:15:50 ----D---- C:\Program Files\Internet Explorer
2010-03-06 16:15:42 ----D---- C:\Program Files\ComPlus Applications
2010-03-06 16:15:41 ----A---- C:\WINDOWS\vbaddin.ini
2010-03-06 16:15:41 ----A---- C:\WINDOWS\vb.ini
2010-03-06 16:15:37 ----D---- C:\WINDOWS\Registration
2010-03-06 16:15:19 ----D---- C:\Program Files\Windows Media Player
2010-03-06 16:15:16 ----D---- C:\Program Files\Messenger
2010-03-06 16:15:13 ----D---- C:\Program Files\MSN Gaming Zone
2010-03-06 16:15:13 ----A---- C:\WINDOWS\system32\write.exe
2010-03-06 16:15:05 ----A---- C:\WINDOWS\system32\winchat.exe
2010-03-06 16:15:05 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-03-06 16:15:05 ----A---- C:\WINDOWS\system32\hticons.dll
2010-03-06 16:15:05 ----A---- C:\WINDOWS\system32\avwav.dll
2010-03-06 16:15:05 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-03-06 16:15:05 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-03-06 16:14:59 ----A---- C:\WINDOWS\system32\getuname.dll
2010-03-06 16:14:59 ----A---- C:\WINDOWS\system32\charmap.exe
2010-03-06 16:14:58 ----A---- C:\WINDOWS\system32\winmine.exe
2010-03-06 16:14:58 ----A---- C:\WINDOWS\system32\sol.exe
2010-03-06 16:14:58 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-03-06 16:14:58 ----A---- C:\WINDOWS\system32\freecell.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\tskill.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\tscon.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\shadow.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\reset.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\regini.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\msg.exe
2010-03-06 16:14:57 ----A---- C:\WINDOWS\system32\logoff.exe
2010-03-06 16:14:56 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-03-06 16:14:56 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-03-06 16:14:56 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-03-06 16:14:56 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-03-06 16:14:56 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-03-06 16:14:56 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-03-06 16:14:55 ----A---- C:\WINDOWS\system32\stclient.dll
2010-03-06 16:14:55 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-03-06 16:14:55 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-03-06 16:14:55 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-03-06 16:14:51 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-03-06 16:14:50 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-03-06 16:14:50 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-03-06 16:14:50 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-03-06 16:14:50 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-03-06 16:14:49 ----D---- C:\Program Files\Windows NT
2010-03-06 16:14:49 ----A---- C:\WINDOWS\system32\spider.exe
2010-03-06 16:14:49 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-03-06 16:14:49 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-03-06 16:14:48 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-03-06 16:14:47 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-03-06 16:14:46 ----D---- C:\WINDOWS\system32\MsDtc
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-03-06 16:14:46 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-03-06 16:14:45 ----D---- C:\WINDOWS\system32\Com
2010-03-06 16:14:45 ----A---- C:\WINDOWS\system32\colbact.dll
2010-03-06 16:14:45 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-03-06 16:14:45 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-03-06 16:14:44 ----A---- C:\WINDOWS\system32\comuid.dll
2010-03-06 16:14:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-03-06 16:14:44 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-03-06 16:14:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-03-06 16:14:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-03-06 16:14:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-03-06 16:14:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-03-06 16:14:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-03-06 16:14:39 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-02-14 17:13:21 ----D---- C:\Program Files\trend micro
2009-02-14 17:13:20 ----D---- C:\rsit
2009-02-14 15:56:27 ----D---- C:\Documents and Settings\1\Application Data\Malwarebytes
2009-02-14 15:56:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-14 15:56:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-14 12:20:13 ----D---- C:\Program Files\Prevx
2009-02-14 12:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2009-02-14 09:40:04 ----A---- C:\WINDOWS\wininit.ini
2009-02-03 20:19:19 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-02-03 18:32:44 ----D---- C:\Program Files\File Renamer Deluxe
2009-02-03 18:32:44 ----D---- C:\Documents and Settings\1\Application Data\Kristanix Software
2009-02-01 16:47:30 ----D---- C:\Program Files\GribUser
2009-02-01 16:28:39 ----D---- C:\Program Files\FBReader
2009-01-31 19:19:12 ----D---- C:\Program Files\Common Files\xing shared
2009-01-31 15:53:47 ----D---- C:\Program Files\Common Fi
  • 0

#3
vvv447
Posted 14 February 2009 - 10:07 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
info.txt logfile of random's system information tool 1.05 2009-02-14 17:13:51

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BB529C7-855D-11D7-8444-0050BA1D384D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D07881-18E2-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{F0F4DAC1-60DC-4D01-8BD9-DB8DA05A8A0F}
802.11a/g Driver and Client Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C756178-39F0-4E65-BFC6-21E9AF5C3F28}\setup.exe" -l0x9 -removeonly
ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
ACE-HIGH MP3 WAV WMA OGG Converter-->C:\PROGRA~1\ACE-HI~1\UNWISE.EXE C:\PROGRA~1\ACE-HI~1\INSTALL.LOG
Adobe Acrobat 9 Pro Extended - English, Franзais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Premiere Elements 3.0-->msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0-->MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Reader 7.0 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70000000000}
ASUS WLAN Card Utilities/Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x19
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
DivX Player-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
DjVuLibre+DjView-->C:\Program Files\DjVuZone\DjVuLibre\uninst.exe
Drive Manager-->"C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager-->MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
eBook Library by Sony-->MsiExec.exe /X{A0EAB3BE-AC3F-4F9F-ACC0-ED1809B607E3}
FBReader for Windows XP-->"C:\Program Files\FBReader\uninstall.exe"
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
FX AccuCharts-->MsiExec.exe /I{105D3B41-2F2F-335A-C309-C859A0F4CBE8}
Global Trading System Pro-->MsiExec.exe /I{3D241EE2-77D7-448F-8211-8A3961BA8383}
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Google Планета Земля-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GribUser Any to FB2 1.0 (remove only)-->"C:\Program Files\GribUser\Any to FB2\uninstall.exe"
GribUser FB2 to Any 1.0 (remove only)-->"C:\Program Files\GribUser\FB2 to Any\uninstall.exe"
HASP Device Drivers-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HDD32.LOG
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP LaserJet 3050/3052/3055/3390/3392 4.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{63B8035B-0743-45d3-A38D-B15B88F63EF7}\setup\hpzscr01.exe -datfile hppscr02.dat -onestop -forcereboot
HP OCR Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Scanjet 5590 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{672BDFD3-9E0A-4fc5-A97A-42DBC2B8C280}\setup\hpzscr01.exe -datfile hpgscr25.dat
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IsoBuster 2.2-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.1.0 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LynxONE Audio Driver (Remove Only)-->C:\WINDOWS\RmLynx.exe
Magic ISO Maker v5.5 (build 0272)-->L:\VASYAF~1\MagicISO\UNWISE.EXE L:\VASYAF~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Russian Language Pack-->MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office - профессиональный выпуск версии 2003-->MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Report Viewer Redistributable 2005-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\install.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Password Cracker Pro v3.0-->"C:\Program Files\PDF Password Cracker Pro v3.0\unins000.exe"
PDF Password Remover v3.0-->"C:\Program Files\PDF Password Remover v3.0\unins000.exe"
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Presto! PageManager 7.11-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC5FDFC6-D617-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
Prevx CSI-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
PRS-505 User's Guide-->MsiExec.exe /X{9CC826E7-4848-4CB2-A3F6-A24356CAB464}
Readiris Pro 8-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x19 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Samplitude V8 SE (US)-->C:\MAGIX\Samplitude_V8_SE\instslct.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update для Microsoft .NET Framework 2.0 (КБ928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Symantec AntiVirus-->MsiExec.exe /I{AD8A1013-4E46-4E02-85C2-3168C3328432}
Symantec System Center-->MsiExec.exe /I{465E9D5E-63BF-46B8-AE8B-0E375CE9C3ED}
Symantec System Center-->MsiExec.exe /I{465E9D5E-63BF-46B8-AE8B-0E375CE9C3ED}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Toolbar for Firefox-->"\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\PRSUSB_0200B6D60DA90847167AFB40E87ADFDB0591D0A1\PRSUSB.inf
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Архиватор WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Исправление для Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Исправление для Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Исправление для проигрывателя Windows Media 11 - (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Мультимедиа альбом HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Обновление безопасности для Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Обновление безопасности для Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Программа обновлений Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
СтройКонсультант-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D9EF7BE-5729-40A1-AFAB-7FADE20DBED9}\Setup.exe"

======Security center information======

AV: Symantec AntiVirus Corporate Edition

System event log

Computer Name: BAKLANOV
Event Code: 7036
Message: Служба "Службы терминалов" перешла в состояние Работает.

Record Number: 20132
Source Name: Service Control Manager
Time Written: 20081231235259.000000+180
Event Type: информация
User:

Computer Name: BAKLANOV
Event Code: 7000
Message: Сбой при запуске службы "Consult" из-за ошибки
Не удается найти указанный файл.


Record Number: 20131
Source Name: Service Control Manager
Time Written: 20081231235259.000000+180
Event Type: ошибка
User:

Computer Name: BAKLANOV
Event Code: 6005
Message: Запущена служба журнала событий.

Record Number: 20130
Source Name: EventLog
Time Written: 20081231235230.000000+180
Event Type: информация
User:

Computer Name: BAKLANOV
Event Code: 6009
Message: Microsoft ® Windows 2000 ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 20129
Source Name: EventLog
Time Written: 20081231235230.000000+180
Event Type: информация
User:

Computer Name: BAKLANOV
Event Code: 6006
Message: Служба журнала событий остановлена.

Record Number: 20128
Source Name: EventLog
Time Written: 20081231235100.000000+180
Event Type: информация
User:

Application event log

Computer Name: BAKLANOV
Event Code: 6
Message:


Could not scan 1 files inside N:\StroyConusltant\SrtoyConsultantReglament3.3(2008-08-31)\Base\Revs\8530.dca due to extraction errors encountered by the Decomposer Engines.

Record Number: 35448
Source Name: Symantec AntiVirus
Time Written: 20090212051550.000000+180
Event Type: предупреждение
User:

Computer Name: BAKLANOV
Event Code: 6
Message:


Could not scan 1 files inside N:\StroyConusltant\SrtoyConsultantReglament3.3(2008-08-31)\Base\Revs\8529.dca due to extraction errors encountered by the Decomposer Engines.

Record Number: 35447
Source Name: Symantec AntiVirus
Time Written: 20090212051550.000000+180
Event Type: предупреждение
User:

Computer Name: BAKLANOV
Event Code: 6
Message:


Could not scan 1 files inside N:\StroyConusltant\SrtoyConsultantReglament3.3(2008-08-31)\Base\Revs\8521.dca due to extraction errors encountered by the Decomposer Engines.

Record Number: 35446
Source Name: Symantec AntiVirus
Time Written: 20090212051550.000000+180
Event Type: предупреждение
User:

Computer Name: BAKLANOV
Event Code: 6
Message:


Could not scan 2 files inside N:\StroyConusltant\SrtoyConsultantReglament3.3(2008-08-31)\Base\Revs\8520.dca due to extraction errors encountered by the Decomposer Engines.

Record Number: 35445
Source Name: Symantec AntiVirus
Time Written: 20090212051550.000000+180
Event Type: предупреждение
User:

Computer Name: BAKLANOV
Event Code: 6
Message:


Could not scan 1 files inside N:\StroyConusltant\SrtoyConsultantReglament3.3(2008-08-31)\Base\Revs\8519.dca due to extraction errors encountered by the Decomposer Engines.

Record Number: 35444
Source Name: Symantec AntiVirus
Time Written: 20090212051550.000000+180
Event Type: предупреждение
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
  • 0

#4
vvv447
Posted 14 February 2009 - 10:08 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
gmer log attached

Attached Files


  • 0

#5
vvv447
Posted 14 February 2009 - 10:09 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
by the way, when downloading ERUNT software, it brought viruses with it, Symantec found them
Additionally: Pvevx csi 3.0 identified the threat, I'm attaching the PrintScreen, it found the rootkit at avifil.dll and at the driver jmdfmwtz.sys.
If you think that Prevx can clean the threat, please, inform, i'll purchase it.

Attached Thumbnails

  • Prevx_csi_30_log.JPG

Edited by vvv447, 14 February 2009 - 10:13 AM.

  • 0

#6
fenzodahl512
Posted 14 February 2009 - 11:52 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#7
vvv447
Posted 15 February 2009 - 04:26 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello, fenzodahl512, I'm running Combofix just now, writing from a neighboring PC
  • 0

#8
vvv447
Posted 15 February 2009 - 04:36 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello, Here's the ComboFix log fle. By the way, the contaminated PC started sending information out to somewhere with such a speed, that I had to use another PC to access to the internet, copying the files through a flash card.
While runnign Combofix after reboot it started a dos-resembling black window, stating it will close by itself (it's ok), but later it displayed a window with a red cross, Win 5.0 ....

ComboFix 09-02-14.01 - 1 2009-02-15 13:23:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.2047.1481 [GMT 3:00]
Running from: o:\vtreatment\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\1\Application Data\.#
c:\documents and settings\1\Application Data\.#\MBX@EB4@3323588.###
c:\documents and settings\1\Application Data\.#\MBX@EB4@3323598.###
c:\documents and settings\1\Application Data\.#\MBX@EB4@33235B8.###
c:\documents and settings\1\Application Data\.#\MBX@F08@353588.###
c:\documents and settings\1\Application Data\.#\MBX@F08@3535A8.###
c:\documents and settings\1\Application Data\.#\MBX@F08@3535B8.###
C:\resycled
c:\resycled\boot.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\iqtmrlpt.ini
c:\windows\system32\rCMlmnnn.ini
c:\windows\system32\rCMlmnnn.ini2
c:\windows\system32\rkeccmhk.ini
c:\windows\system32\vvvmbclu.ini
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
L:\Autorun.inf
L:\resycled
l:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2010-03-19 23:56 . 2010-03-19 23:56 <DIR> d--hs---- c:\documents and settings\1\UserData
2010-03-14 16:51 . 2010-03-06 16:15 <DIR> d--h----- c:\documents and settings\1\Шаблоны
2010-03-14 16:51 . 2009-02-14 18:59 <DIR> d-------- c:\documents and settings\1\Рабочий стол
2010-03-14 16:51 . 2009-01-30 23:41 <DIR> dr------- c:\documents and settings\1\Мои документы
2010-03-14 16:51 . 2008-11-30 18:32 <DIR> dr------- c:\documents and settings\1\Главное меню
2010-03-14 16:51 . 2008-04-15 21:00 <DIR> dr------- c:\documents and settings\1\Избранное
2009-02-14 15:56 . 2009-02-14 15:56 <DIR> d-------- c:\documents and settings\1\Application Data\Malwarebytes
2009-02-14 08:57 . 2009-02-14 08:57 <DIR> d-------- c:\documents and settings\Администратор\Application Data\Kristanix Software
2009-02-03 18:32 . 2009-02-03 18:32 <DIR> d-------- c:\documents and settings\1\Application Data\Kristanix Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 20:13 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2010-03-14 13:46 90,112 ----a-w c:\windows\DUMP30e3.tmp
2010-03-06 14:08 --------- d-----w c:\program files\ASUS
2010-03-06 13:46 --------- d-----w c:\program files\Attansic
2010-03-06 13:44 315,392 ----a-w c:\windows\HideWin.exe
2010-03-06 13:44 --------- d-----w c:\program files\Realtek
2010-03-06 13:37 --------- d-----w c:\program files\Intel
2010-03-06 13:18 --------- d-----w c:\program files\microsoft frontpage
2009-02-15 10:26 8,286,240 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-15 10:26 68,960 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-15 10:26 237,600 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-15 10:26 1,892 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-15 10:26 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-15 10:26 --------- d-----w c:\documents and settings\1\Application Data\uTorrent
2009-02-15 10:23 --------- d-----w c:\documents and settings\1\Application Data\Skype
2009-02-15 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-15 10:19 --------- d-----w c:\documents and settings\1\Application Data\skypePM
2009-02-14 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-14 17:50 --------- d-----w c:\program files\trend micro
2009-02-14 17:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 17:50 --------- d-----w c:\program files\ERUNT
2009-02-14 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI(2)
2009-02-14 17:17 96,645 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-14 17:17 87,941 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-14 17:17 --------- d-----w c:\program files\Kaspersky Lab
2009-02-14 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 15:32 --------- d-----w c:\program files\File Renamer Deluxe
2009-02-01 13:48 --------- d-----w c:\program files\GribUser
2009-02-01 13:28 --------- d-----w c:\program files\FBReader
2009-01-31 16:19 --------- d-----w c:\program files\Common Files\xing shared
2009-01-31 16:19 --------- d-----w c:\program files\Common Files\Real
2009-01-31 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-31 12:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-31 12:53 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 20:39 --------- d-----w c:\program files\Sony
2009-01-30 20:38 --------- d-----w c:\program files\DIFX
2009-01-30 20:38 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-30 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\kinoma
2009-01-19 19:36 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2009-01-19 19:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 10:30 --------- d-----w c:\program files\Seagate
2009-01-17 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-07 09:58 --------- d-----w c:\program files\ACE-HIGH MP3 WAV WMA OGG Converter
2009-01-04 12:24 --------- d-----w c:\documents and settings\1\Application Data\vlc
2009-01-04 12:20 --------- d-----w c:\program files\VideoLAN
2008-12-31 16:01 --------- d-----w c:\documents and settings\1\Application Data\Professional
2008-12-21 12:03 --------- d-----w c:\program files\Marriage
2008-12-15 19:54 --------- d-----w c:\program files\FX
2008-12-15 17:05 90,112 ----a-w c:\windows\DUMP397e.tmp
2008-04-14 20:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-10 14:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27C57E1A-0B8F-4FB9-91F6-F2B38567AE73}]
2008-11-25 00:30 116480 --a------ c:\windows\system32\avifil.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2007-03-26 53248]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"ACU"="c:\program files\TRENDware\TEW504UB\ACU.exe" [2005-04-21 323584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\1\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-14 575488]

c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
802.11a_g Wireless Client Utility.lnk - c:\program files\TRENDware\TEW504UB\WLACU.exe [2008-04-12 28672]
“᪮७­л© § ЇгбЄ Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave"= Lynx.Dll
"MIDI"= Lynx.Dll
"Mixer"= Lynx.Dll

[HKLM\~\startupfolder\C:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^StrongDC++.lnk]
path=c:\documents and settings\1\Главное меню\Программы\Автозагрузка\StrongDC++.lnk
backup=c:\windows\pss\StrongDC++.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:10 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-03 15:38 36864 c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-06 12:30 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-06 12:30 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-10-09 22:07 270128 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 13:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-06 12:30 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2007-03-21 09:49 16126464 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43218:TCP"= 43218:TCP:utorrent.com

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2008-04-12 16855]
R0 jmdfmwtz;jmdfmwtz;c:\windows\system32\drivers\jmdfmwtz.sys [2006-03-02 23424]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 Lynx;Lynx;c:\windows\system32\drivers\Lynx.Sys [2004-06-03 104544]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Consult;Consult;c:\windows\system32\drivers\CONSULT.SYS [2009-01-02 3008]
R2 haspflt;haspflt;c:\windows\system32\drivers\haspflt.sys [2009-01-19 29024]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2008-04-12 21808]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2010-03-06 16269]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-03-06 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-11-25 99376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2008-04-12 43392]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2008-09-30 116664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com l:
\Shell\Open\command - l:\resycled\boot.com l:
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-zzzHPSETUP - E:\Setup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\mh29cmj5.default\
FF - prefs.js: browser.startup.homepage - http:/www.mail.yahoo.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 13:28:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\scs4.tmp 5858 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-494193713-16680504-4204272373-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
l:\software\SYMANT~1.2-N\INSTAL~1\NscTop.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\progra~1\SYMANT~1\VPTray.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 13:32:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 10:32:16

Pre-Run: 65 322 897 408 байт свободно
Post-Run: 66,139,185,152 байт свободно

280 --- E O F --- 2008-11-13 18:06:51
  • 0

#9
fenzodahl512
Posted 15 February 2009 - 05:32 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
I sense a presence of rootkit inside the computer.. Lets do this step...


Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again



1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.



  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply

  • 0

#10
vvv447
Posted 15 February 2009 - 06:08 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
While AVZ is running on another PC, i must say that internet connection on the scanned PC is on, but no browser would load an internet window. neither AVZ would update, saying for both sources: (translation from Russian) "Error whilst automatic update - Error in loading of the update description file avzupd.zip from http://avz.virusinfo.info/avz_up/ {21, 00002EE7}
Am I able to update the AVZ from this well-running pc and then use it on the infected one? for example, by running it from this pc on a flash card?

And the infected computer is running very slow, much slower, then usual.

Edited by vvv447, 15 February 2009 - 06:10 AM.

  • 0

Advertisements

#11
fenzodahl512
Posted 15 February 2009 - 06:26 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. quit AVZ and do this first...


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
jmdfmwtz

Rootkit::
c:\windows\system32\drivers\jmdfmwtz.sys
c:\windows\TEMP\scs4.tmp
c:\windows\system32\avifil.dll

Folder::
c:\resycled
d:\resycled

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27C57E1A-0B8F-4FB9-91F6-F2B38567AE73}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#12
vvv447
Posted 15 February 2009 - 06:47 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, i've finished AVZ, attaching the virusinfo_syscheck.htm and virusinfo_syscheck.zip hereto.
Meanwhile, performing Combofix action, as in your last post.
Thank you very much so far!

Sorry, some content might be in Russian, if needed, i will translate it.
And I want to ask you again: Prevx csi 3.0 has seen those rootkits. Do you think it would be able to heal them?
And more: i have switched off external drives, since no viruses have been found there, but all scanning programs take long time to scan them, i have only stored info at external drives, no programs running.

Attached Files


Edited by vvv447, 15 February 2009 - 07:01 AM.

  • 0

#13
vvv447
Posted 15 February 2009 - 07:11 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello, fenzodahl512, Here's a new Combofix log report:

ComboFix 09-02-14.01 - 1 2009-02-15 16:00:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.2047.1509 [GMT 3:00]
Running from: o:\vtreatment\ComboFix.exe
Command switches used :: o:\vtreatment\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\avifil.dll
c:\windows\system32\drivers\jmdfmwtz.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JMDFMWTZ
-------\Service_jmdfmwtz


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2010-03-19 23:56 . 2010-03-19 23:56 <DIR> d--hs---- c:\documents and settings\1\UserData
2010-03-14 16:51 . 2010-03-06 16:15 <DIR> d--h----- c:\documents and settings\1\Шаблоны
2010-03-14 16:51 . 2009-02-14 18:59 <DIR> d-------- c:\documents and settings\1\Рабочий стол
2010-03-14 16:51 . 2009-01-30 23:41 <DIR> dr------- c:\documents and settings\1\Мои документы
2010-03-14 16:51 . 2008-11-30 18:32 <DIR> dr------- c:\documents and settings\1\Главное меню
2010-03-14 16:51 . 2008-04-15 21:00 <DIR> dr------- c:\documents and settings\1\Избранное
2009-02-14 15:56 . 2009-02-14 15:56 <DIR> d-------- c:\documents and settings\1\Application Data\Malwarebytes
2009-02-14 08:57 . 2009-02-14 08:57 <DIR> d-------- c:\documents and settings\Администратор\Application Data\Kristanix Software
2009-02-03 18:32 . 2009-02-03 18:32 <DIR> d-------- c:\documents and settings\1\Application Data\Kristanix Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 20:13 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2010-03-14 13:46 90,112 ----a-w c:\windows\DUMP30e3.tmp
2010-03-06 14:08 --------- d-----w c:\program files\ASUS
2010-03-06 13:46 --------- d-----w c:\program files\Attansic
2010-03-06 13:44 315,392 ----a-w c:\windows\HideWin.exe
2010-03-06 13:44 --------- d-----w c:\program files\Realtek
2010-03-06 13:37 --------- d-----w c:\program files\Intel
2010-03-06 13:18 --------- d-----w c:\program files\microsoft frontpage
2009-02-15 13:02 8,286,240 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-15 13:02 68,960 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-15 13:02 270,368 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-15 13:02 2,004 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-15 12:59 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-15 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-15 12:57 --------- d-----w c:\documents and settings\1\Application Data\uTorrent
2009-02-15 12:57 --------- d-----w c:\documents and settings\1\Application Data\Skype
2009-02-15 10:19 --------- d-----w c:\documents and settings\1\Application Data\skypePM
2009-02-14 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-14 17:50 --------- d-----w c:\program files\trend micro
2009-02-14 17:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 17:50 --------- d-----w c:\program files\ERUNT
2009-02-14 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI(2)
2009-02-14 17:17 96,645 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-14 17:17 87,941 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-14 17:17 --------- d-----w c:\program files\Kaspersky Lab
2009-02-14 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 15:32 --------- d-----w c:\program files\File Renamer Deluxe
2009-02-01 13:48 --------- d-----w c:\program files\GribUser
2009-02-01 13:28 --------- d-----w c:\program files\FBReader
2009-01-31 16:19 --------- d-----w c:\program files\Common Files\xing shared
2009-01-31 16:19 --------- d-----w c:\program files\Common Files\Real
2009-01-31 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-31 12:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-31 12:53 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 20:39 --------- d-----w c:\program files\Sony
2009-01-30 20:38 --------- d-----w c:\program files\DIFX
2009-01-30 20:38 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-30 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\kinoma
2009-01-19 19:36 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2009-01-19 19:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 10:30 --------- d-----w c:\program files\Seagate
2009-01-17 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-07 09:58 --------- d-----w c:\program files\ACE-HIGH MP3 WAV WMA OGG Converter
2009-01-04 12:24 --------- d-----w c:\documents and settings\1\Application Data\vlc
2009-01-04 12:20 --------- d-----w c:\program files\VideoLAN
2008-12-31 16:01 --------- d-----w c:\documents and settings\1\Application Data\Professional
2008-12-21 12:03 --------- d-----w c:\program files\Marriage
2008-12-15 19:54 --------- d-----w c:\program files\FX
2008-12-15 17:05 90,112 ----a-w c:\windows\DUMP397e.tmp
2008-04-14 20:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-10 14:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_13.31.27.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 03:28:14 63,324 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-15 12:50:29 63,188 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-12 03:28:14 75,728 ----a-w c:\windows\system32\perfc019.dat
+ 2009-02-15 12:50:29 75,526 ----a-w c:\windows\system32\perfc019.dat
- 2009-02-12 03:28:14 404,104 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-15 12:50:29 403,968 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-12 03:28:14 445,720 ----a-w c:\windows\system32\perfh019.dat
+ 2009-02-15 12:50:29 445,412 ----a-w c:\windows\system32\perfh019.dat
+ 2009-02-15 13:03:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2007-03-26 53248]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"ACU"="c:\program files\TRENDware\TEW504UB\ACU.exe" [2005-04-21 323584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\1\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-14 575488]

c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
802.11a_g Wireless Client Utility.lnk - c:\program files\TRENDware\TEW504UB\WLACU.exe [2008-04-12 28672]
“᪮७­л© § ЇгбЄ Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave"= Lynx.Dll
"MIDI"= Lynx.Dll
"Mixer"= Lynx.Dll

[HKLM\~\startupfolder\C:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^StrongDC++.lnk]
path=c:\documents and settings\1\Главное меню\Программы\Автозагрузка\StrongDC++.lnk
backup=c:\windows\pss\StrongDC++.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:10 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-03 15:38 36864 c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-06 12:30 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-06 12:30 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-10-09 22:07 270128 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 13:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-06 12:30 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2007-03-21 09:49 16126464 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43218:TCP"= 43218:TCP:utorrent.com

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2008-04-12 16855]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 Lynx;Lynx;c:\windows\system32\drivers\Lynx.Sys [2004-06-03 104544]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Consult;Consult;c:\windows\system32\drivers\CONSULT.SYS [2009-01-02 3008]
R2 haspflt;haspflt;c:\windows\system32\drivers\haspflt.sys [2009-01-19 29024]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2008-04-12 21808]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2010-03-06 16269]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-03-06 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-11-25 99376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2008-04-12 43392]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2008-09-30 116664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\mh29cmj5.default\
FF - prefs.js: browser.startup.homepage - http:/www.mail.yahoo.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 16:04:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-494193713-16680504-4204272373-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\progra~1\SYMANT~1\VPTray.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 16:08:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 13:08:16
ComboFix2.txt 2009-02-15 10:32:21

Pre-Run: 66 124 021 760 байт свободно
Post-Run: 66,106,183,680 байт свободно

261 --- E O F --- 2008-11-13 18:06:51
  • 0

#14
vvv447
Posted 15 February 2009 - 07:14 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello, looks like the avifil.dll file has been deleted along with jmdfmwtz.sys from windows/system32 folders!!! and the PC works much faster, any further actions needed?
Thank you so much, if you think it's the end of the trouble!!!
  • 0

#15
vvv447
Posted 15 February 2009 - 07:27 AM

vvv447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix.txt file (i have found no HighJack report file

ComboFix 09-02-14.01 - 1 2009-02-15 16:00:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.2047.1509 [GMT 3:00]
Running from: o:\vtreatment\ComboFix.exe
Command switches used :: o:\vtreatment\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\avifil.dll
c:\windows\system32\drivers\jmdfmwtz.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JMDFMWTZ
-------\Service_jmdfmwtz


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2010-03-19 23:56 . 2010-03-19 23:56 <DIR> d--hs---- c:\documents and settings\1\UserData
2010-03-14 16:51 . 2010-03-06 16:15 <DIR> d--h----- c:\documents and settings\1\Шаблоны
2010-03-14 16:51 . 2009-02-14 18:59 <DIR> d-------- c:\documents and settings\1\Рабочий стол
2010-03-14 16:51 . 2009-01-30 23:41 <DIR> dr------- c:\documents and settings\1\Мои документы
2010-03-14 16:51 . 2008-11-30 18:32 <DIR> dr------- c:\documents and settings\1\Главное меню
2010-03-14 16:51 . 2008-04-15 21:00 <DIR> dr------- c:\documents and settings\1\Избранное
2009-02-14 15:56 . 2009-02-14 15:56 <DIR> d-------- c:\documents and settings\1\Application Data\Malwarebytes
2009-02-14 08:57 . 2009-02-14 08:57 <DIR> d-------- c:\documents and settings\Администратор\Application Data\Kristanix Software
2009-02-03 18:32 . 2009-02-03 18:32 <DIR> d-------- c:\documents and settings\1\Application Data\Kristanix Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 20:13 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2010-03-14 13:46 90,112 ----a-w c:\windows\DUMP30e3.tmp
2010-03-06 14:08 --------- d-----w c:\program files\ASUS
2010-03-06 13:46 --------- d-----w c:\program files\Attansic
2010-03-06 13:44 315,392 ----a-w c:\windows\HideWin.exe
2010-03-06 13:44 --------- d-----w c:\program files\Realtek
2010-03-06 13:37 --------- d-----w c:\program files\Intel
2010-03-06 13:18 --------- d-----w c:\program files\microsoft frontpage
2009-02-15 13:02 8,286,240 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-15 13:02 68,960 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-15 13:02 270,368 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-15 13:02 2,004 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-15 12:59 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-15 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-15 12:57 --------- d-----w c:\documents and settings\1\Application Data\uTorrent
2009-02-15 12:57 --------- d-----w c:\documents and settings\1\Application Data\Skype
2009-02-15 10:19 --------- d-----w c:\documents and settings\1\Application Data\skypePM
2009-02-14 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-14 17:50 --------- d-----w c:\program files\trend micro
2009-02-14 17:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 17:50 --------- d-----w c:\program files\ERUNT
2009-02-14 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI(2)
2009-02-14 17:17 96,645 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-14 17:17 87,941 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-14 17:17 --------- d-----w c:\program files\Kaspersky Lab
2009-02-14 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 15:32 --------- d-----w c:\program files\File Renamer Deluxe
2009-02-01 13:48 --------- d-----w c:\program files\GribUser
2009-02-01 13:28 --------- d-----w c:\program files\FBReader
2009-01-31 16:19 --------- d-----w c:\program files\Common Files\xing shared
2009-01-31 16:19 --------- d-----w c:\program files\Common Files\Real
2009-01-31 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-31 12:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-31 12:53 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 20:39 --------- d-----w c:\program files\Sony
2009-01-30 20:38 --------- d-----w c:\program files\DIFX
2009-01-30 20:38 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-30 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\kinoma
2009-01-19 19:36 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2009-01-19 19:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 10:30 --------- d-----w c:\program files\Seagate
2009-01-17 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-07 09:58 --------- d-----w c:\program files\ACE-HIGH MP3 WAV WMA OGG Converter
2009-01-04 12:24 --------- d-----w c:\documents and settings\1\Application Data\vlc
2009-01-04 12:20 --------- d-----w c:\program files\VideoLAN
2008-12-31 16:01 --------- d-----w c:\documents and settings\1\Application Data\Professional
2008-12-21 12:03 --------- d-----w c:\program files\Marriage
2008-12-15 19:54 --------- d-----w c:\program files\FX
2008-12-15 17:05 90,112 ----a-w c:\windows\DUMP397e.tmp
2008-04-14 20:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-10 14:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_13.31.27.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 03:28:14 63,324 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-15 12:50:29 63,188 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-12 03:28:14 75,728 ----a-w c:\windows\system32\perfc019.dat
+ 2009-02-15 12:50:29 75,526 ----a-w c:\windows\system32\perfc019.dat
- 2009-02-12 03:28:14 404,104 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-15 12:50:29 403,968 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-12 03:28:14 445,720 ----a-w c:\windows\system32\perfh019.dat
+ 2009-02-15 12:50:29 445,412 ----a-w c:\windows\system32\perfh019.dat
+ 2009-02-15 13:03:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2007-03-26 53248]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"ACU"="c:\program files\TRENDware\TEW504UB\ACU.exe" [2005-04-21 323584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\1\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-14 575488]

c:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
802.11a_g Wireless Client Utility.lnk - c:\program files\TRENDware\TEW504UB\WLACU.exe [2008-04-12 28672]
“᪮७­л© § ЇгбЄ Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave"= Lynx.Dll
"MIDI"= Lynx.Dll
"Mixer"= Lynx.Dll

[HKLM\~\startupfolder\C:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^StrongDC++.lnk]
path=c:\documents and settings\1\Главное меню\Программы\Автозагрузка\StrongDC++.lnk
backup=c:\windows\pss\StrongDC++.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:10 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-03 15:38 36864 c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-06 12:30 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-06 12:30 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-10-09 22:07 270128 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 13:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-06 12:30 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2007-03-21 09:49 16126464 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43218:TCP"= 43218:TCP:utorrent.com

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2008-04-12 16855]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 Lynx;Lynx;c:\windows\system32\drivers\Lynx.Sys [2004-06-03 104544]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Consult;Consult;c:\windows\system32\drivers\CONSULT.SYS [2009-01-02 3008]
R2 haspflt;haspflt;c:\windows\system32\drivers\haspflt.sys [2009-01-19 29024]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2008-04-12 21808]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2010-03-06 16269]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-03-06 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-11-25 99376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2008-04-12 43392]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2008-09-30 116664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\mh29cmj5.default\
FF - prefs.js: browser.startup.homepage - http:/www.mail.yahoo.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 16:04:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-494193713-16680504-4204272373-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\progra~1\SYMANT~1\VPTray.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 16:08:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 13:08:16
ComboFix2.txt 2009-02-15 10:32:21

Pre-Run: 66 124 021 760 байт свободно
Post-Run: 66,106,183,680 байт свободно

261 --- E O F --- 2008-11-13 18:06:51
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP