Созданные ответы форума
-
Сообщения
-
info.txt logfile of random’s system information tool 1.06 2009-11-28 10:31:05
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
1C:Barcode scanner—>MsiExec.exe /I{EA5EB55A-7EEA-4B09-8752-AE5CFBCA7100}
1C:Предприятие 8.1—>MsiExec.exe /I{45FCC729-7789-479D-89A6-CE1AC809ADCA}
7-Zip 4.59 alpha 3—>»C:Program Files7-ZipUninstall.exe»
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee Pro 2—>MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81200000003}
Apple Application Support—>MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support—>MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Blaze DVD Player 6.52—>»C:Program FilesBlazeVideoBlazeDVDunins000.exe»
BlazeDTV 2.5—>»C:Program FilesBlazeVideoBlazeDTV 2.5unins000.exe»
Bluesoleil2.6.0.8 Release 070517—>MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Bonjour—>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CDDRV_Installer—>MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Cpu-z—>C:Program FilesCpu-zuninstall.bat
Download Master version 5.5.4.1133—>»C:Program FilesDownload Masterunins000.exe»
ESET NOD32 Antivirus—>MsiExec.exe /I{B6E1E1DC-6DB4-420D-A80E-C8DF699C25EA}
FastStone Capture 6.1—>»C:Program FilesFastStone Captureunins000.exe»
FastStone Image Viewer 3.5—>»C:Program FilesFastStone Image Viewerunins000.exe»
Foxit Reader—>MsiExec.exe /I{376DA9DC-71B3-4AB7-A80C-8ED02A736172}
HashTab 2.1.0—>C:WINDOWSsystem32ShellExthtdel32.bat
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
iTunes—>MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KhalInstallWrapper—>MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
K-Lite Mega Codec Pack 3.9.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
KMPlayer 2.9.3.1430—>»C:Program FilesThe KMPlayerunins000.exe»
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}SETUP.EXE» -l0x9 UNINSTALL
Logitech Registration—>MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint—>C:Program FilesInstallShield Installation Information{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}setup.exe -runfromtemp -l0x0019 -removeonly
LouderIt 2.0 beta3—>»C:Program FilesLouderItunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Thunderbird (2.0.0.23)—>C:Program FilesMozilla Thunderbirduninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
Opera 9.5.1—>»C:Program FilesOperaunins000.exe»
Path2Clipboard 1.0.7.67—>C:WINDOWSsystem32ShellExtP2Cdel.bat
PowerDVD—>»C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -l0x000409 /z-uninstall
QuickTime—>MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m -nrg2709
Restorator 2007 v3.70 Build 1747 — Retail—>»C:Program FilesRestorator 2007unins000.exe»
Shockwave Player—>MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
Total Commander—>C:Program FilesTotal CommanderUninstall.exe
Ukrainian language for ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /X{9274109B-3F04-4608-8B3E-4AC55B5DDAF1}
UltraISO Premium V9.2—>»C:Program FilesUltraISOunins000.exe»
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Unlocker 1.8.7—>C:Program FilesUnlockeruninst.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Vit Registry Fix 5.3—>C:Program FilesVitSoftVit Registry FixUninstall.exe
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Yahoo! Anti-Spy—>C:PROGRA~1Yahoo!Commonunypsr.exe
Yahoo! Toolbar—>C:PROGRA~1Yahoo!Commonunyt.exe
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Герои Меча и Магии 3.5: Во имя Богов—>C:WINDOWSIsUn0419.exe -ff:gamezгеройUninst.isu
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Элемент управления «1С:Печать штрихкодов»—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{48E6B39F-F686-4327-8BED-0D5AEDF2E56F}======Hosts File======
127.0.0.1 localhost
127.0.0.1 99.189.54
127.0.0.1 99.189.52
127.0.0.1 99.14.103
127.0.0.1 98.223.73
127.0.0.1 97.80.137
127.0.0.1 95.134.16
127.0.0.1 95.133.8.
127.0.0.1 95.133.23
127.0.0.1 95.133.23======Security center information======
AV: ESET NOD32 Antivirus 3.0
======System event log======
Computer Name: OMEN
Event Code: 7036
Message: Служба «Установщик Windows» перешла в состояние Работает.Record Number: 2617
Source Name: Service Control Manager
Time Written: 20091114164623.000000+120
Event Type: информация
User:Computer Name: OMEN
Event Code: 7035
Message: Служба «Установщик Windows» успешно отправила управляющий элемент «запустить».Record Number: 2616
Source Name: Service Control Manager
Time Written: 20091114164623.000000+120
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: OMEN
Event Code: 20
Message: Драйвер принтера Canon MP210 series Printer для Windows NT x86 Version-3 добавлен или обновлен. Файлы:- CNMDR8S.DLL, CNMUI8S.DLL, CNMCP8S.DLL, CNMMH8S.CHM, CNMLR8S.DLL, CNMCB8S.DLL, CNMD58S.DLL, CNMUR8S.DLL, CNMSR8S.DLL, CNMIN8S.INI, CNMPI8S.DLL, CNMSM8S.DLL, CNMSS8S.SMR, CNMSD8S.DLL, CNMSQ8S.DLL, CNMSH8S.CHM, CNMIH8S.CHM, CNMUB8S.DLL, CNMOP8S.DLL, CNMSB8S.DLL, CNB_3160.TBL, CNMP08S.DAT, CNMP18S.DAT, CNMP28S.DAT, CNMFU8S.DLL, CNMLH8S.DLL, CNMPV8S.DLL, CNMSE8S.EXE, CNMBU8S.DLL, CNMBM8S.DLL, CNMBS8S.DLL, CNMVS8S.DLL, CNMW38S.DLL, CNMLR8S0.411, CNMUR8S0.411, CNMSR8S0.411, CNMMH8S0.411, CNMSH8S0.411, CNMIH8S0.411, CNMLR8S0.40c, CNMUR8S0.40c, CNMSR8S0.40c, CNMMH8S0.40c, CNMSH8S0.40c, CNMIH8S0.40c, CNMLR8S0.407, CNMUR8S0.407, CNMSR8S0.407, CNMMH8S0.407, CNMSH8S0.407, CNMIH8S0.407, CNMLR8S0.410, CNMUR8S0.410, CNMSR8S0.410, CNMMH8S0.410, CNMSH8S0.410, CNMIH8S0.410, CNMLR8S0.c0a, CNMUR8S0.c0a, CNMSR8S0.c0a, CNMMH8S0.c0a, CNMSH8S0.c0a, CNMIH8S0.c0a, CNMLR8S0.816, CNMUR8S0.816, CNMSR8S0.816, CNMMH8S0.816, CNMSH8S0.816, CNMIH8S0.816, CNMLR8S0.406, CNMUR8S0.406, CNMSR8S0.406, CNMMH8S0.406, CNMSH8S0.406, CNMIH8S0.406, CNMLR8S0.414, CNMUR8S0.414, CNMSR8S0.414, CNMMH8S0.414, CNMSH8S0.414, CNMIH8S0.414, CNMLR8S0.41D, CNMUR8S0.41D, CNMSR8S0.41D, CNMMH8S0.41D, CNMSH8S0.41D, CNMIH8S0.41D, CNMLR8S0.40b, CNMUR8S0.40b, CNMSR8S0.40b, CNMMH8S0.40b, CNMSH8S0.40b, CNMIH8S0.40b, CNMLR8S0.408, CNMUR8S0.408, CNMSR8S0.408, CNMMH8S0.408, CNMSH8S0.408, CNMIH8S0.408, CNMLR8S0.415, CNMUR8S0.415, CNMSR8S0.415, CNMMH8S0.415, CNMSH8S0.415, CNMIH8S0.415, CNMLR8S0.405, CNMUR8S0.405, CNMSR8S0.405, CNMMH8S0.405, CNMSH8S0.405, CNMIH8S0.405, CNMLR8S0.419, CNMUR8S0.419, CNMSR8S0.419, CNMMH8S0.419, CNMSH8S0.419, CNMIH8S0.419, CNMLR8S0.40e, CNMUR8S0.40e, CNMSR8S0.40e, CNMMH8S0.40e, CNMSH8S0.40e, CNMIH8S0.40e, CNMLR8S0.413, CNMUR8S0.413, CNMSR8S0.413, CNMMH8S0.413, CNMSH8S0.413, CNMIH8S0.413, CNMLR8S0.41F, CNMUR8S0.41F, CNMSR8S0.41F, CNMMH8S0.41F, CNMSH8S0.41F, CNMIH8S0.41F, CNMLR8S0.401, CNMUR8S0.401, CNMSR8S0.401, CNMMH8S0.401, CNMSH8S0.401, CNMIH8S0.401, CNMLR8S0.804, CNMUR8S0.804, CNMSR8S0.804, CNMMH8S0.804, CNMSH8S0.804, CNMIH8S0.804, CNMLR8S0.404, CNMUR8S0.404, CNMSR8S0.404, CNMMH8S0.404, CNMSH8S0.404, CNMIH8S0.404, CNMLR8S0.412, CNMUR8S0.412, CNMSR8S0.412, CNMMH8S0.412, CNMSH8S0.412, CNMIH8S0.412, CNMLR8S0.41E, CNMUR8S0.41E, CNMSR8S0.41E, CNMMH8S0.41E, CNMSH8S0.41E, CNMIH8S0.41E, CNMLR8S0.421, CNMUR8S0.421, CNMSR8S0.421, CNMMH8S0.421, CNMSH8S0.421, CNMIH8S0.421.Record Number: 2615
Source Name: Print
Time Written: 20091114144714.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: OMEN
Event Code: 20
Message: Драйвер принтера HP Color LaserJet CP1215 для Windows NT x86 Version-3 добавлен или обновлен. Файлы:- ZIMFDRV.DLL, ZSDNT5UI.DLL, SDcp1215.SDD, SDcp1215.CHM, XERCES-C.DLL, ZSUXML.DLL, ZJBIG.DLL, SDcp1215.UNZ, SDcp1215.DLL, SUcp1215.DLL, SUcp1215.VER, cp1215PQ.dll, HPAppUsg.dll, ZIMFPRNT.DLL, ZQDPRINT.DLL, ZSDIMF.DLL, ZSDDM.DLL, ZSDDMUI.DLL, ZSR.DLL, ZGDI.DLL, ZSPOOL.DLL, ZTAG.DLL, ZSD.DLL, ZIMF.DLL, SUcp1215.ent.Record Number: 2614
Source Name: Print
Time Written: 20091114144713.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: OMEN
Event Code: 20
Message: Драйвер принтера HP Color LaserJet CP1215 для Windows NT x86 Version-3 добавлен или обновлен. Файлы:- ZIMFDRV.DLL, ZSDNT5UI.DLL, SDcp1215.SDD, SDcp1215.CHM, XERCES-C.DLL, ZSUXML.DLL, ZJBIG.DLL, SDcp1215.UNZ, SDcp1215.DLL, SUcp1215.DLL, SUcp1215.VER, cp1215PQ.dll, HPAppUsg.dll, ZIMFPRNT.DLL, ZQDPRINT.DLL, ZSDIMF.DLL, ZSDDM.DLL, ZSDDMUI.DLL, ZSR.DLL, ZGDI.DLL, ZSPOOL.DLL, ZTAG.DLL, ZSD.DLL, ZIMF.DLL, SUcp1215.ent.Record Number: 2613
Source Name: Print
Time Written: 20091114144713.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEM=====Application event log=====
Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20091007161826.000000+180
Event Type: информация
User:Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20091007161824.000000+180
Event Type: информация
User:Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20091007161729.000000+180
Event Type: информация
User:Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20091007161715.000000+180
Event Type: информация
User:Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20091007161656.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesJavajre1.6.0_06libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.6.0_06libextQTJava.zip
EOF
новый лог
ComboFix 08-11-10.01 — Administrator 2008-11-16 19:53:02.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2592 [GMT 2:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.2008-11-16 13:30 . 2008-11-16 13:30
d
c:documents and settingsAll UsersApplication DataWebLogAnalyzer
2008-11-15 21:38 . 2008-11-15 21:40d
c:documents and settingsAdministratorApplication DataVKLife
2008-11-13 16:16 . 2008-11-16 19:50d
C:WebServers
2008-11-12 14:21 . 2008-11-12 14:21d
c:program filesYandex
2008-11-12 14:21 . 2008-11-12 14:21d
c:program filesCommon FilesYandex
2008-11-12 14:21 . 2008-11-12 14:21d
c:documents and settingsAdministratorApplication DataYandex
2008-11-11 14:26 . 2008-11-14 18:51d
c:windowssystem32Filt
2008-11-11 14:26 . 2008-11-11 14:26d
c:program filesAgnitum
2008-11-11 14:26 . 2008-11-11 14:26d
c:documents and settingsAll UsersApplication DataAgnitum
2008-11-11 14:26 . 2008-07-04 14:44 672,896 —a
c:windowssystem32driversSandBox.sys
2008-11-11 14:26 . 2008-06-30 17:16 234,640 —a
c:windowssystem32driversafwcore.sys
2008-11-11 14:26 . 2008-06-30 17:16 30,864 —a
c:windowssystem32driversafw.sys
2008-11-11 14:26 . 2007-10-25 19:17 49 —a
c:windowstransp.gif
2008-11-11 11:29 . 2008-11-12 00:17d
c:program filesSpybot — Search & Destroy
2008-11-11 11:29 . 2008-11-12 00:19d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-11-11 03:49 . 2008-11-11 03:49d
c:program filesTrend Micro
2008-11-11 03:39 . 2008-11-11 03:39d
c:program filesMalwarebytes’ Anti-Malware
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAdministratorApplication DataMalwarebytes
2008-11-11 03:39 . 2008-10-22 16:10 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2008-11-11 03:39 . 2008-10-22 16:10 15,504 —a
c:windowssystem32driversmbam.sys
2008-11-11 01:12 . 2008-11-11 01:12d
c:documents and settingsAll UsersApplication DataYahoo! Companion
2008-11-11 01:06 . 2008-11-11 01:06d
c:program filesYahoo!
2008-11-11 01:06 . 2008-11-11 01:07d
c:program filesCCleaner
2008-11-11 01:04 . 2008-11-11 01:06d
c:program filesRegCleaner
2008-11-09 18:32 . 2008-11-09 18:35d
c:program filesNotepad++
2008-11-09 18:32 . 2008-11-09 18:35d
c:documents and settingsAdministratorApplication DataNotepad++
2008-11-09 17:15 . 2008-11-09 17:15d
c:documents and settingsAdministrator.borland
2008-11-09 17:03 . 2008-11-09 17:03d
c:documents and settingsAdministratorWINDOWS
2008-11-09 16:57 . 2008-11-09 17:00d
c:program filesCommon FilesBorland Shared
2008-11-09 16:57 . 2008-11-09 17:01d
c:program filesBorland
2008-11-09 16:49 . 2001-11-29 01:50 430,080 —a
c:windowssystem32ibmgr.cpl
2008-11-09 16:49 . 2001-11-29 01:50 376,832 —a
c:windowssystem32gds32.dll
2008-11-09 16:49 . 2001-11-29 01:50 177,152 —a
c:windowssystem32ibinstall.dll
2008-11-09 16:49 . 2001-11-29 01:50 28,672 —a
c:windowssystem32ibxml.dll
2008-11-09 16:09 . 2008-11-09 16:09d
c:program filesLavasoft
2008-11-09 16:09 . 2008-11-09 16:24d
c:documents and settingsAll UsersApplication DataLavasoft
2008-11-09 16:08 . 2008-11-09 16:08d
c:program filesCommon FilesWise Installation Wizard
2008-11-09 13:25 . 2008-11-09 13:26d
c:documents and settingsAdministratorApplication DataCTdeveloping
2008-11-09 13:13 . 2008-11-09 17:03d
c:program filesTotal PDF ConverterX
2008-11-09 13:11 . 2008-11-09 13:12 180 —a
c:windowspdf2word.INI
2008-11-08 01:38 . 2008-11-11 03:24d
c:documents and settingsAdministratorGoogle
2008-11-08 01:37 . 2008-11-11 01:39d
c:program filesGoogle
2008-11-07 07:54 . 2008-11-07 07:55 22,328 —a
c:windowssystem32driversPnkBstrK.sys
2008-11-07 07:53 . 2008-11-07 07:55 103,736 —a
c:windowssystem32PnkBstrB.exe
2008-11-07 07:53 . 2008-11-07 07:53 66,872 —a
c:windowssystem32PnkBstrA.exe
2008-11-07 01:19 . 2008-11-07 01:45d
c:program filesNeed for Speed ProStreet
2008-11-03 17:11 . 2008-11-15 23:22 69 —a
c:windowsNeroDigital.ini
2008-10-30 14:24 . 2008-10-30 14:24d
c:program fileshexplorer
2008-10-30 14:24 . 2008-11-12 11:33 1,080 —a
c:documents and settingsAdministratorApplication Datahexplorer.dat
2008-10-30 14:24 . 2008-11-12 11:33 25 —a
c:documents and settingsAdministratorApplication Datamclip.dat
2008-10-30 14:08 . 2008-10-30 14:08d
c:windowssystem32XPSViewer
2008-10-30 14:08 . 2008-10-30 14:08d
c:program filesReference Assemblies
2008-10-30 14:07 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-10-28 20:55 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2008-10-28 20:54 . 2008-10-30 14:08d
c:program filesMSBuild
2008-10-28 20:54 . 2008-10-28 20:54d
c:program filesMicrosoft Works
2008-10-28 20:53 . 2008-10-28 20:53d
c:program filesMicrosoft.NET
2008-10-28 20:52 . 2008-10-28 20:52d
c:program filesMicrosoft Visual Studio 8
2008-10-28 20:51 . 2008-10-28 20:54d
c:windowsSHELLNEW
2008-10-28 20:51 . 2008-10-28 20:55d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-28 20:50 . 2008-10-28 20:50dr-h
C:MSOCache
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesfree-downloads.net
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesConduit
2008-10-28 20:40 . 2008-10-28 20:40d
c:program filesAlcohol Soft
2008-10-28 20:36 . 2008-10-28 20:39 716,272 —a
c:windowssystem32driverssptd.sys
2008-10-28 07:40 . 2008-11-16 19:21d
c:documents and settingsAdministratorApplication DataWebMoney
2008-10-28 07:38 . 2008-10-28 07:38d
c:program filesWebMoney Agent
2008-10-28 07:38 . 2008-11-16 13:20d
c:program filesWebMoney
2008-10-28 07:38 . 2008-11-16 19:52d-a
c:documents and settingsAll UsersApplication DataTEMP
2008-10-27 12:56 . 2008-10-27 12:56d
c:program filesRndLabs
2008-10-27 07:51 . 2008-10-27 07:51d
c:documents and settingsAdministratorApplication DataGlobalSCAPE
2008-10-26 18:27 . 2008-10-26 18:27d
c:documents and settingsAdministratorApplication DataAvira
2008-10-26 08:16 . 2008-10-26 08:16d
c:documents and settingsAdministratorApplication DataBSplayer PRO
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAll UsersApplication DataScreaming Bee
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAdministratorApplication DataScreaming Bee
2008-10-26 00:04 . 2008-11-15 14:01d
c:documents and settingsAdministratorApplication DataDownload Master
2008-10-25 23:14 . 2008-10-25 23:14d
c:documents and settingsAdministratorApplication DataGRETECH
2008-10-25 19:33 . 2008-11-07 21:31d
c:program fileseMule
2008-10-24 14:51 . 2008-11-07 09:16d
c:documents and settingsAdministratorApplication DataU3
2008-10-24 11:10 . 2008-11-14 12:51 38 —a
c:windowsavisplitter.INI
2008-10-22 18:42 . 2008-10-22 18:42d
c:program filesNetPromoter
2008-10-21 13:16 . 2008-10-21 14:47d
c:documents and settingsAdministratorApplication DataMedia Player Classic
2008-10-21 13:16 . 2008-07-04 08:34 860,160 —a
c:windowssystem32lameACM.acm
2008-10-21 13:16 . 2007-09-04 18:56 164,352 —a
c:windowssystem32unrar.dll
2008-10-21 13:16 . 2007-10-03 17:03 414 —a
c:windowssystem32lame_acm.xml
2008-10-21 13:15 . 2008-10-21 13:15d
c:program filesK-Lite Codec Pack
2008-10-21 13:15 . 2008-05-23 00:22 3,596,288 —a
c:windowssystem32qt-dx331.dll
2008-10-21 13:15 . 2008-01-10 14:15 755,027 —a
c:windowssystem32xvidcore.dll
2008-10-21 13:15 . 2008-05-31 01:22 683,520 —a
c:windowssystem32divx.dll
2008-10-21 13:15 . 2004-01-12 00:00 348,160 —a
c:windowssystem32msvcr71.dll
2008-10-21 13:15 . 2004-01-25 18:18 217,088 —a
c:windowssystem32yv12vfw.dll
2008-10-21 13:15 . 2008-01-10 14:16 159,839 —a
c:windowssystem32xvidvfw.dll
2008-10-21 13:15 . 2007-09-21 02:52 118,784 —a
c:windowssystem32ac3acm.acm
2008-10-21 13:15 . 2008-05-23 00:19 81,920 —a
c:windowssystem32dpl100.dll
2008-10-21 13:15 . 2008-06-12 20:36 7,680 —a
c:windowssystem32ff_vfw.dll
2008-10-21 13:15 . 2007-07-10 18:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2008-10-21 12:46 . 2008-10-21 12:46d
c:program filesWebteh
2008-10-20 12:45 . 2008-10-20 12:45d
c:program filesLanTricks
2008-10-18 08:15 . 2004-08-03 22:08 26,496 —a—c— c:windowssystem32dllcacheusbstor.sys
2008-10-17 13:24 . 2008-10-17 13:24d
c:program filesGuitar Pro 5
2008-10-16 23:44 . 2008-10-16 23:44d
c:program filesOpera
2008-10-16 19:35 . 2008-11-11 15:26d
C:Downloads
2008-10-16 19:34 . 2008-10-16 19:34d
c:program filesDownload Master
2008-10-16 13:49 . 2008-10-16 13:49d
c:documents and settingsAdministratorApplication DataVyPRESS
2008-10-16 06:22 . 2008-10-16 06:22d
c:windowsRaidTool
2008-10-16 06:22 . 2007-03-28 09:25 1,953,792 -r
c:windowssystem32xRaidSetup.exe
2008-10-16 06:22 . 2007-03-28 09:26 143,360 -r
c:windowssystem32xRaidAPI.dll
2008-10-16 06:22 . 2006-02-07 13:52 6,912 -ra
c:windowssystem32driversJGOGO.sys
2008-10-16 01:40 . 2008-11-16 13:30d
c:program filesWebLogAnalyzer
2008-10-16 00:19 . 2008-10-16 00:19d
c:documents and settingsAll UsersApplication DataFLEXnet
2008-10-16 00:14 . 2008-10-16 00:14d
c:program filesBonjour
2008-10-16 00:09 . 2008-10-16 00:09d
c:program filesCommon FilesMacrovision Shared
2008-10-16 00:08 . 2008-10-16 03:36d
c:program filesCommon FilesAdobe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 14:05
d
w c:documents and settingsAdministratorApplication DataThe Bat!
2008-11-09 15:04
d
w c:program filesMinilyrics
2008-11-09 15:01
d
w c:program filesWinamp
2008-11-07 14:05
d
w c:program filesTotal Commander
2008-10-24 18:57
d
w c:program filesUnlocker
2008-10-22 16:42
d—h—w c:program filesInstallShield Installation Information
2008-10-15 21:52
d
w c:documents and settingsAll UsersApplication DataGlobalSCAPE
2008-10-15 21:51
d
w c:program filesGlobalSCAPE
2008-10-15 21:51
d
w c:program filesCommon FilesInstallShield
2008-10-15 19:41
d
w c:documents and settingsAdministratorApplication DataWinamp
2008-10-15 19:11
d
w c:program filesQIP
2008-10-15 18:16
d
w c:program filesThe Bat!
2008-10-15 18:14
d
w c:program filesAvira
2008-10-15 18:14
d
w c:documents and settingsAll UsersApplication DataAvira
2008-10-15 18:10 315,392 —-a-w c:windowsHideWin.exe
2008-10-15 18:10
d
w c:program filesRealtek
2008-10-15 18:06
d
w c:program filesIntel
2008-10-15 18:03
d
w c:program filesMy Company Name
2008-10-15 17:57 67,654 —-a-w c:windowsBricoPackUninst.cmd
2008-10-15 17:57 5,683 —-a-w c:windowsBricoPackFoldersDelete.cmd
2008-10-15 17:57 218,624 —-a-w c:windowssystem32uxtheme.dll
2008-10-15 17:55
d
w c:program filesQuickTime
2008-10-15 17:55
d
w c:program filesIrfanView
2008-10-15 17:55
d
w c:program filesGRETECH
2008-10-15 17:54 25,992 —-a-w c:windowssystem32pgdfgsvc.exe
2008-10-15 17:54
d
w c:program filesSysinternals
2008-10-15 17:54
d
w c:program filesDRV
2008-10-15 17:53
d
w c:program filesWindows Media Connect 2
2008-10-15 17:44
d
w c:program filesmicrosoft frontpage
2008-10-15 17:39
d
w c:program filesMicrosoft PowerToys
2008-10-15 17:39
d
w c:program filesHashTab Shell Extension
2008-10-02 16:15
d
w c:program filesCommon FilesNero
2008-10-02 16:15
d
w c:documents and settingsAdministratorApplication DataNero
2008-10-02 16:14
d
w c:program filesNero
2008-10-02 16:14
d
w c:documents and settingsAll UsersApplication DataNero
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3286016]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-02-22 217544]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-06-24 1840424]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-09-01 479496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-04 8523776]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-04 81920]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Premiumavgnt.exe» [2008-06-12 266497]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-07-09 36352]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-28 1953792]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2008-06-19 570664]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2008-06-08 2221352]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-04 1159496]
«nwiz»=»nwiz.exe» [2007-12-04 c:windowssystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2007-07-05 c:windowsRTHDCPL.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_3″=»advpack.dll» [2006-10-17 c:windowssystem32advpack.dll]c:documents and settingsAdministratorStart MenuProgramsStartup
Create virtual drive for Denwer.lnk — c:webserversdenwerBoot.exe [2008-11-13 6656]
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2007-06-25 2893800]
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.divxa32″= msaud32_divx.acm[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«d:\раб\New Folder\Vypress Chat\VyChat.exe»=
«d:\Игры\1.6\hl.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=R1 SandBox;SandBox;c:windowssystem32DRIVERSSandBox.sys [2008-07-04 672896]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2008-07-04 1238344]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:program filesAviraAntiVir PersonalEdition Premiumavmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:program filesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Вспомогательная служба Avira AntiVir Premium MailGuard (Защита почты);c:program filesAviraAntiVir PersonalEdition Premiumavesvc.exe [2008-05-09 41217]
R3 afw;Agnitum firewall driver;c:windowssystem32DRIVERSafw.sys [2008-06-30 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2008-06-30 234640]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2008-07-04 33408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [ ]
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 19:54:48
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-11-16 19:55:22
ComboFix-quarantined-files.txt 2008-11-16 17:55:20
ComboFix2.txt 2008-11-11 22:21:57
ComboFix3.txt 2008-11-10 23:42:47Pre-Run: 1 860 644 864 bytes free
Post-Run: 1,865,867,264 bytes free248
спасибо за такой полный ответ, как только приеду домой обязательно проделаю все действия и отпишу о результате
вот лог
ComboFix 08-11-10.01 — Administrator 2008-11-12 0:15:04.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2751 [GMT 2:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.2008-11-11 14:26 . 2008-11-11 18:38
d
c:windowssystem32Filt
2008-11-11 14:26 .c:windowsLastGood.Tmp
2008-11-11 14:26 . 2008-11-11 14:26d
c:program filesAgnitum
2008-11-11 14:26 . 2008-11-11 14:26d
c:documents and settingsAll UsersApplication DataAgnitum
2008-11-11 14:26 . 2008-07-04 14:44 672,896 —a
c:windowssystem32driversSandBox.sys
2008-11-11 14:26 . 2008-06-30 17:16 234,640 —a
c:windowssystem32driversafwcore.sys
2008-11-11 14:26 . 2008-06-30 17:16 30,864 —a
c:windowssystem32driversafw.sys
2008-11-11 14:26 . 2007-10-25 19:17 49 —a
c:windowstransp.gif
2008-11-11 11:29 . 2008-11-12 00:17d
c:program filesSpybot — Search & Destroy
2008-11-11 11:29 . 2008-11-12 00:19d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-11-11 03:49 . 2008-11-11 03:49d
c:program filesTrend Micro
2008-11-11 03:39 . 2008-11-11 03:39d
c:program filesMalwarebytes’ Anti-Malware
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-11 03:39 . 2008-11-11 03:39d
c:documents and settingsAdministratorApplication DataMalwarebytes
2008-11-11 03:39 . 2008-10-22 16:10 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2008-11-11 03:39 . 2008-10-22 16:10 15,504 —a
c:windowssystem32driversmbam.sys
2008-11-11 01:12 . 2008-11-11 01:12d
c:documents and settingsAll UsersApplication DataYahoo! Companion
2008-11-11 01:06 . 2008-11-11 01:06d
c:program filesYahoo!
2008-11-11 01:06 . 2008-11-11 01:07d
c:program filesCCleaner
2008-11-11 01:04 . 2008-11-11 01:06d
c:program filesRegCleaner
2008-11-09 18:32 . 2008-11-09 18:35d
c:program filesNotepad++
2008-11-09 18:32 . 2008-11-09 18:35d
c:documents and settingsAdministratorApplication DataNotepad++
2008-11-09 17:15 . 2008-11-09 17:15d
c:documents and settingsAdministrator.borland
2008-11-09 17:03 . 2008-11-09 17:03d
c:documents and settingsAdministratorWINDOWS
2008-11-09 16:57 . 2008-11-09 17:00d
c:program filesCommon FilesBorland Shared
2008-11-09 16:57 . 2008-11-09 17:01d
c:program filesBorland
2008-11-09 16:49 . 2001-11-29 01:50 430,080 —a
c:windowssystem32ibmgr.cpl
2008-11-09 16:49 . 2001-11-29 01:50 376,832 —a
c:windowssystem32gds32.dll
2008-11-09 16:49 . 2001-11-29 01:50 177,152 —a
c:windowssystem32ibinstall.dll
2008-11-09 16:49 . 2001-11-29 01:50 28,672 —a
c:windowssystem32ibxml.dll
2008-11-09 16:09 . 2008-11-09 16:09d
c:program filesLavasoft
2008-11-09 16:09 . 2008-11-09 16:24d
c:documents and settingsAll UsersApplication DataLavasoft
2008-11-09 16:08 . 2008-11-09 16:08d
c:program filesCommon FilesWise Installation Wizard
2008-11-09 13:25 . 2008-11-09 13:26d
c:documents and settingsAdministratorApplication DataCTdeveloping
2008-11-09 13:13 . 2008-11-09 17:03d
c:program filesTotal PDF ConverterX
2008-11-09 13:11 . 2008-11-09 13:12 180 —a
c:windowspdf2word.INI
2008-11-08 01:38 . 2008-11-11 03:24d
c:documents and settingsAdministratorGoogle
2008-11-08 01:37 . 2008-11-11 01:39d
c:program filesGoogle
2008-11-07 07:54 . 2008-11-07 07:55 22,328 —a
c:windowssystem32driversPnkBstrK.sys
2008-11-07 07:53 . 2008-11-07 07:55 103,736 —a
c:windowssystem32PnkBstrB.exe
2008-11-07 07:53 . 2008-11-07 07:53 66,872 —a
c:windowssystem32PnkBstrA.exe
2008-11-07 01:19 . 2008-11-07 01:45d
c:program filesNeed for Speed ProStreet
2008-11-03 17:11 . 2008-11-11 12:05 69 —a
c:windowsNeroDigital.ini
2008-10-30 14:24 . 2008-10-30 14:24d
c:program fileshexplorer
2008-10-30 14:24 . 2008-11-06 12:26 1,080 —a
c:documents and settingsAdministratorApplication Datahexplorer.dat
2008-10-30 14:24 . 2008-11-06 12:26 25 —a
c:documents and settingsAdministratorApplication Datamclip.dat
2008-10-30 14:08 . 2008-10-30 14:08d
c:windowssystem32XPSViewer
2008-10-30 14:08 . 2008-10-30 14:08d
c:program filesReference Assemblies
2008-10-30 14:07 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-10-28 20:55 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2008-10-28 20:54 . 2008-10-30 14:08d
c:program filesMSBuild
2008-10-28 20:54 . 2008-10-28 20:54d
c:program filesMicrosoft Works
2008-10-28 20:53 . 2008-10-28 20:53d
c:program filesMicrosoft.NET
2008-10-28 20:52 . 2008-10-28 20:52d
c:program filesMicrosoft Visual Studio 8
2008-10-28 20:51 . 2008-10-28 20:54d
c:windowsSHELLNEW
2008-10-28 20:51 . 2008-10-28 20:55d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-10-28 20:50 . 2008-10-28 20:50dr-h
C:MSOCache
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesfree-downloads.net
2008-10-28 20:41 . 2008-11-11 01:13d
c:program filesConduit
2008-10-28 20:40 . 2008-10-28 20:40d
c:program filesAlcohol Soft
2008-10-28 20:36 . 2008-10-28 20:39 716,272 —a
c:windowssystem32driverssptd.sys
2008-10-28 07:40 . 2008-11-12 00:01d
c:documents and settingsAdministratorApplication DataWebMoney
2008-10-28 07:38 . 2008-10-28 07:38d
c:program filesWebMoney Agent
2008-10-28 07:38 . 2008-10-28 07:38d
c:program filesWebMoney
2008-10-28 07:38 . 2008-11-12 00:10d-a
c:documents and settingsAll UsersApplication DataTEMP
2008-10-27 12:56 . 2008-10-27 12:56d
c:program filesRndLabs
2008-10-27 07:51 . 2008-10-27 07:51d
c:documents and settingsAdministratorApplication DataGlobalSCAPE
2008-10-26 18:27 . 2008-10-26 18:27d
c:documents and settingsAdministratorApplication DataAvira
2008-10-26 08:16 . 2008-10-26 08:16d
c:documents and settingsAdministratorApplication DataBSplayer PRO
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAll UsersApplication DataScreaming Bee
2008-10-26 02:54 . 2008-10-26 02:54d
c:documents and settingsAdministratorApplication DataScreaming Bee
2008-10-26 00:04 . 2008-10-27 12:38d
c:documents and settingsAdministratorApplication DataDownload Master
2008-10-25 23:14 . 2008-10-25 23:14d
c:documents and settingsAdministratorApplication DataGRETECH
2008-10-25 19:33 . 2008-11-07 21:31d
c:program fileseMule
2008-10-24 14:51 . 2008-11-07 09:16d
c:documents and settingsAdministratorApplication DataU3
2008-10-24 11:10 . 2008-10-01 17:44 38 —a
c:windowsavisplitter.INI
2008-10-22 18:42 . 2008-10-22 18:42d
c:program filesNetPromoter
2008-10-21 13:16 . 2008-10-21 14:47d
c:documents and settingsAdministratorApplication DataMedia Player Classic
2008-10-21 13:16 . 2008-07-04 08:34 860,160 —a
c:windowssystem32lameACM.acm
2008-10-21 13:16 . 2007-09-04 18:56 164,352 —a
c:windowssystem32unrar.dll
2008-10-21 13:16 . 2007-10-03 17:03 414 —a
c:windowssystem32lame_acm.xml
2008-10-21 13:15 . 2008-10-21 13:15d
c:program filesK-Lite Codec Pack
2008-10-21 13:15 . 2008-05-23 00:22 3,596,288 —a
c:windowssystem32qt-dx331.dll
2008-10-21 13:15 . 2008-01-10 14:15 755,027 —a
c:windowssystem32xvidcore.dll
2008-10-21 13:15 . 2008-05-31 01:22 683,520 —a
c:windowssystem32divx.dll
2008-10-21 13:15 . 2004-01-12 00:00 348,160 —a
c:windowssystem32msvcr71.dll
2008-10-21 13:15 . 2004-01-25 18:18 217,088 —a
c:windowssystem32yv12vfw.dll
2008-10-21 13:15 . 2008-01-10 14:16 159,839 —a
c:windowssystem32xvidvfw.dll
2008-10-21 13:15 . 2007-09-21 02:52 118,784 —a
c:windowssystem32ac3acm.acm
2008-10-21 13:15 . 2008-05-23 00:19 81,920 —a
c:windowssystem32dpl100.dll
2008-10-21 13:15 . 2008-06-12 20:36 7,680 —a
c:windowssystem32ff_vfw.dll
2008-10-21 13:15 . 2007-07-10 18:10 547 —a
c:windowssystem32ff_vfw.dll.manifest
2008-10-21 12:46 . 2008-10-21 12:46d
c:program filesWebteh
2008-10-20 12:45 . 2008-10-20 12:45d
c:program filesLanTricks
2008-10-18 08:15 . 2004-08-03 22:08 26,496 —a—c— c:windowssystem32dllcacheusbstor.sys
2008-10-17 13:24 . 2008-10-17 13:24d
c:program filesGuitar Pro 5
2008-10-16 23:44 . 2008-10-16 23:44d
c:program filesOpera
2008-10-16 19:35 . 2008-11-11 15:26d
C:Downloads
2008-10-16 19:34 . 2008-10-16 19:34d
c:program filesDownload Master
2008-10-16 13:49 . 2008-10-16 13:49d
c:documents and settingsAdministratorApplication DataVyPRESS
2008-10-16 06:22 . 2008-10-16 06:22d
c:windowsRaidTool
2008-10-16 06:22 . 2007-03-28 09:25 1,953,792 -r
c:windowssystem32xRaidSetup.exe
2008-10-16 06:22 . 2007-03-28 09:26 143,360 -r
c:windowssystem32xRaidAPI.dll
2008-10-16 06:22 . 2006-02-07 13:52 6,912 -ra
c:windowssystem32driversJGOGO.sys
2008-10-16 01:40 . 2008-10-16 01:40d
c:program filesWebLogAnalyzer
2008-10-16 00:19 . 2008-10-16 00:19d
c:documents and settingsAll UsersApplication DataFLEXnet
2008-10-16 00:14 . 2008-10-16 00:14d
c:program filesBonjour
2008-10-16 00:09 . 2008-10-16 00:09d
c:program filesCommon FilesMacrovision Shared
2008-10-16 00:08 . 2008-10-16 03:36d
c:program filesCommon FilesAdobe
2008-10-15 23:52 . 2008-10-15 23:52d
c:documents and settingsAll UsersApplication DataGlobalSCAPE
2008-10-15 23:51 . 2008-10-15 23:51d
c:program filesGlobalSCAPE
2008-10-15 21:39 . 2008-10-15 21:41d
c:documents and settingsAdministratorApplication DataWinamp
2008-10-15 20:19 . 2008-11-11 20:29d
c:documents and settingsAdministratorApplication DataThe Bat!.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 15:04
d
w c:program filesMinilyrics
2008-11-09 15:01
d
w c:program filesWinamp
2008-11-07 14:05
d
w c:program filesTotal Commander
2008-10-24 18:57
d
w c:program filesUnlocker
2008-10-22 16:42
d—h—w c:program filesInstallShield Installation Information
2008-10-15 21:51
d
w c:program filesCommon FilesInstallShield
2008-10-15 19:11
d
w c:program filesQIP
2008-10-15 18:16
d
w c:program filesThe Bat!
2008-10-15 18:14
d
w c:program filesAvira
2008-10-15 18:14
d
w c:documents and settingsAll UsersApplication DataAvira
2008-10-15 18:10 315,392 —-a-w c:windowsHideWin.exe
2008-10-15 18:10
d
w c:program filesRealtek
2008-10-15 18:06
d
w c:program filesIntel
2008-10-15 18:03
d
w c:program filesMy Company Name
2008-10-15 17:57 67,654 —-a-w c:windowsBricoPackUninst.cmd
2008-10-15 17:57 5,683 —-a-w c:windowsBricoPackFoldersDelete.cmd
2008-10-15 17:57 218,624 —-a-w c:windowssystem32uxtheme.dll
2008-10-15 17:55
d
w c:program filesQuickTime
2008-10-15 17:55
d
w c:program filesIrfanView
2008-10-15 17:55
d
w c:program filesGRETECH
2008-10-15 17:54 25,992 —-a-w c:windowssystem32pgdfgsvc.exe
2008-10-15 17:54
d
w c:program filesSysinternals
2008-10-15 17:54
d
w c:program filesDRV
2008-10-15 17:53
d
w c:program filesWindows Media Connect 2
2008-10-15 17:44
d
w c:program filesmicrosoft frontpage
2008-10-15 17:39
d
w c:program filesMicrosoft PowerToys
2008-10-15 17:39
d
w c:program filesHashTab Shell Extension
2008-10-02 16:15
d
w c:program filesCommon FilesNero
2008-10-02 16:15
d
w c:documents and settingsAdministratorApplication DataNero
2008-10-02 16:14
d
w c:program filesNero
2008-10-02 16:14
d
w c:documents and settingsAll UsersApplication DataNero
.((((((((((((((((((((((((((((( snapshot@2008-11-11_ 1.41.06,09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 —-a-w c:windowsERDNTsubsERDNT.EXE
+ 2008-07-04 12:45:26 33,408 —-a-w c:windowssystem32FiltASWFilt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3286016]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-02-22 217544]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-06-24 1840424]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-04 8523776]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-04 81920]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Premiumavgnt.exe» [2008-06-12 266497]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-07-09 36352]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-28 1953792]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2008-06-19 570664]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2008-06-08 2221352]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-04 1159496]
«nwiz»=»nwiz.exe» [2007-12-04 c:windowssystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2007-07-05 c:windowsRTHDCPL.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_3″=»advpack.dll» [2006-10-17 c:windowssystem32advpack.dll]c:documents and settingsAdministratorStart MenuProgramsStartup
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2007-06-25 2893800]
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.divxa32″= msaud32_divx.acm[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«d:\раб\New Folder\Vypress Chat\VyChat.exe»=
«d:\Игры\1.6\hl.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=R1 SandBox;SandBox;c:windowssystem32DRIVERSSandBox.sys [2008-07-04 672896]
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2008-07-04 1238344]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:program filesAviraAntiVir PersonalEdition Premiumavmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:program filesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Вспомогательная служба Avira AntiVir Premium MailGuard (Защита почты);c:program filesAviraAntiVir PersonalEdition Premiumavesvc.exe [2008-05-09 41217]
R3 afw;Agnitum firewall driver;c:windowssystem32DRIVERSafw.sys [2008-06-30 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2008-06-30 234640]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2008-07-04 33408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [ ][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
ShellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0586fa27-9b3a-11dd-99c6-001e90cdde4b}]
ShellAutoRuncommand — H:
ShellExploreCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
ShellFindCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
ShellOpenCommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56f7-a1bc-11dd-99cc-001e90cdde4b}]
ShellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56f8-a1bc-11dd-99cc-001e90cdde4b}]
ShellAutoRuncommand — H:xdpyjb.exe
ShellexploreCommand — H:xdpyjb.exe
ShellopenCommand — H:xdpyjb.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2beb56fd-a1bc-11dd-99cc-001e90cdde4b}]
ShellAutoRuncommand — F:xdpyjb.exe
ShellexploreCommand — F:xdpyjb.exe
ShellopenCommand — F:xdpyjb.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{68d8ca9f-a069-11dd-99ca-001e90cdde4b}]
ShellAutoRuncommand — F:bo1dhu.bat
ShellexploreCommand — F:bo1dhu.bat
ShellopenCommand — F:bo1dhu.bat[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bca0243d-9fb3-11dd-99c9-001e90cdde4b}]
ShellAutoRuncommand — xdpyjb.exe
ShellexploreCommand — xdpyjb.exe
ShellopenCommand — xdpyjb.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f7ccaaa1-a51f-11dd-99d6-001e90cdde4b}]
ShellAutoRuncommand — F:start.exe*Newly Created Service* — AFWCORE
.
.
Supplementary Scan
.
FireFox -: Profile — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfilesphsvhf6l.default
FireFox -: prefs.js — SEARCH.DEFAULTURL — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin — c:program filesOperaprogrampluginsNPOFF12.DLL
FF -: plugin — c:program filesYahoo!Commonnpyaxmpb.dll
FF -: plugin — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 00:18:10
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
PROCESS: c:windowsexplorer.exe
-> c:program filesUnlockerUnlockerHook.dll
.
Other Running Processes
.
c:program filesLavasoftAd-Awareaawservice.exe
c:program filesAviraAntiVir PersonalEdition Premiumsched.exe
c:windowssystem32rundll32.exe
c:program filesAviraAntiVir PersonalEdition Premiumavguard.exe
c:program filesBonjourmDNSResponder.exe
c:program filesBorlandInterBasebinibguard.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32IoctlSvc.exe
c:windowssystem32PnkBstrA.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesBorlandInterBasebinibserver.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-12 0:21:55 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 22:21:51
ComboFix2.txt 2008-11-10 23:42:47Pre-Run: 3 928 748 032 bytes free
Post-Run: 3,846,152,192 bytes free295
