Scan saved at 18:34:25, on 8/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Virtual CD v4\System\VCDTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\a8515bae.exe,C:\WINDOWS\system32\ldmzeg.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Закачать все при помощи FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Закачать при помощи FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2AA73A7-6599-454A-A14E-69BA1EFE31B6}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E9FB0-7884-4F26-AA00-A3B12E1E41F9}: NameServer = 212.188.4.10,195.34.32.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mt41hub - Invalid registry found
O20 - Winlogon Notify: WinCtrl32 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\SAG\Application Data\Mikogo\B-Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
--
End of file - 7899 bytes
uninstalllist:
7-Zip 4.57
ACDSee 9 Photo Manager
Ace DivX Player
Active File Compare 2.0 beta 1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0
Anti Trojan Elite 3.9.4
AP Tuner 3.08
ArtMoney PRO v7.27
Borland Delphi 7
Copy Utility
CSL ARM Toolchain (arm-symbianelf) 2005-Q1C
DivX Codec
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
Extensis pxl SmartScale 1.0
FAR file manager
FlashGet 1.9.6.1073
Free Colored ScrollBars 2.2
Full Tilt Poker
GameSpy Arcade
GIMP 2.4.2
Hamachi 1.0.3.0
Heroes III SaveEditor
Heroes of Migth and Magic 3: World Tournament 0.32
Hex-Rays Decompiler v1.0
HiJackThis
Hotfix for Windows XP (KB909394)
ICM Trainer Light
ICQ
IDA Pro Advanced v5.2 with WinCE v5.0 debugger
IrfanView (remove only)
Java 2 Runtime Environment Standard Edition v1.2.2
Java(TM) 6 Update 21
Leaf
McAfee SecurityCenter
MetaTrader 4.00
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 4.0
Microsoft Office - i?ioanneiiaeuiue auione aa?nee 2003
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Visual Studio 2005 Tools for Office Runtime
Mikogo
Miranda IM 0.8.1
Mozilla Firefox (2.0.0.
MSXML 6.0 Parser (KB925673)
Parimatch
PartyPoker
PocketPref
PokerStars
PowerDVD
PROMT Expert 8 Giant Try-Buy
QuickTime
Radmin Server 3.3
S60 3rd Edition FP1 SDK for Symbian OS
Samsung Media Studio
ScanToWeb
Skype™ 4.0
Smart Web Builder 1.53
Spider Player 2.3.1.3
Undelete Plus 2.94
Virtual CD v4
Visual Studio 2005 Tools for Office Second Edition Runtime
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
yandexmaps
problem description:
i had Kaspersky AVP 9.0, however my PC was infected with at least 10 viruses and trojans. Few to mention:
- backdoor.zapinit.88
- backdoor.zapinit.46
- trojan.rvz.10
- trojan.winspy.921
- win32.hllw.okamai
these 10 viruses were cured/deleted by DrWEB antivirus.
After reboot my PC became very slow. Booting took +5 more minutes than usual. Access to many antivirus websites was denied (i made "route -f", rebooted and now i have access to any websites as usual).
Then i uninstalled Kaspersky antivirus and installed McAfee Security Center.
Still following problems occur:
1) booting is very slow, +5 more minutes than usual.
2) CPU usage is almost all the time 100%, so PC is very slow. Most of CPU usage by process rapimgr.exe
my system info: CPU Pentium 4 , 1400MHz, RAM 256MB, Windows XP SP2