- This topic has 9 ответов, 2 участника, and was last updated 15 years, 9 months назад by
.
-
Сообщения
-
Здравствуйте. Хелп, SOS. НЕвозможно войти в безопасный режим, появляется голубой экран. в произвольных местах появляются скрытые папки recycler, System Volume Information и другие, удалить невозможно. SUPERAntiSpyware выявляет 540 вирусов в регистре…
Прошелся RSITом вот что получилось:Это туда же..
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Oleg at 2010-01-12 21:47:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (34%) free of 114 GB
Total RAM: 1023 MB (43% free)Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:reg
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"restorer32_a"=-
"Regedit32"=-
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
""=-
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"MyWebSearch Email Plugin"=-
:files
C:WINDOWSsystem32GCDED.tmp.exe
C:WINDOWSsystem32GF15D.tmp.exe
C:WINDOWSsystem32servm32.exe
C:WINDOWSsystem32GD628.tmp.exe
C:WINDOWSsystem32G2B03.tmp.exe
:Commands
[emptytemp]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
Здравствуйте! Вот результат.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Oleg at 2010-01-17 13:55:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (51%) free of 114 GB
Total RAM: 1023 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:45, on 17.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesSpeed Disknopdb.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesHHVcdV6SysVC6SecS.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
G:Downloads2Zастеколье_[torrents.ru]Virtual CD 6.0.0.2Systemvc6fserv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesHHVcdV6SysVC6Play.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:WINDOWSRTHDCPL.EXE
G:Downloads2Zастеколье_[torrents.ru]Virtual CD 6.0.0.2SystemVC6Tray.exe
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCorelGraphics9RegisterRemind32.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSsystem32WISPTIS.EXE
C:Program FilesInternet Exploreriexplore.exe
C:DownloadsRSIT.exe
C:Program FilesTrend MicroHijackThisOleg.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsOlegApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — {00A6FAF6-072E-44cf-8957-5838F569A31D} — (no file)
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQToolbartbu610toolbaru.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:Program FilesICQToolbartbu610toolbaru.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: IeCatch2 Class — {A5366673-E8CA-11D3-9CD9-0090271D075B} — C:PROGRA~1FlashGetjccatch.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsOlegApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: FlashGet Bar — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — C:PROGRA~1FlashGetfgiebar.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
O3 — Toolbar: PROMT — {892E81F6-EC63-4d13-8422-835A7A05D6EB} — C:Program FilesPRMT8PRMTIEprmtie.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQToolbartbu610toolbaru.dll
O4 — HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 — HKLM..Run: [VC6Player] C:Program FilesHHVcdV6SysVC6Play.exe
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [CanonSolutionMenu] C:Program FilesCanonSolutionMenuCNSLMAIN.exe /logon
O4 — HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 — HKLM..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Corel Registration.lnk = C:Program FilesCorelGraphics9RegisterRemind32.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &ICQ Toolbar Search — res://C:Program FilesICQToolbartoolbaru.dll/SEARCH.HTML
O8 — Extra context menu item: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYRU
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Online-словари — C:Program FilesPRMT8PRMTIEoda.htm
O8 — Extra context menu item: Автоматически определить шаблон тематики — C:Program FilesPRMT8PRMTIEaot.htm
O8 — Extra context menu item: Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Настроить параметры перевода — C:Program FilesPRMT8PRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — C:Program FilesPRMT8PRMTIEinfopanel.htm
O8 — Extra context menu item: Открыть словарную статью — C:Program FilesPRMT8PRMTIEaddentry.htm
O8 — Extra context menu item: Перевести — C:Program FilesPRMT8PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesPRMT8PRMTIEpage.htm
O8 — Extra context menu item: Поиск в Интернете — C:Program FilesPRMT8PRMTIEsearch.htm
O9 — Extra button: (no name) — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — C:Program FilesPRMT8PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настроить параметры перевода — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — C:Program FilesPRMT8PRMTIEoptions.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — C:Program FilesPRMT8PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — C:Program FilesPRMT8PRMTIEprmtie5.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:PROGRA~1FlashGetflashget.exe
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:PROGRA~1FlashGetflashget.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP Infium — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIP Infiuminfium.exe (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137870754781
O16 — DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) — http://outline3d.ru/main/cortvrml165.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: !SASWinLogon — C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Background Intelligent Transfer Service (BITS) — Unknown owner — C:WINDOWS
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Монитор описаний Symantec AntiVirus (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: MSSQL$PINNACLESYS — Unknown owner — C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlservr.exe (file missing)
O23 — Service: PLFlash DeviceIoControl Service — Prolific Technology Inc. — C:WINDOWSsystem32IoctlSvc.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Speed Disk service — Symantec Corporation — C:Program FilesSpeed Disknopdb.exe
O23 — Service: SQLAgent$PINNACLESYS — Unknown owner — C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlagent.EXE (file missing)
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe
O23 — Service: Virtual CD v6 FS Service (vc6fserv) — H+H Software GmbH — G:Downloads2Zастеколье_[torrents.ru]Virtual CD 6.0.0.2Systemvc6fserv.exe
O23 — Service: Virtual CD v6 Management Service (VC6SecS) — H+H Software GmbH — C:Program FilesHHVcdV6SysVC6SecS.exe
O23 — Service: Automatic Updates (wuauserv) — Unknown owner — C:WINDOWS
O24 — Desktop Component 0: (no name) — http://www.beautypic.ru/sea_9/wallpapers/1280×1024/21.jpg
O24 — Desktop Component 1: (no name) — http://ru.fishki.net/picso/sharon_stone_2_06.jpg
O24 — Desktop Component 2: (no name) — file:///C:/DOCUME~1/Oleg/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg—
End of file — 15180 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — C:Program FilesICQToolbartbu610toolbaru.dll [2006-12-17 701952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-02-01 1377576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class — C:PROGRA~1FlashGetjccatch.dll [2002-01-16 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsOlegApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-07-14 150768][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-10-11 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-10-11 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} — FlashGet Bar — C:PROGRA~1FlashGetfgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll []
{892E81F6-EC63-4d13-8422-835A7A05D6EB} — PROMT — C:Program FilesPRMT8PRMTIEprmtie.dll [2007-10-15 806912]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:Program FilesICQToolbartbu610toolbaru.dll [2006-12-17 701952][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15 229376]
«VC6Player»=C:Program FilesHHVcdV6SysVC6Play.exe [2004-06-15 245760]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-11-21 52840]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-05-28 528384]
«Logitech Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2008-02-29 76304]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2008-02-29 76304]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe []
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2009-04-27 61440]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2009-06-12 17887232]
«CanonSolutionMenu»=C:Program FilesCanonSolutionMenuCNSLMAIN.exe [2008-03-10 689488]
«CanonMyPrinter»=C:Program FilesCanonMyPrinterBJMyPrt.exe [2008-03-17 1848648]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2006-11-12 157592]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-10-11 149280]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«SUPERAntiSpyware»=C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [2010-01-05 2002160]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exeC:Documents and SettingsOlegStart MenuProgramsStartup
Corel Registration.lnk — C:Program FilesCorelGraphics9RegisterRemind32.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll [2009-09-03 548352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-04-28 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogitechbluetoothLBTWlgn.dll [2008-05-02 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2007-05-16 43568][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=0
«DisableTaskMgr»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=149
«NoDriveAutoRun»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:gamesFEARFEARServer.exe»=»C:gamesFEARFEARServer.exe:*:Enabled:F.E.A.R. Stand-Alone Server»
«C:gamesFEARfpupdate.exe»=»C:gamesFEARfpupdate.exe:*:Enabled:fpupdate»
«C:WINDOWSsystem32rundll32.exe»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:Run a DLL as an App»
«C:WINDOWSsystem32dpvsetup.exe»=»C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test»
«C:gamesДлинные нарды 2.0nardy20.exe»=»C:gamesДлинные нарды 2.0nardy20.exe:*:Enabled:Версия 2.0 от 10.06.2000 г.»
«C:Documents and SettingsOlegDesktopВСЕABCabc.exe»=»C:Documents and SettingsOlegDesktopВСЕABCabc.exe:*:Enabled:abc»
«C:Documents and SettingsOlegDesktopВСЕABCNew FolderABCabc.exe»=»C:Documents and SettingsOlegDesktopВСЕABCNew FolderABCabc.exe:*:Enabled:abc»
«C:Program FilesAtariNeverwinter Nights 2nwn2main.exe»=»C:Program FilesAtariNeverwinter Nights 2nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main»
«C:Program FilesAtariNeverwinter Nights 2nwn2main_amdxp.exe»=»C:Program FilesAtariNeverwinter Nights 2nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD»
«C:Program FilesAtariNeverwinter Nights 2nwupdate.exe»=»C:Program FilesAtariNeverwinter Nights 2nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater»
«C:Program FilesAtariNeverwinter Nights 2nwn2server.exe»=»C:Program FilesAtariNeverwinter Nights 2nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server»
«C:Program FilesPinnacleStudio 10programsRM.exe»=»C:Program FilesPinnacleStudio 10programsRM.exe:*:Enabled:Render Manager»
«C:Program FilesPinnacleStudio 10programsStudio.exe»=»C:Program FilesPinnacleStudio 10programsStudio.exe:*:Enabled:Studio»
«C:Program FilesPinnacleStudio 10programsPMSRegisterFile.exe»=»C:Program FilesPinnacleStudio 10programsPMSRegisterFile.exe:*:Enabled:PMSRegisterFile»
«C:Program FilesPinnacleStudio 10programsumi.exe»=»C:Program FilesPinnacleStudio 10programsumi.exe:*:Enabled:umi»
«C:Documents and SettingsOlegLocal SettingsTempElectronicArts_Patcher_000.exe»=»C:Documents and SettingsOlegLocal SettingsTempElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000»
«G:fufelbitcometDownloadsBattlefield_2142[torrents.ru]New FolderBF2142.exe»=»G:fufelbitcometDownloadsBattlefield_2142[torrents.ru]New FolderBF2142.exe:*:Enabled:Battlefield 2»
«C:DOCUME~1OlegLOCALS~1Tempbin.exe»=»C:DOCUME~1OlegLOCALS~1Tempbin.exe:*:Enabled:Enabled»
«C:Program FilesLucasArtsStar Wars Empire at WarGameDatafpupdate.exe»=»C:Program FilesLucasArtsStar Wars Empire at WarGameDatafpupdate.exe:*:Enabled:fpupdate»
«G:fufelunrealBinariesUT3.exe»=»G:fufelunrealBinariesUT3.exe:*:Enabled:UT3»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesCommon FilesAheadNero WebSetupX.exe»=»C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Disabled:Nero ProductSetup»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesNeroNero8Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero8Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»
«G:Downloads2utorrent.exe»=»G:Downloads2utorrent.exe:*:Enabled:µTorrent»
«I:Downloads2utorrent.exe»=»I:Downloads2utorrent.exe:*:Enabled:µTorrent»
«H:Downloads2utorrent.exe»=»H:Downloads2utorrent.exe:*:Enabled:µTorrent»
«G:fufelbitcometDownloadsutorrent.exe»=»G:fufelbitcometDownloadsutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«G:fufelfufelbitcometBitComet.exe»=»G:fufelfufelbitcometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«G:fufelbitcometBitComet.exe»=»G:fufelbitcometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Program FilesBitCometBitComet.exe»=»C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Documents and SettingsOlegDesktopfufelbitcometBitComet.exe»=»C:Documents and SettingsOlegDesktopfufelbitcometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{be097823-d23a-11dc-85ab-0013d4da2630}]
shellAutoRuncommand — F:LaunchEAW.exe======List of files/folders created in the last 3 months======
2010-01-14 19:41:53 —-D—- C:_OTM
2010-01-12 21:43:26 —-D—- C:Program Filestrend micro
2010-01-12 21:43:24 —-D—- C:rsit
2010-01-12 19:45:46 —-D—- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2010-01-12 19:45:33 —-D—- C:Program FilesSUPERAntiSpyware
2010-01-12 19:45:33 —-D—- C:Documents and SettingsOlegApplication DataSUPERAntiSpyware.com
2010-01-12 19:18:41 —-A—- C:SAFEBOOT_REPAIR.TXT
2010-01-10 12:54:27 —-D—- C:Documents and SettingsAll UsersApplication DataNOS
2009-12-17 20:42:00 —-D—- C:Documents and SettingsOlegApplication DataICQ Toolbar
2009-12-10 23:34:42 —-D—- C:Output Files
2009-12-10 23:30:06 —-D—- C:Program FilesAll Office Converter Platinum
2009-12-10 19:09:32 —-D—- C:Documents and SettingsOlegApplication DataICQ
2009-12-10 19:08:50 —-D—- C:Program FilesICQ6.5
2009-12-10 18:47:59 —-D—- C:Program FilesICQToolbar
2009-11-23 23:12:39 —-A—- C:WINDOWSsystem32javaws.exe
2009-11-23 23:12:39 —-A—- C:WINDOWSsystem32javaw.exe
2009-11-23 23:12:39 —-A—- C:WINDOWSsystem32java.exe
2009-11-10 16:40:19 —-A—- C:WINDOWSsystem32udcpm.dll
2009-11-10 15:47:16 —-D—- C:Documents and SettingsOlegApplication DataUDC Profiles
2009-11-10 15:46:11 —-D—- C:Program FilesUniversal Document Converter======List of files/folders modified in the last 3 months======
2010-01-17 13:55:36 —-D—- C:WINDOWSPrefetch
2010-01-17 13:55:08 —-D—- C:WINDOWSsystem32CatRoot2
2010-01-17 13:52:34 —-D—- C:Documents and SettingsOlegApplication DatauTorrent
2010-01-17 09:33:08 —-D—- C:WINDOWSTemp
2010-01-17 09:30:41 —-D—- C:Program FilesSymantec AntiVirus
2010-01-17 09:29:23 —-D—- C:WINDOWS
2010-01-17 09:29:22 —-D—- C:WINDOWSMinidump
2010-01-16 23:17:54 —-A—- C:WINDOWSSchedLgU.Txt
2010-01-16 15:53:12 —-D—- C:WINDOWSsystem32config
2010-01-14 19:44:24 —-D—- C:WINDOWSsystem32
2010-01-14 19:35:01 —-D—- C:Program FilesFlashGet
2010-01-14 19:34:57 —-D—- C:Downloads
2010-01-13 16:56:58 —-D—- C:WINDOWSsystem32drivers
2010-01-13 11:23:57 —-A—- C:WINDOWSntbtlog.txt
2010-01-12 22:04:15 —-D—- C:WINDOWSsystem32NtmsData
2010-01-12 21:43:26 —-RD—- C:Program Files
2010-01-12 19:45:43 —-SHD—- C:WINDOWSInstaller
2010-01-12 19:44:53 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2010-01-12 19:18:40 —-D—- C:WINDOWSrepair
2010-01-12 18:25:24 —-SHD—- C:System Volume Information
2010-01-12 18:25:24 —-D—- C:WINDOWSsystem32Restore
2010-01-11 21:18:03 —-D—- C:WINDOWSLhsp
2010-01-11 10:16:14 —-SD—- C:WINDOWSDownloaded Program Files
2009-12-30 18:27:50 —-D—- C:Program FilesSpeed Disk
2009-12-15 09:48:19 —-HD—- C:Program FilesInstallShield Installation Information
2009-12-15 09:48:18 —-D—- C:Program FilesAkella Games
2009-12-12 16:19:34 —-A—- C:WINDOWSDjVuPro.INI
2009-12-12 12:02:39 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-12-11 20:14:52 —-D—- C:Documents and Settings
2009-12-10 20:20:52 —-D—- C:Program FilesQIP Infium
2009-12-10 19:04:45 —-D—- C:Program FilesICQLite
2009-11-25 11:25:50 —-D—- C:Program FilesOpera
2009-11-23 23:12:37 —-D—- C:Program FilesJava
2009-11-15 11:04:53 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-10 17:21:32 —-SD—- C:Documents and SettingsOlegApplication DataMicrosoft
2009-10-25 01:45:13 —-D—- C:Documents and SettingsOlegApplication DataSkype
2009-10-25 00:03:48 —-D—- C:Documents and SettingsOlegApplication DataskypePM
2009-10-22 22:13:07 —-D—- C:games
2009-10-21 13:10:34 —-D—- C:WINDOWSSxsCaPendDel
2009-10-21 08:38:57 —-RSD—- C:WINDOWSassembly
2009-10-21 08:38:56 —-D—- C:Program FilesOpenOffice.org 3======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 PCLEPCI;PCLEPCI; ??C:WINDOWSsystem32driverspclepci.sys []
R1 SASDIFSV;SASDIFSV; ??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys []
R1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 sonypvf3;sonypvf3; C:WINDOWSsystem32driverssonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3; C:WINDOWSsystem32driverssonypvt3.sys [2004-12-06 423454]
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2007-02-12 196752]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; ??C:WINDOWSsystem32PfModNT.sys []
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-04-28 3565568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2009-06-16 5095936]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:WINDOWSsystem32DRIVERSL8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042mou.Sys [2008-02-29 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouKE.Sys [2008-02-29 79120]
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2005-06-02 171008]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120100114.008naveng.sys []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120100114.008navex15.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:WINDOWSsystem32DRIVERSNTIDrvr.sys [2007-01-04 6144]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-04-05 47360]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-04-01 10368]
R3 SASENUM;SASENUM; ??C:Program FilesSUPERAntiSpywareSASENUM.SYS []
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2007-02-12 24720]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2004-09-22 18944]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 sonypvd3;Sony DVD Handycam; C:WINDOWSsystem32DRIVERSsonypvd3.sys [2004-12-07 64964]
S3 aauyxclf;aauyxclf; C:WINDOWSsystem32driversaauyxclf.sys []
S3 Ambfilt;Ambfilt; C:WINDOWSsystem32driversAmbfilt.sys [2008-08-05 1684736]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
S3 Monfilt;Monfilt; C:WINDOWSsystem32driversMonfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-23 12160]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS []
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:WINDOWSsystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:WINDOWSsystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:WINDOWSsystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 Ser2pl;MAT Serial port driver; C:WINDOWSsystem32DRIVERSser2pl.sys [2003-07-15 43264]
S3 USB_RNDIS;Terayon Cable Modem; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-05-06 232064]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-07 660768]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-04-28 602112]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Монитор описаний Symantec AntiVirus; C:Program FilesSymantec AntiVirusDefWatch.exe [2007-05-16 31280]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-10-11 153376]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:WINDOWSsystem32IoctlSvc.exe [2006-12-19 81920]
R2 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2007-02-12 214672]
R2 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2007-01-10 1160792]
R2 Speed Disk service;Speed Disk service; C:Program FilesSpeed Disknopdb.exe [2001-08-09 176161]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2007-05-16 1825328]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-09-22 38912]
R2 vc6fserv;Virtual CD v6 FS Service; G:Downloads2Zастеколье_[torrents.ru]Virtual CD 6.0.0.2Systemvc6fserv.exe [2004-06-15 49152]
R2 VC6SecS;Virtual CD v6 Management Service; C:Program FilesHHVcdV6SysVC6SecS.exe [2004-05-07 98304]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2009-04-27 593920]
S2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlservr.exe -sPINNACLESYS []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2006-09-18 2528960]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2007-05-16 119344]
S3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlagent.EXE -i PINNACLESYS []
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
А вот результат работы ОТМ. Спасибо. Не знаю почему, но работать стало удобнее, хотя куча скрытых папок висит и сопротивляется удалению.
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\restorer32_a deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Regedit32 deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\ deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\MyWebSearch Email Plugin deleted successfully.
========== FILES ==========
C:WINDOWSsystem32GCDED.tmp.exe moved successfully.
C:WINDOWSsystem32GF15D.tmp.exe moved successfully.
C:WINDOWSsystem32servm32.exe moved successfully.
C:WINDOWSsystem32GD628.tmp.exe moved successfully.
C:WINDOWSsystem32G2B03.tmp.exe moved successfully.
========== COMMANDS ==========[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytesUser: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1007858 bytesUser: Oleg
->Temp folder emptied: 21389921859 bytes
->Temporary Internet Files folder emptied: 50879133 bytes
->Java cache emptied: 60049028 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4387828 bytes
%systemroot%System32 .tmp files removed: 4182033 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37468793 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 716360 bytesTotal Files Cleaned = 20 550,00 mb
OTM by OldTimer — Version 3.1.5.0 log created on 01142010_194153
Files moved on Reboot…
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5WTEZCD6ZAKm7cLdILYC40000Zh3mQui4N8wTWmkMhr-W0f6ueY1229E53Na3=djEuPfK2cmHhK3i1cef2agayGmL1UG80=93CBsPK2cmDeJpe1cef2agSnGmL1UG80=j-83x9K2cm5kGucfEYa7c8qKd9Mb2vgPTmoIf4kG1PsTlHIP0g2WwZ[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5WTEZCD6ZAKm7cLdILYC40000Zh3mQui4N8wTWmkMhr-W0f6ueY1229E53Na3=lNhIWPK2cm5kGpW1YQE5KGIOPvoiB4qFcfCukPAXYDe3dPGzQfbNe91pLK5u1G00=O6_OpPK2cm5kGpa1YPJVFvXddAmiJG-QapYvagZ8c0MTcHS3cLUWa3v[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5WTEZCD6ZAKm7cLdILYC40000Zh3mQui4N8wTWmkMhr-W0f6ueY1229E53Na3=UUmnevK2cm5kGpI9d33Cc8qKd9Mb2vgPTmoIf83O0fsLon6P0g2WRDm2GNy4=SItS5vK2cm5kGpM9fUz62fYD59oLfGkQYVsIgIYE1PsiRHG2cGAWe6pS0a5[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5WTEZCD6ZLLBB0zvmudm40000ZhZqQui4N8wTWmkMe-60996zEgW41vE53Na3=xBUcl9K2cmHhK3i1cgC4GW6IgJn31K5x0W00=7aFXzPK2cmDeJpe1cgC4GW6Ifp531K5x0W00=C3zVtPK2cm5kGucPghAOZHIShNVdL9gZ1481ag8BbGMTag[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5WTEZCD6ZO5c_eVkLABy40000ZhxsQui4N8wTWmkMeddG0v6vdVJK29E53Na3=YUTFjPK2cmHhK3i1cgRH706IgJn31K5x0W00=UnC8_9K2cmDeJpe1cgRH706Ifp531K5x0W00=VkqXYvK2cm5kGucPghAOZHISfcVbKvgZ1481ag8BbGMTag[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5WTEZCD6ZOfgXytZELzO40000ZhZrQui4N8wTWmkHlUtmo0oJXGry0W00=AFnl4fK2cmHhK3i1cgVZX0AIgJn31K5x0W00=sWWeMvK2cmDeJpe1cgVZX0AIfp531K5x0W00=vOtnDPK2cm5kGucPghAOZHIScAKBcgC4GW6IeWkL1PsIhqgP0g[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5KLUZ0PUN3Esu5BFRYqW40000ZhxYQui4N8wTWmkMfbZg5P6xATYm1PE53Na3=9SimifK2cm5kGpI9dA76c6USf9-b0PgXgbq2agecfWITc09TcLUWaAgqGNy4=-lNKzPK2cm5kGpM9bVe5c6USf9-b0PgTZXEIf5PG1Pslwgq1cLUWaEQgGNy[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5KLUZ0PUNAtuoduovlsS40000ZhNvQui4N8wTWmkMhr6T0f6WkOvuauKDU0C0=djEuPfK2cmHhK3i1cef2agayGmL1UG80=93CBsPK2cmDeJpe1cef2agSnGmL1UG80=j-83x9K2cm5kGucfEYa7c8qKd9Mb2vgPTmoIf4kG1PsTlHIP0g2WwZ[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5KLUZ0PUNAtuoduovlsS40000ZhNvQui4N8wTWmkMhr6T0f6WkOvuauKDU0C0=UUmnevK2cm5kGpI9d33Cc8qKd9Mb2vgPTmoIf83O0fsLon6P0g2WRDm2GNy4=SItS5vK2cm5kGpM9fUz62fYD59oLfGkQYVsIgIYE1PsiRHG2cGAWe6pS0a5[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5KLUZ0PUNCPGqSMjZDq440000Zh0wROi4Nl6Tbr05bgy9NW6HlMqFKWsJXGrw0m00=uMgW7fK2cmHhK3i1cftt_9AfF4C5GNe2=FoFG7vK2cmDeJpe1cftt_9AdCKC5GNe2=Qrp7pPK2cm5kGucerjC9c8mfd9Lx2vgcJzm1ag1HmmITdrO7cG[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5KLUZ0PUNIP-3tj-WycK40000ZhpvQui4N8wTWmkHks2n9moJXGry0W00=4ccdr9K2cm5kGpM9aQSmc8qKd9Yb2vgSr4kIf0jm0vsRw26P0g2WUw41GNy4=wEP62PK2cm5kGpQ9dcSVc8qKd9Yb2vgZ1481agAwZ0MTfzO70fa2e93Hx45u1G0[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5KLUZ0PUNRkVWn0UfErC40000ZhVxQui4N8wTWmkHi6Ntu0IJXGry0W00=4ccdr9K2cm5kGpM9aQSmc8qKd9Yb2vgSr4kIf0jm0vsRw26P0g2WUw41GNy4=wEP62PK2cm5kGpQ9dcSVc8qKd9Yb2vgZ1481agAwZ0MTfzO70fa2e93Hx45u1G0[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5JU4ZRHGD3ZdeDrTle5O40000ZhVDaui4NO6TXKMMhpPZA96-aF8W3vE53Na3=vYx3xPK2cmHhK3i1cezLagayGmL1UG80=NCvmKfK2cmDeJpe1cezLagSnGmL1UG80=bYgxuvK2cm5kGucYhA49c5YSekcN0fgR4GsIgu-q19sZyCq1cGAWe6[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5JU4ZRHGDGFaZIyiq1jK40000Zh39aui4NO6TXKMMgNIsBP6yDY6w0PE53Na3=QgNvAvK2cmHhK3i1cgTLOm6IgJn31K5x0W00=c56-OfK2cmDeJpe1cgTLOm6Ifp531K5x0W00=6732kvK2cm5kGucgIjy7c5YSfkYT5fgEOPAWaBG4dQFmpG[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5DFRF5HG2229Y7k-8jLa40000ZhYpVei4XPwd19sO8mgHj_NNAGMJXGr_0W00=pNJejvK2cmHhK3QQebZG0PAfF4C5GNe2=5kdpDPK2cmDeJpMQebZG0PAdCKC5GNe2=SCpVyfK2cm5kGucR30sOI9oQ9GMQWb-IgxXN1PsPmuYP0g2WYyW1GN[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE5DFRF5HG2Kzk3uiiRaSK40000ZhVJaui4NO6TXKMMgBrR1P6x6chv2vE53Na3=T5JM6fK2cmHhK3i1cgzj5W6IgJn31K5x0W00=Xg2HKvK2cmDeJpe1cgzj5W6Ifp531K5x0W00=bYgxuvK2cm5kGucYhA49c5YSekcN0fgR4GsIgu-q19sZyC[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE583H3UIZL9uQryMiAvAm40000ZhchVei4XPwd19sO8mgMhgJL5f6meJbV0fE53Nm3=BqTl-vK2cmHhK3QQekoW0PAfF4C5GNe2=zDfqUPK2cmDeJpMQekoW0PAdCKC5GNe2=SCpVyfK2cm5kGucR30sOI9oQ9GMQWb-IgxXN1PsPmuYP0g2WYy[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE583H3UIZLFrrRG5Q39z040000ZhoiVei4XPwd19sO8mgHi4o7G0YJXGr_0W00=pNJejvK2cmHhK3QQebZG0PAfF4C5GNe2=5kdpDPK2cmDeJpMQebZG0PAdCKC5GNe2=SCpVyfK2cm5kGucR30sOI9oQ9GMQWb-IgxXN1PsPmuYP0g2WYyW1GN[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE56XPUF2XCHECLIcIxViy40000Zh-jVei4XPwd19sO8mgHkTUfzWkJXGr_0W00=pNJejvK2cmHhK3QQebZG0PAfF4C5GNe2=5kdpDPK2cmDeJpMQebZG0PAdCKC5GNe2=SCpVyfK2cm5kGucR30sOI9oQ9GMQWb-IgxXN1PsPmuYP0g2WYyW1GN[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE54PE3O5YZLLBB0zvmudm40000ZhZqQui4N8wTWmkMe-60996zEgW41vE53Na3=8AcyEvK2cm5kGpM9aQSmc8qKdArtvrIQemH20PAa2t03dPle8Pa6eA1xeG51UGK0=Yic0wfK2cm5kGpQ9flPo2fYD59ojT-TKcfDkt9AbKvC5dQvR5mAP1g2[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE54PE3O5YZO5c_eVkLABy40000ZhxsQui4N8wTWmkMeddG0v6vdVJK29E53Na3=ztUXifK2cm5kGpM9cs4fc8qKd9Yb2vg7UPAaFU84dQVnnm6P0g2WIEW1GNy4=xEd8sfK2cm5kGpQ9aQSmc8qKdAPdvLEQdDHBagGBS0ETc-WXcGQWe7kX0K5[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE54PE3O5YZOfgXytZELzO40000ZhZrQui4N8wTWmkHlUtmo0oJXGry0W00=4ccdr9K2cm5kGpM9aQSmc8qKd9Yb2vgSr4kIf0jm0vsRw26P0g2WUw41GNy4=4TLj0vK2cm5kGpQ9bl47c8qKd9Yb2vgbV2i2agitZWMTft8K0fa2e91Ubq5u1G0[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE54PE3O5YZOgC6_bhHIV840000ZhpmQui4N8wTWmkMf1A3Bv6-GPdJ1vE53Na3=rjy4XvK2cm5kGpM9aQSmc8qKdA76056QemH20PAa2t03dPle8PbNeA1xeG51UGK0=_238lPK2cm5kGpQ9ga070PXddA76056QblnJagDOP06TbY4CcLUWeBL[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE54PE3O5YZU0orcFWzlD040000Zh56Rui4Nl6Tbr05bgy9NW6HlMqFKWsJXGrw0m00=N_ePhvK2cmHhK3i1cftt_9AfF4C5GNe2=WRDfhfK2cmDeJpe1cftt_9AdCKC5GNe2=rSn-V9K2cm5kGucerjC9c8mfd9Lx2vgcJzm1ag1HmmITdrO7cG[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE59YJ01U33Esu5BFRYqW40000ZhxYQui4N8wTWmkMfbZg5P6xATYm1PE53Na3=5pPldvK2cmHhK3i1cgnt1WkIgJn31K5x0W00=vS8erfK2cmDeJpe1cgnt1WkIfp531K5x0W00=j-83x9K2cm5kGucfEYa7c8qKd9Mb2vgPTmoIf4kG1PsTlH[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE59YJ01U33Esu5BFRYqW40000ZhxYQui4N8wTWmkMfbZg5P6xATYm1PE53Na3=per-WPK2cm5kGpW1YPJVFvXddAIVfG6QeQfT0fAeo9W5dPaN0vbNe90-IK5u1G00=VZGHYPK2cm5kGpa1YP5iFPXddAIVfG6QeQfT0fAet4C5dQvXa06PLw2[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE59YJ01U3IP-3tj-WycK40000ZhpvQui4N8wTWmkHks2n9moJXGry0W00=AFnl4fK2cmHhK3i1cgVZX0AIgJn31K5x0W00=sWWeMvK2cmDeJpe1cgVZX0AIfp531K5x0W00=vOtnDPK2cm5kGucPghAOZHIScAKBcgC4GW6IeWkL1PsIhqgP0g[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE59YJ01U3RF26LkEGYyG40000ZhOORui4Nl6Tbr05bgy9NW6HlMqFKWsJXGrw0m00=N_ePhvK2cmHhK3i1cftt_9AfF4C5GNe2=WRDfhfK2cmDeJpe1cftt_9AdCKC5GNe2=rSn-V9K2cm5kGucerjC9c8mfd9Lx2vgcJzm1ag1HmmITdrO7cG[1].htm not found!
File C:Documents and SettingsOlegLocal SettingsTempTemporary Internet FilesContent.IE59YJ01U3RkVWn0UfErC40000ZhVxQui4N8wTWmkHi6Ntu0IJXGry0W00=AFnl4fK2cmHhK3i1cgVZX0AIgJn31K5x0W00=sWWeMvK2cmDeJpe1cgVZX0AIfp531K5x0W00=vOtnDPK2cm5kGucPghAOZHIScAKBcgC4GW6IeWkL1PsIhqgP0g[1].htm not found!Registry entries deleted on Reboot…
И почему-то антивирус нашел трояна в папке ОТМ?
В этой папке программа OTM складирует удалённые файлы (так называемы карантин).
Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.Вставьте в ваш ответ этот лог и ещё приложите свежий RSIT лог.
Здравствуйте, Валерий. После сканирования malwarebytes все удалил как и предлагалось. Но сильно пришлось понервничать т.к. после перезагрузки ОС напрочь отказывалась загружаться. Все ограничивалось предложением Загрузки в нормальном режиме, но после нажатия процесс возобновлялся, на указание загрузиться в безопасном или другом режиме (кроме вышеописанного) итогом становился голубой экран с отсутствием сигнала. Вобщем загрусился после борльшого колимчества попыток загрузиться в обычном режиме.
Вот результаты.Malwarebytes’ Anti-Malware 1.44
Database version: 3635
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.218025.01.2010 21:51:43
mbam-log-2010-01-25 (21-51-43).txtScan type: Full Scan (C:|G:|)
Objects scanned: 239878
Time elapsed: 45 minute(s), 45 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 94
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 17
Files Infected: 61Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_CLASSES_ROOTfunwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTscreensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTscreensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREFun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREFocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREFun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMultimediaWMPlayerSchemesf3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsMyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeWordAddinsMyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFieryAds (Adware.FieryAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMenuExt&Search(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows MediaWMSDKSourcesf3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkuid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platformfunwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Hijack.Userinit) -> Bad: (C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesBITSImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%system32svchost.exe -k netsvcs) Good: (%SystemRoot%System32svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetServiceswuauservImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%system32svchost.exe -k netsvcs) Good: (%SystemRoot%System32svchost.exe -k netsvcs) -> Quarantined and deleted successfully.Folders Infected:
C:Documents and SettingsLocalServiceApplication Datawsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:Program FilesFieryAds (Adware.Adware.FearAds) -> Quarantined and deleted successfully.
C:Program FilesFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsScreenSaverImages (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsShared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGame (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarHistory (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchSrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchSrchAstt1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:WINDOWSsystem32twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.Files Infected:
C:Program FilesMyWebSearchbar1.binMWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Downloadsavz4avz4Infected2010-01-12avz00002.dta (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Downloadsavz4avz4Infected2010-01-12avz00004.dta (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Downloadsavz4avz4Infected2010-01-12avz00005.dta (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Downloadsavz4avz4Infected2010-01-12avz00007.dta (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Downloadsavz4avz4Infected2010-01-12avz00009.dta (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Downloadsavz4avz4Infected2010-01-12avz00010.dta (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binNPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:System Volume Information_restore{903EA5FA-8610-4F44-8E39-2DDFBF21A9A4}RP186A0166720.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
G:Downloads2мультыNero 8.3.6.0Activationkeygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceApplication Datawsnpoemaudio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsScreenSaverImages07BBC06.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsShared033FAD2.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheCursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheMailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheMyFunCardsIMBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheMyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheMyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheSmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0018671 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache00256F0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0341C64.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0341E39.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0341FDF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0417D42 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0498123 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache07E942C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache07E95B3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache07E972A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache07EA449.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache080BB14.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache080C47A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache08D54C9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache1141D2E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache3267474 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCachefiles.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGameCHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGameCHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGameREVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarHistorysearch2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingsprevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingssetting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingssettings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingss_bfeats.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingss_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:WINDOWSsystem32twain32local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:WINDOWSsystem32twain32user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:WINDOWSsystem32twain32user.ds.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:Documents and SettingsOlegApplication Datafieryads.dat (Adware.FieryAds) -> Quarantined and deleted successfully.
C:Documents and SettingsOlegApplication Datawiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:Program FilesICQToolbartbu610toolbaru.dll (Trojan.BHO) -> Delete on reboot.Новый rsit
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Oleg at 2010-01-25 23:53:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (51%) free of 114 GB
Total RAM: 1023 MB (54% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:17, on 25.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesHHVcdV6SysVC6Play.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCorelGraphics9RegisterRemind32.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesSpeed Disknopdb.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesHHVcdV6SysVC6SecS.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSSystem32svchost.exe
C:DownloadsRSIT.exe
C:Program FilesTrend MicroHijackThisOleg.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsOlegApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQToolbartbu610toolbaru.dll (file missing)
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: IeCatch2 Class — {A5366673-E8CA-11D3-9CD9-0090271D075B} — C:PROGRA~1FlashGetjccatch.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsOlegApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: FlashGet Bar — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — C:PROGRA~1FlashGetfgiebar.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll (file missing)
O3 — Toolbar: PROMT — {892E81F6-EC63-4d13-8422-835A7A05D6EB} — C:Program FilesPRMT8PRMTIEprmtie.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQToolbartbu610toolbaru.dll (file missing)
O4 — HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 — HKLM..Run: [VC6Player] C:Program FilesHHVcdV6SysVC6Play.exe
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [CanonSolutionMenu] C:Program FilesCanonSolutionMenuCNSLMAIN.exe /logon
O4 — HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 — HKLM..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Corel Registration.lnk = C:Program FilesCorelGraphics9RegisterRemind32.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &ICQ Toolbar Search — res://C:Program FilesICQToolbartoolbaru.dll/SEARCH.HTML
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Online-словари — C:Program FilesPRMT8PRMTIEoda.htm
O8 — Extra context menu item: Автоматически определить шаблон тематики — C:Program FilesPRMT8PRMTIEaot.htm
O8 — Extra context menu item: Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Настроить параметры перевода — C:Program FilesPRMT8PRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — C:Program FilesPRMT8PRMTIEinfopanel.htm
O8 — Extra context menu item: Открыть словарную статью — C:Program FilesPRMT8PRMTIEaddentry.htm
O8 — Extra context menu item: Перевести — C:Program FilesPRMT8PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesPRMT8PRMTIEpage.htm
O8 — Extra context menu item: Поиск в Интернете — C:Program FilesPRMT8PRMTIEsearch.htm
O9 — Extra button: (no name) — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — C:Program FilesPRMT8PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настроить параметры перевода — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — C:Program FilesPRMT8PRMTIEoptions.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — C:Program FilesPRMT8PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — C:Program FilesPRMT8PRMTIEprmtie5.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:PROGRA~1FlashGetflashget.exe
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:PROGRA~1FlashGetflashget.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP Infium — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIP Infiuminfium.exe (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137870754781
O16 — DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) — http://outline3d.ru/main/cortvrml165.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: !SASWinLogon — C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Background Intelligent Transfer Service (BITS) — Unknown owner — C:WINDOWS
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Монитор описаний Symantec AntiVirus (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: MSSQL$PINNACLESYS — Unknown owner — C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlservr.exe (file missing)
O23 — Service: PLFlash DeviceIoControl Service — Prolific Technology Inc. — C:WINDOWSsystem32IoctlSvc.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Speed Disk service — Symantec Corporation — C:Program FilesSpeed Disknopdb.exe
O23 — Service: SQLAgent$PINNACLESYS — Unknown owner — C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlagent.EXE (file missing)
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe
O23 — Service: Virtual CD v6 FS Service (vc6fserv) — Unknown owner — G:Downloads2Zастеколье_[torrents.ru]Virtual CD 6.0.0.2Systemvc6fserv.exe (file missing)
O23 — Service: Virtual CD v6 Management Service (VC6SecS) — H+H Software GmbH — C:Program FilesHHVcdV6SysVC6SecS.exe
O23 — Service: Automatic Updates (wuauserv) — Unknown owner — C:WINDOWS
O24 — Desktop Component 0: (no name) — http://www.beautypic.ru/sea_9/wallpapers/1280×1024/21.jpg
O24 — Desktop Component 1: (no name) — http://ru.fishki.net/picso/sharon_stone_2_06.jpg
O24 — Desktop Component 2: (no name) — file:///C:/DOCUME~1/Oleg/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg—
End of file — 14332 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-02-01 1377576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class — C:PROGRA~1FlashGetjccatch.dll [2002-01-16 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsOlegApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-07-14 150768][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-10-11 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-10-11 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} — FlashGet Bar — C:PROGRA~1FlashGetfgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll []
{892E81F6-EC63-4d13-8422-835A7A05D6EB} — PROMT — C:Program FilesPRMT8PRMTIEprmtie.dll [2007-10-15 806912]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:Program FilesICQToolbartbu610toolbaru.dll [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15 229376]
«VC6Player»=C:Program FilesHHVcdV6SysVC6Play.exe [2004-06-15 245760]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-11-21 52840]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-05-28 528384]
«Logitech Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2008-02-29 76304]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2008-02-29 76304]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe []
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2009-04-27 61440]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2009-06-12 17887232]
«CanonSolutionMenu»=C:Program FilesCanonSolutionMenuCNSLMAIN.exe [2008-03-10 689488]
«CanonMyPrinter»=C:Program FilesCanonMyPrinterBJMyPrt.exe [2008-03-17 1848648]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2006-11-12 157592]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-10-11 149280][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«SUPERAntiSpyware»=C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [2010-01-05 2002160]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exeC:Documents and SettingsOlegStart MenuProgramsStartup
Corel Registration.lnk — C:Program FilesCorelGraphics9RegisterRemind32.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll [2009-09-03 548352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-04-28 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogitechbluetoothLBTWlgn.dll [2008-05-02 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2007-05-16 43568][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=0
«DisableTaskMgr»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=149
«NoDriveAutoRun»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:gamesFEARFEARServer.exe»=»C:gamesFEARFEARServer.exe:*:Enabled:F.E.A.R. Stand-Alone Server»
«C:gamesFEARfpupdate.exe»=»C:gamesFEARfpupdate.exe:*:Enabled:fpupdate»
«C:WINDOWSsystem32rundll32.exe»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:Run a DLL as an App»
«C:WINDOWSsystem32dpvsetup.exe»=»C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test»
«C:gamesДлинные нарды 2.0nardy20.exe»=»C:gamesДлинные нарды 2.0nardy20.exe:*:Enabled:Версия 2.0 от 10.06.2000 г.»
«C:Documents and SettingsOlegDesktopВСЕABCabc.exe»=»C:Documents and SettingsOlegDesktopВСЕABCabc.exe:*:Enabled:abc»
«C:Documents and SettingsOlegDesktopВСЕABCNew FolderABCabc.exe»=»C:Documents and SettingsOlegDesktopВСЕABCNew FolderABCabc.exe:*:Enabled:abc»
«C:Program FilesAtariNeverwinter Nights 2nwn2main.exe»=»C:Program FilesAtariNeverwinter Nights 2nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main»
«C:Program FilesAtariNeverwinter Nights 2nwn2main_amdxp.exe»=»C:Program FilesAtariNeverwinter Nights 2nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD»
«C:Program FilesAtariNeverwinter Nights 2nwupdate.exe»=»C:Program FilesAtariNeverwinter Nights 2nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater»
«C:Program FilesAtariNeverwinter Nights 2nwn2server.exe»=»C:Program FilesAtariNeverwinter Nights 2nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server»
«C:Program FilesPinnacleStudio 10programsRM.exe»=»C:Program FilesPinnacleStudio 10programsRM.exe:*:Enabled:Render Manager»
«C:Program FilesPinnacleStudio 10programsStudio.exe»=»C:Program FilesPinnacleStudio 10programsStudio.exe:*:Enabled:Studio»
«C:Program FilesPinnacleStudio 10programsPMSRegisterFile.exe»=»C:Program FilesPinnacleStudio 10programsPMSRegisterFile.exe:*:Enabled:PMSRegisterFile»
«C:Program FilesPinnacleStudio 10programsumi.exe»=»C:Program FilesPinnacleStudio 10programsumi.exe:*:Enabled:umi»
«C:Documents and SettingsOlegLocal SettingsTempElectronicArts_Patcher_000.exe»=»C:Documents and SettingsOlegLocal SettingsTempElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000»
«G:fufelbitcometDownloadsBattlefield_2142[torrents.ru]New FolderBF2142.exe»=»G:fufelbitcometDownloadsBattlefield_2142[torrents.ru]New FolderBF2142.exe:*:Enabled:Battlefield 2»
«C:DOCUME~1OlegLOCALS~1Tempbin.exe»=»C:DOCUME~1OlegLOCALS~1Tempbin.exe:*:Enabled:Enabled»
«C:Program FilesLucasArtsStar Wars Empire at WarGameDatafpupdate.exe»=»C:Program FilesLucasArtsStar Wars Empire at WarGameDatafpupdate.exe:*:Enabled:fpupdate»
«G:fufelunrealBinariesUT3.exe»=»G:fufelunrealBinariesUT3.exe:*:Enabled:UT3»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesCommon FilesAheadNero WebSetupX.exe»=»C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Disabled:Nero ProductSetup»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesNeroNero8Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero8Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»
«G:Downloads2utorrent.exe»=»G:Downloads2utorrent.exe:*:Enabled:µTorrent»
«I:Downloads2utorrent.exe»=»I:Downloads2utorrent.exe:*:Enabled:µTorrent»
«H:Downloads2utorrent.exe»=»H:Downloads2utorrent.exe:*:Enabled:µTorrent»
«G:fufelbitcometDownloadsutorrent.exe»=»G:fufelbitcometDownloadsutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«G:fufelfufelbitcometBitComet.exe»=»G:fufelfufelbitcometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«G:fufelbitcometBitComet.exe»=»G:fufelbitcometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Program FilesBitCometBitComet.exe»=»C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Documents and SettingsOlegDesktopfufelbitcometBitComet.exe»=»C:Documents and SettingsOlegDesktopfufelbitcometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{be097823-d23a-11dc-85ab-0013d4da2630}]
shellAutoRuncommand — F:LaunchEAW.exe======List of files/folders created in the last 3 months======
2010-01-25 21:00:56 —-D—- C:Documents and SettingsOlegApplication DataMalwarebytes
2010-01-25 21:00:48 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-01-25 21:00:47 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-01-21 19:46:42 —-ASH—- C:WINDOWSsystem32GFA10.tmp.exe
2010-01-21 19:44:16 —-A—- C:WINDOWSsystem32smsms32.exe
2010-01-14 19:41:53 —-D—- C:_OTM
2010-01-12 21:43:26 —-D—- C:Program Filestrend micro
2010-01-12 21:43:24 —-D—- C:rsit
2010-01-12 19:45:46 —-D—- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2010-01-12 19:45:33 —-D—- C:Program FilesSUPERAntiSpyware
2010-01-12 19:45:33 —-D—- C:Documents and SettingsOlegApplication DataSUPERAntiSpyware.com
2010-01-12 19:18:41 —-A—- C:SAFEBOOT_REPAIR.TXT
2010-01-10 12:54:27 —-D—- C:Documents and SettingsAll UsersApplication DataNOS
2009-12-17 20:42:00 —-D—- C:Documents and SettingsOlegApplication DataICQ Toolbar
2009-12-10 23:34:42 —-D—- C:Output Files
2009-12-10 23:30:06 —-D—- C:Program FilesAll Office Converter Platinum
2009-12-10 19:09:32 —-D—- C:Documents and SettingsOlegApplication DataICQ
2009-12-10 19:08:50 —-D—- C:Program FilesICQ6.5
2009-12-10 18:47:59 —-D—- C:Program FilesICQToolbar
2009-11-23 23:12:39 —-A—- C:WINDOWSsystem32javaws.exe
2009-11-23 23:12:39 —-A—- C:WINDOWSsystem32javaw.exe
2009-11-23 23:12:39 —-A—- C:WINDOWSsystem32java.exe
2009-11-10 16:40:19 —-A—- C:WINDOWSsystem32udcpm.dll
2009-11-10 15:47:16 —-D—- C:Documents and SettingsOlegApplication DataUDC Profiles
2009-11-10 15:46:11 —-D—- C:Program FilesUniversal Document Converter======List of files/folders modified in the last 3 months======
2010-01-25 23:47:43 —-D—- C:WINDOWSTemp
2010-01-25 23:41:48 —-A—- C:WINDOWSntbtlog.txt
2010-01-25 22:28:22 —-D—- C:WINDOWS
2010-01-25 22:25:39 —-D—- C:Program FilesSymantec AntiVirus
2010-01-25 22:25:38 —-A—- C:WINDOWSSchedLgU.Txt
2010-01-25 21:59:54 —-D—- C:WINDOWSsystem32CatRoot2
2010-01-25 21:53:58 —-D—- C:WINDOWSsystem32drivers
2010-01-25 21:53:58 —-D—- C:WINDOWSResources
2010-01-25 21:51:43 —-RD—- C:Program Files
2010-01-25 21:51:43 —-D—- C:WINDOWSsystem32
2010-01-25 21:51:30 —-D—- C:WINDOWSPrefetch
2010-01-25 19:53:50 —-D—- C:Program FilesFlashGet
2010-01-25 19:53:45 —-D—- C:Downloads
2010-01-25 18:09:17 —-D—- C:WINDOWSsystem32config
2010-01-24 19:33:03 —-D—- C:WINDOWSMinidump
2010-01-22 13:51:53 —-D—- C:Documents and SettingsOlegApplication DatauTorrent
2010-01-12 22:04:15 —-D—- C:WINDOWSsystem32NtmsData
2010-01-12 19:45:43 —-SHD—- C:WINDOWSInstaller
2010-01-12 19:44:53 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2010-01-12 19:18:40 —-D—- C:WINDOWSrepair
2010-01-12 18:25:24 —-SHD—- C:System Volume Information
2010-01-12 18:25:24 —-D—- C:WINDOWSsystem32Restore
2010-01-11 21:18:03 —-D—- C:WINDOWSLhsp
2010-01-11 10:16:14 —-SD—- C:WINDOWSDownloaded Program Files
2009-12-30 18:27:50 —-D—- C:Program FilesSpeed Disk
2009-12-15 09:48:19 —-HD—- C:Program FilesInstallShield Installation Information
2009-12-15 09:48:18 —-D—- C:Program FilesAkella Games
2009-12-12 16:19:34 —-A—- C:WINDOWSDjVuPro.INI
2009-12-12 12:02:39 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-12-11 20:14:52 —-D—- C:Documents and Settings
2009-12-10 20:20:52 —-D—- C:Program FilesQIP Infium
2009-12-10 19:04:45 —-D—- C:Program FilesICQLite
2009-11-25 11:25:50 —-D—- C:Program FilesOpera
2009-11-23 23:12:37 —-D—- C:Program FilesJava
2009-11-15 11:04:53 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-10 17:21:32 —-SD—- C:Documents and SettingsOlegApplication DataMicrosoft======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 PCLEPCI;PCLEPCI; ??C:WINDOWSsystem32driverspclepci.sys []
R1 SASDIFSV;SASDIFSV; ??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys []
R1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 sonypvf3;sonypvf3; C:WINDOWSsystem32driverssonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3; C:WINDOWSsystem32driverssonypvt3.sys [2004-12-06 423454]
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2007-02-12 196752]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; ??C:WINDOWSsystem32PfModNT.sys []
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-04-28 3565568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2009-06-16 5095936]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:WINDOWSsystem32DRIVERSL8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042mou.Sys [2008-02-29 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouKE.Sys [2008-02-29 79120]
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2005-06-02 171008]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120100121.005naveng.sys []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120100121.005navex15.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:WINDOWSsystem32DRIVERSNTIDrvr.sys [2007-01-04 6144]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-04-05 47360]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-04-01 10368]
R3 SASENUM;SASENUM; ??C:Program FilesSUPERAntiSpywareSASENUM.SYS []
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2004-09-22 18944]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-05-06 232064]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 sonypvd3;Sony DVD Handycam; C:WINDOWSsystem32DRIVERSsonypvd3.sys [2004-12-07 64964]
S3 aikjvg9k;aikjvg9k; C:WINDOWSsystem32driversaikjvg9k.sys []
S3 Ambfilt;Ambfilt; C:WINDOWSsystem32driversAmbfilt.sys [2008-08-05 1684736]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
S3 Monfilt;Monfilt; C:WINDOWSsystem32driversMonfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-23 12160]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS []
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:WINDOWSsystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:WINDOWSsystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:WINDOWSsystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 Ser2pl;MAT Serial port driver; C:WINDOWSsystem32DRIVERSser2pl.sys [2003-07-15 43264]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2007-02-12 24720]
S3 USB_RNDIS;Terayon Cable Modem; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-04-28 602112]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Монитор описаний Symantec AntiVirus; C:Program FilesSymantec AntiVirusDefWatch.exe [2007-05-16 31280]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-10-11 153376]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:WINDOWSsystem32IoctlSvc.exe [2006-12-19 81920]
R2 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2007-02-12 214672]
R2 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2007-01-10 1160792]
R2 Speed Disk service;Speed Disk service; C:Program FilesSpeed Disknopdb.exe [2001-08-09 176161]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-09-22 38912]
R2 VC6SecS;Virtual CD v6 Management Service; C:Program FilesHHVcdV6SysVC6SecS.exe [2004-05-07 98304]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-07 660768]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2009-04-27 593920]
S2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlservr.exe -sPINNACLESYS []
S2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2007-05-16 1825328]
S2 vc6fserv;Virtual CD v6 FS Service; G:Downloads2Zастеколье_[torrents.ru]Virtual CD 6.0.0.2Systemvc6fserv.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2006-09-18 2528960]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2007-05-16 119344]
S3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:Program FilesPinnacleMediaServerMicrosoft SQL ServerMSSQL$PINNACLESYSBinnsqlagent.EXE -i PINNACLESYS []
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Спасибо!Здравствуйте, Валерий. Я потому и завел новую тему, что моя старая безвозвратно сползает ниже и ниже) и почему-то новые сообщения не меняют местоположение темы.Но дело не в этом, тем более у Вас все под контролем. Проблема в том, что продолжают произвольно появлятся в различных местах ярлыки svchost.exe и win.exe, хотя после последней проверки троянов значительно поуменьшилось, видимо главная проблема осталась, подскажите, что делать далее. Спасибо!
- Для ответа в этой теме необходимо авторизоваться.
