- This topic has 18 ответов, 3 участника, and was last updated 16 years, 4 months назад by
.
-
Сообщения
-
День добрый, закралась в комп эта прога, не позволяет излечить себя Малвере, блокирует вход в программу. Другие программы так же блокирует для запуска и не дает скачивать лекарства.
Что делать?Avenger выдает вот такое:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver «gxvxcserv.sys» found!
ImagePath: systemrootsystem32driversgxvxcoxoippfmqstnkmapyurvubpiudbeoeex.sys
Start Type: 1 (System)Rootkit scan completed.
Completed script processing.
*******************
Finished! Terminate.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Юрий at 2009-05-04 13:03:52
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 52 GB (22%) free of 238 GB
Total RAM: 2046 MB (69% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:54, on 04.05.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:WindowsRtHDVCpl.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesA4TechMouseAmoumain.exe
C:Program FilesESETnod32kui.exe
C:WindowsWindowsMobilewmdSync.exe
C:Program FilesJavajre6binjusched.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WindowsSystem32setup2.exe
C:Program FilesMedia KeyMagicKey.exe
C:Windowsehomeehmsas.exe
C:Program FilesMedia KeyOSD.exe
C:Программы установкиRSIT.exe
C:Program Filestrend microЮрий.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40488
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: FieryAds advertising module v1.5.0 — {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} — C:PROGRA~1FieryAdsFieryAds.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: MyCentria Internet Mate v2.0 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL (file missing)
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [WinSys2] C:Windowssystem32startup.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [Windows Mobile-based device management] %windir%WindowsMobilewmdSync.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [AGEIA PhysX SysTray] C:Program FilesAGEIA TechnologiesbinTrayIcon.exe
O4 — HKCU..Run: [msnmsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [QIP.Online] C:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..Run: [setup2.exe] C:Windowssystem32setup2.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: ubisoft register.lnk = C:Program FilesUbi SoftRegisterschedule.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Media Key.lnk = C:Program FilesMedia KeyMagicKey.exe
O8 — Extra context menu item: &Перевести с помощью ABBYY Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{E8385DD8-8390-46C1-9022-B8197E95470E}: NameServer = 85.255.112.79,85.255.112.213
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.112.79,85.255.112.213
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.112.79,85.255.112.213
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.112.79,85.255.112.213
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Windows DreamScene — {E31004D1-A431-41B8-826F-E902F9D95C81} — C:WindowsSystem32DreamScene.dll
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe—
End of file — 8279 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-06-26 308856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}]
FieryAds advertising module v1.5.0 — C:PROGRA~1FieryAdsFieryAds.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-03-09 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.0 — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-01-18 4349952]
«WinSys2″=C:Windowssystem32startup.exe [2007-10-30 57344]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2007-06-29 286720]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2005-12-07 30208]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-05-18 49152]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2006-12-14 258048]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-06-26 185896]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2007-02-10 241664]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2008-09-17 13580832]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2008-09-17 92704]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-12-20 949376]
«Windows Mobile-based device management»=C:WindowsWindowsMobilewmdSync.exe [2008-01-21 215552]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-03-09 148888][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-21 125952]
«AGEIA PhysX SysTray»=C:Program FilesAGEIA TechnologiesbinTrayIcon.exe []
«msnmsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe /background []
«QIP.Online»=C:Program FilesQIP.Onlineqiponline.exe auto_start []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-10 216520]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2009-03-17 203928]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-21 202240]
«setup2.exe»=C:Windowssystem32setup2.exe [2009-05-04 1097216][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdVantage]
C:Program FilesAdVantageAdVantage.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDog303]
C:WindowsVM303_STI.EXE [2006-01-24 61440][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2007-08-24 33648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
C:Program FilesWindows LiveMessengerMsnMsgr.Exe /background [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregXerox PanelMgr]
C:WindowsXeroxPanelMgrSSMMgr.exe [2007-03-22 524288]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Media Key.lnk — C:Program FilesMedia KeyMagicKey.exeC:UsersЮрийAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
ubisoft register.lnk — C:Program FilesUbi SoftRegisterschedule.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerSharedTaskScheduler]
Windows DreamScene — {E31004D1-A431-41B8-826F-E902F9D95C81} — C:WindowsSystem32DreamScene.dll [2007-07-20 233888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87d7b0a3-1fd5-11de-9861-001bb97660ba}]
shellAutoRuncommand — F:autorun.exe======List of files/folders created in the last 1 months======
2009-12-14 04:26:03 —-A—- C:Windows2591wormdz5.dll
2009-12-12 02:40:31 —-A—- C:Windowssystem32695csp5zare532.dll
2009-12-08 08:58:49 —-A—- C:Windowssystem3230895h5cktool2bz.exe
2009-12-05 02:17:16 —-A—- C:Windows3395hacktool7bfz.dll
2009-12-01 12:51:35 —-A—- C:Windowssystem3210e95tezl1107.dll
2009-11-28 08:32:18 —-A—- C:Windows16524s9yzfc.dll
2009-11-27 14:45:26 —-A—- C:Windowssystem3217552h9cktool1b5z.dll
2009-11-26 07:18:43 —-A—- C:Windowssystem3224095ow9loadez189.exe
2009-11-25 05:47:27 —-A—- C:Windowssystem323095spy63z.exe
2009-11-24 10:53:55 —-A—- C:Windows9ez4vir2755.exe
2009-11-22 15:20:35 —-A—- C:Windowssystem326641w5zm4a59.exe
2009-11-22 00:21:07 —-A—- C:Windowssystem322652t59eat17835z.exe
2009-11-21 13:46:25 —-A—- C:Windows6d3aztea531309.exe
2009-11-21 04:50:00 —-A—- C:Windows77f3spz5ar92680.exe
2009-11-14 10:32:16 —-A—- C:Windows7bddazdw5re3092.dll
2009-11-09 02:30:04 —-A—- C:Windows3zt59j5e4.exe
2009-11-01 04:56:20 —-A—- C:Windowssystem32765zvi9us56.exe
2009-10-25 15:06:30 —-A—- C:Windowssystem324d509hrzat15659.exe
2009-10-24 11:17:58 —-A—- C:Windows7c7c9ze5l826.dll
2009-10-15 11:34:28 —-A—- C:Windowssystem3221195worm535z.exe
2009-10-14 05:24:02 —-A—- C:Windows3zb5threa912129.exe
2009-10-12 09:25:41 —-A—- C:Windows4b0ddo9nzoad5r1101.exe
2009-10-06 03:47:42 —-A—- C:Windows2b15azdwa9e2215.exe
2009-09-28 03:04:12 —-A—- C:Windows1z188hacktoo915b5.exe
2009-09-24 04:57:26 —-A—- C:Windows2969znot-9-v5rus2d3.dll
2009-09-22 16:54:19 —-A—- C:Windows3a35bac9dzor84.dll
2009-09-21 10:16:33 —-A—- C:Windowssystem325z9athre5t24449.dll
2009-09-20 17:45:14 —-A—- C:Windows5c69spar5e37z.dll
2009-09-20 01:12:13 —-A—- C:Windowsz79cvir25689.exe
2009-09-19 06:24:46 —-A—- C:Windowssystem3269595pz449.exe
2009-09-16 17:35:52 —-A—- C:Windows7z96spars52040.dll
2009-09-15 23:12:16 —-A—- C:Windowssystem3214306not-a5zi9us241.dll
2009-09-10 15:30:16 —-A—- C:Windows8447spa5bot987z.exe
2009-09-10 14:52:29 —-A—- C:Windows48z6vi911825.exe
2009-09-08 20:55:04 —-A—- C:Windows1893zworm5a8.exe
2009-09-08 19:10:18 —-A—- C:Windowssystem3235aedownlozder9559.exe
2009-09-07 03:14:42 —-A—- C:Windows83795pambot981z.exe
2009-09-03 12:21:05 —-A—- C:Windows19915zpy5985.dll
2009-09-03 11:53:17 —-A—- C:Windowssystem324282tzi9f28905.exe
2009-08-26 02:24:32 —-A—- C:Windows1b25add9aze25.exe
2009-08-25 23:50:31 —-A—- C:Windows60fa9pywzre758.dll
2009-08-16 15:17:29 —-A—- C:Windowsz6029troj5045.dll
2009-08-12 05:37:35 —-A—- C:Windowssystem3227585not-59vzrus474.dll
2009-08-11 22:42:05 —-A—- C:Windowssystem3217092zr5j327.exe
2009-08-11 00:50:31 —-A—- C:Windows10502worm95z.exe
2009-08-09 16:06:45 —-A—- C:Windowssystem32224429ot-a-5irus199z.dll
2009-08-09 12:23:05 —-A—- C:Windows19254troz9a.dll
2009-08-06 12:16:22 —-A—- C:Windowssystem329zthreat15649.exe
2009-08-03 12:44:12 —-A—- C:Windows6290v5rus2d5z.exe
2009-08-01 15:05:27 —-A—- C:Windowssystem32cb7thzef2595.exe
2009-07-29 01:49:49 —-A—- C:Windows14497s5ambot59z.dll
2009-07-27 15:21:03 —-A—- C:Windowsz351spywar92875.exe
2009-07-27 12:38:18 —-A—- C:Windows2948thre5t229z4.exe
2009-07-20 12:41:49 —-A—- C:Windows496cthre5t131z4.dll
2009-07-19 23:30:02 —-A—- C:Windows115addware269z.exe
2009-07-17 00:05:56 —-A—- C:Windowssystem32935dowzloader1141.exe
2009-07-16 03:47:34 —-A—- C:Windowssystem3222536z95us4dc.dll
2009-07-09 01:18:48 —-A—- C:Windowssystem321592sparze1419.dll
2009-07-08 07:21:26 —-A—- C:Windowssystem32992avir2745z.dll
2009-07-07 17:52:22 —-A—- C:Windows1eecdownlo5dez1719.exe
2009-07-04 03:55:05 —-A—- C:Windowssystem3229ed9hre5t11049z.dll
2009-07-03 05:25:03 —-A—- C:Windowssystem327f9ftzie9595.dll
2009-06-29 03:48:34 —-A—- C:Windowssystem3219b0sparz52062.exe
2009-06-27 14:57:14 —-A—- C:Windows29427hac5tooz19a.dll
2009-06-27 02:16:58 —-A—- C:Windowssystem3295b5ackdooz25859.dll
2009-06-27 01:23:33 —-A—- C:Windowsfbfdo5z9oader1544.exe
2009-06-25 10:57:37 —-A—- C:Windowssystem324081n9t-a-virus5z05.exe
2009-06-13 23:26:58 —-A—- C:Windows64b49hiz51058.dll
2009-06-13 12:15:25 —-A—- C:Windows1536back5oor8z69.dll
2009-06-12 21:46:47 —-A—- C:Windows51292hacktozl6b1.exe
2009-06-11 08:57:07 —-A—- C:Windowssystem3235z209orm26.dll
2009-06-09 20:14:35 —-A—- C:Windowssystem32283695rojz59.dll
2009-06-09 11:12:20 —-A—- C:Windowssystem329bz05pyware1776.exe
2009-06-08 07:42:21 —-A—- C:Windows2z544spambot493.dll
2009-06-02 19:27:45 —-A—- C:Windowssystem3253bdspar9z1215.dll
2009-06-02 16:37:53 —-A—- C:Windowssystem329934h5cktool356z.exe
2009-05-21 10:19:51 —-A—- C:Windowssystem322a05sp5rse2z969.exe
2009-05-17 21:28:12 —-A—- C:Windows68z6s9y5bc.exe
2009-05-15 18:30:37 —-A—- C:Windows76b8stezl1590.exe
2009-05-12 12:37:06 —-A—- C:Windows267715acktool519z.exe
2009-05-04 12:49:59 —-A—- C:Windowsntbtlog.txt
2009-05-04 12:41:20 —-D—- C:rsit
2009-05-04 12:41:20 —-D—- C:Program Filestrend micro
2009-05-04 11:52:16 —-D—- C:Avenger
2009-05-04 11:22:15 —-D—- C:ProgramDataMalwarebytes
2009-05-04 11:22:15 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-04 09:57:06 —-A—- C:Windowszfe7spar5e969.exe
2009-05-04 09:57:06 —-A—- C:Windowsz9560virus95.dll
2009-05-04 09:57:06 —-A—- C:Windowsz5ecsparse1559.dll
2009-05-04 09:57:06 —-A—- C:Windowsz4b6steal259.dll
2009-05-04 09:57:06 —-A—- C:Windowsz345vi5us25a9.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem32espywar929z25.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem327522hacktz5l1b59.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem327470zot9a-vir5s73.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem327237zpa95e333.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem326a25s9z5l71.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem325638back9oo5z2.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem325402not-a-virusz94.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem324da9dzwnloa5er872.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem324d7cthizf859.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem32425ztroj1c9.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem32415az9ckdoor2395.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem323335szea51950.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3229822ha9kto5lz66.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3229755zirus3fb.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3225178z9y5a2.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem3223zbsparse2595.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem321c819azkdoor2511.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem32158aback9zor2658.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3215189aczdoor82.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem32149375zr9s6d8.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem321460zhac9tool385.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem3214355viruz479.dll
2009-05-04 09:57:06 —-A—- C:Windows9dd0spyware57z.exe
2009-05-04 09:57:06 —-A—- C:Windows6cz9th9ef5229.exe
2009-05-04 09:57:06 —-A—- C:Windows6015doznl9ader3239.dll
2009-05-04 09:57:06 —-A—- C:Windows5c32s9ywzre3051.exe
2009-05-04 09:57:06 —-A—- C:Windows4z30sp9ware2405.dll
2009-05-04 09:57:06 —-A—- C:Windows498bthzeat94195.dll
2009-05-04 09:57:06 —-A—- C:Windows489095azse3244.dll
2009-05-04 09:57:06 —-A—- C:Windows35d9zteal2571.exe
2009-05-04 09:57:06 —-A—- C:Windows35cc9ownzoad5r499.dll
2009-05-04 09:57:06 —-A—- C:Windows35827zp913f.dll
2009-05-04 09:57:06 —-A—- C:Windows25929t5ojz92.exe
2009-05-04 09:57:06 —-A—- C:Windows2168virus5z39.dll
2009-05-04 09:57:06 —-A—- C:Windows12198s5z38f.exe
2009-05-04 09:57:06 —-A—- C:Windows10zspa5se9929.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem32z4565wor9539.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem32z25asteal9137.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem32setup2.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem329z70backdo5r226.dll
2009-05-04 09:57:05 —-A—- C:Windowssystem326523vz9us52e.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem3252b5ba5kzoor974.dll
2009-05-04 09:57:05 —-A—- C:Windowssystem3236d695eal1z6.dll
2009-05-04 09:57:05 —-A—- C:Windowssystem321d0es5a9ze481.exe
2009-05-04 09:57:05 —-A—- C:Windows7z77b5ckdoor9919.exe
2009-05-04 09:57:05 —-A—- C:Windows799zspambo9795.dll
2009-05-04 09:57:05 —-A—- C:Windows690adownloader759z.exe
2009-05-04 09:57:05 —-A—- C:Windows39539v5rusz05.exe
2009-05-04 09:57:05 —-A—- C:Windows24145szy49.exe
2009-05-02 19:41:51 —-RHD—- C:UsersЮрийAppDataRoamingSecuROM
2009-05-02 19:40:34 —-D—- C:Windowssystem32AGEIA
2009-05-02 19:40:34 —-D—- C:Program FilesAGEIA Technologies
2009-05-02 19:40:27 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-05-02 19:08:52 —-D—- C:Program FilesSacred 2 — Fallen Angel
2009-05-02 08:56:05 —-A—- C:Windowssystem325cdspzwar95011.exe
2009-05-01 23:36:48 —-D—- C:Program FilesStardock
2009-04-27 13:21:15 —-D—- C:Program FilesQuickyPlaeyr
2009-04-25 14:25:55 —-A—- C:Windowssystem3235fdown5zader3930.dll
2009-04-25 09:53:14 —-A—- C:Windowssystem32zfcathr9a55601.exe
2009-04-25 00:28:43 —-D—- C:Program FilesCommon FilesSkype
2009-04-25 00:28:41 —-RD—- C:Program FilesSkype
2009-04-24 01:47:55 —-A—- C:WindowsSCUnin.exe
2009-04-24 01:47:18 —-D—- C:Program FilesStarcraft
2009-04-22 19:33:51 —-D—- C:UsersЮрийAppDataRoamingMy Games
2009-04-22 07:56:23 —-A—- C:Windowssystem32905z1spy5ca.dll
2009-04-18 20:51:13 —-D—- C:Program FilesAlien Shooter
2009-04-18 19:33:35 —-D—- C:Program FilesReflexiveArcade
2009-04-18 12:52:17 —-A—- C:Windows4241downloa5erz958.exe
2009-04-16 19:55:53 —-A—- C:Windowssystem324z98v5r9299.exe
2009-04-15 23:06:29 —-A—- C:Windowssystem32winhttp.dll
2009-04-15 23:06:26 —-A—- C:Windowssystem32xolehlp.dll
2009-04-15 23:06:26 —-A—- C:Windowssystem32msdtcprx.dll
2009-04-15 23:06:17 —-A—- C:Windowssystem32rpcss.dll
2009-04-15 23:06:17 —-A—- C:Windowssystem32ntkrnlpa.exe
2009-04-15 23:06:16 —-A—- C:Windowssystem32ntoskrnl.exe
2009-04-15 23:06:15 —-A—- C:Windowssystem32printfilterpipelinesvc.exe
2009-04-15 23:06:14 —-A—- C:Windowssystem32sdohlp.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32printfilterpipelineprxy.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32iasrecst.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32iashost.exe
2009-04-15 23:06:14 —-A—- C:Windowssystem32iasdatastore.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32iasads.dll
2009-04-15 23:06:10 —-A—- C:Windowssystem32lsasrv.dll
2009-04-15 23:06:10 —-A—- C:Windowssystem32kernel32.dll
2009-04-15 23:06:09 —-A—- C:Windowssystem32secur32.dll
2009-04-15 23:06:09 —-A—- C:Windowssystem32apilogen.dll
2009-04-15 23:06:09 —-A—- C:Windowssystem32amxread.dll
2009-04-15 23:06:03 —-A—- C:Windowssystem32mshtml.dll
2009-04-15 23:06:02 —-A—- C:Windowssystem32ieframe.dll
2009-04-15 23:06:01 —-A—- C:Windowssystem32urlmon.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32wininet.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32msfeeds.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32iertutil.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32iedkcs32.dll
2009-04-15 23:05:59 —-A—- C:Windowssystem32occache.dll
2009-04-15 23:05:59 —-A—- C:Windowssystem32ieaksie.dll
2009-04-15 23:05:58 —-A—- C:Windowssystem32ieUnatt.exe
2009-04-15 23:05:58 —-A—- C:Windowssystem32ieencode.dll
2009-04-15 23:05:57 —-A—- C:Windowssystem32mstime.dll
2009-04-15 23:05:56 —-A—- C:Windowssystem32jsproxy.dll
2009-04-14 03:48:47 —-A—- C:Windowssystem3219775s5azbot50c.dll
2009-04-11 06:30:18 —-A—- C:Windowssystem32z49fback5oor2574.dll
2009-04-10 23:11:25 —-D—- C:ProgramDataPOP3Profiles
2009-04-07 10:28:41 —-A—- C:Windowssystem3211z99spam5ot63.dll
2009-04-05 05:20:41 —-A—- C:Windows527bst9zl2638.dll
2009-04-05 02:34:06 —-A—- C:Windows11085spzm5ot935.exe======List of files/folders modified in the last 1 months======
2009-05-04 13:03:12 —-D—- C:WindowsTemp
2009-05-04 13:02:53 —-D—- C:WindowsSystem32
2009-05-04 13:02:53 —-D—- C:Windowsinf
2009-05-04 13:02:53 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-05-04 13:02:22 —-SHD—- C:System Volume Information
2009-05-04 12:59:31 —-D—- C:Program FilesMozilla Firefox
2009-05-04 12:49:59 —-D—- C:Windows
2009-05-04 12:44:16 —-D—- C:UsersЮрийAppDataRoamingSkype
2009-05-04 12:41:20 —-AD—- C:Program Files
2009-05-04 12:26:47 —-D—- C:Программы установки
2009-05-04 12:20:51 —-D—- C:Windowssystem32drivers
2009-05-04 12:19:08 —-D—- C:Program FilesPowerArchiver
2009-05-04 12:06:45 —-D—- C:UsersЮрийAppDataRoamingskypePM
2009-05-04 11:22:15 —-HD—- C:ProgramData
2009-05-04 11:20:07 —-D—- C:WindowsPrefetch
2009-05-04 10:38:30 —-D—- C:WindowsLogs
2009-05-04 10:11:07 —-SHD—- C:WindowsInstaller
2009-05-04 10:10:52 —-RSD—- C:Windowsassembly
2009-05-03 23:11:57 —-D—- C:UsersЮрийAppDataRoaminguTorrent
2009-05-03 09:25:03 —-D—- C:UsersЮрийAppDataRoamingICQ
2009-05-02 19:41:50 —-A—- C:Windowssystem32CmdLineExt.dll
2009-05-02 19:40:58 —-D—- C:Windowssystem32catroot
2009-05-02 19:40:27 —-D—- C:Program FilesCommon Files
2009-05-02 19:38:19 —-D—- C:Windowswinsxs
2009-05-02 19:38:12 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-05-02 10:21:51 —-D—- C:Program FilesFieryAds
2009-05-01 23:37:46 —-D—- C:WindowsMicrosoft.NET
2009-05-01 14:55:02 —-D—- C:Program FilesRising Force Online
2009-04-28 00:32:27 —-RSD—- C:WindowsFonts
2009-04-27 23:34:02 —-D—- C:Program FilesLineage II
2009-04-27 13:21:32 —-RSHD—- C:RECYCLER
2009-04-26 17:37:13 —-A—- C:WindowsNeroDigital.ini
2009-04-25 00:28:55 —-D—- C:Windowssystem32Tasks
2009-04-25 00:28:43 —-D—- C:ProgramDataSkype
2009-04-23 00:46:27 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-22 18:20:37 —-D—- C:Windowssystem32catroot2
2009-04-16 12:13:12 —-D—- C:Windowssystem32wbem
2009-04-16 12:13:12 —-D—- C:Program FilesWindows Mail
2009-04-16 12:13:09 —-D—- C:Windowssystem32manifeststore
2009-04-16 12:13:09 —-D—- C:WindowsAppPatch
2009-04-16 12:13:07 —-D—- C:Program FilesInternet Explorer
2009-04-16 03:04:23 —-D—- C:ProgramDataMicrosoft Help
2009-04-11 14:08:40 —-D—- C:Program FilesUbisoft
2009-04-08 21:34:37 —-D—- C:Program FilesCommon FilesYandex
2009-04-06 18:57:24 —-A—- C:Windowssystem32mrt.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:Windowssystem32DRIVERSAmfilter.sys [2007-01-24 8704]
R1 cdrbsdrv;cdrbsdrv; C:Windowssystem32driverscdrbsdrv.sys [2008-11-16 33408]
R1 CSC;Offline Files Driver; C:Windowssystem32driverscsc.sys [2008-01-21 350720]
R1 nod32drv;nod32drv; C:Windowssystem32driversnod32drv.sys [2008-12-20 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 AMON;AMON; C:Windowssystem32driversamon.sys [2008-12-20 512096]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2008-12-03 278728]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2008-12-03 25416]
R2 SSPORT;SSPORT; ??C:Windowssystem32DriversSSPORT.sys [2006-11-22 5120]
R3 FStarForce;FStarForce; C:Windowssystem32DRIVERSFStarForce.sys [2008-10-24 9216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-01-18 1729632]
R3 kbfiltr;Keyboard Filter; C:Windowssystem32DRIVERSKBFILTER.SYS [2002-07-11 12856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:Windowssystem32DRIVERSnvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2008-09-17 7379872]
S2 DgiVecp;DgiVecp; ??C:Windowssystem32DriversDgiVecp.sys [2006-06-11 41984]
S3 a83cujy6;a83cujy6; C:Windowssystem32driversa83cujy6.sys []
S3 ag0lq775;ag0lq775; C:Windowssystem32driversag0lq775.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:Windowssystem32DRIVERSAmusbprt.sys [2007-02-10 13824]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-03-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-02-11 79488]
S3 KMWDFilter;KMWDFilter; ??C:WindowsSystem32DriversKMWDFilter.SYS [2007-03-29 17024]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 npkcrypt;npkcrypt; ??C:Program FilesLineage2systemnpkcrypt.sys [2005-03-31 21442]
S3 NTACCESS;NTACCESS; ??D:NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 SetupNTGLM7X;SetupNTGLM7X; ??D:NTGLM7X.sys []
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys []
S3 winusb;WinUSB Service; C:Windowssystem32DRIVERSwinusb.sys [2008-01-21 31616]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S3 ZSMC303;VIMICRO USB PC Camera (VC0303); C:WindowsSystem32DriversusbVM303.sys [2006-02-23 391300]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2008-01-21 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%system32cscsvc.dll,-200; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-12-20 552064]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2008-09-17 196608]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%system32fxsresm.dll,-118; C:Windowssystem32fxssvc.exe [2008-01-21 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-05-30 572416]
S3 UmRdpService;@%SystemRoot%system32umrdp.dll,-1000; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 usprserv;User Privilege Service; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%system32wbengine.exe,-104; C:Windowssystem32wbengine.exe [2008-01-21 917504]
EOF
Вижу в систем тот самый файл setup2, который и есть этот вирус, он установился утром на комп и с этого начались все приключения
viewtopic.php?f=3&t=894 была ж тема….
Дело в том, что под каждый случай свой метод и делать все так же как у других нельзя, у меня установлена только сама штука сетапа этого, программа сама не установлена, почистить не получается доступными методами, описанными выше, а комбофикс без разрешения профессионала я запускать не буду, он может у меня убить все, к тому же у меня виста стоит
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon May 04 21:00:13 200921:00:13: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon May 04 21:01:18 200921:01:18: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Mon May 04 21:01:28 200921:01:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver «gxvxcserv.sys» found!
ImagePath: systemrootsystem32driversgxvxcoxoippfmqstnkmapyurvubpiudbeoeex.sys
Start Type: 1 (System)Rootkit scan completed.
Error: file «C:WINDOWSsystem32avp.exe» not found!
Deletion of file «C:WINDOWSsystem32avp.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32amvo.exe» not found!
Deletion of file «C:WINDOWSsystem32amvo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32kxvo.exe» not found!
Deletion of file «C:WINDOWSsystem32kxvo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32kavo.exe» not found!
Deletion of file «C:WINDOWSsystem32kavo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32tavo.exe» not found!
Deletion of file «C:WINDOWSsystem32tavo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32Bitkv0.dll» not found!
Deletion of file «c:windowssystem32Bitkv0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32Bitkv1.dll» not found!
Deletion of file «c:windowssystem32Bitkv1.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32kavo0.dll» not found!
Deletion of file «c:windowssystem32kavo0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32kavo1.dll» not found!
Deletion of file «c:windowssystem32kavo1.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32tavo0.dll» not found!
Deletion of file «c:windowssystem32tavo0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32tavo1.dll» not found!
Deletion of file «c:windowssystem32tavo1.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32SCVVHSOT.exe» not found!
Deletion of file «C:WINDOWSsystem32SCVVHSOT.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32TaskMonitor.exe» not found!
Deletion of file «C:WINDOWSsystem32TaskMonitor.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32RavMon.exe» not found!
Deletion of file «C:WINDOWSsystem32RavMon.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32realshade.exe» not found!
Deletion of file «C:WINDOWSsystem32realshade.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32cftmonn.exe» not found!
Deletion of file «C:WINDOWSsystem32cftmonn.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32wincab.sys» not found!
Deletion of file «C:WINDOWSsystem32wincab.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32ckvo.exe» not found!
Deletion of file «c:windowssystem32ckvo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32ckvo0.dll» not found!
Deletion of file «c:windowssystem32ckvo0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32gasretyw0.dll» not found!
Deletion of file «c:windowssystem32gasretyw0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32gasretyw1.dll» not found!
Deletion of file «c:windowssystem32gasretyw1.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32kamsoft.exe» not found!
Deletion of file «c:windowssystem32kamsoft.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32vbsdfe1.dll» not found!
Deletion of file «c:windowssystem32vbsdfe1.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32vbsdfe0.dll» not found!
Deletion of file «c:windowssystem32vbsdfe0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32vamsoft.exe» not found!
Deletion of file «c:windowssystem32vamsoft.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:WINDOWSsystem32revo.exe» not found!
Deletion of file «C:WINDOWSsystem32revo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32j3ewro.exe» not found!
Deletion of file «c:windowssystem32j3ewro.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:windowssystem32jwedsfdo0.dll» not found!
Deletion of file «c:windowssystem32jwedsfdo0.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: could not open file «c:resycledboot.com»
Deletion of file «c:resycledboot.com» failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
—> bad path / the parent directory does not existError: file «C:kjibu.com» not found!
Deletion of file «C:kjibu.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:6fnlpetp.exe» not found!
Deletion of file «C:6fnlpetp.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:rcukd.cmd» not found!
Deletion of file «C:rcukd.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:rqq2v.bat» not found!
Deletion of file «C:rqq2v.bat» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:t.com» not found!
Deletion of file «C:t.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:xp19.com» not found!
Deletion of file «C:xp19.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:x0.cmd» not found!
Deletion of file «C:x0.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:yg.cmd» not found!
Deletion of file «C:yg.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:ntde1ect.com» not found!
Deletion of file «C:ntde1ect.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: could not open file «C:tio8?6.cmd»
Deletion of file «C:tio8?6.cmd» failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
—> an object cannot have this nameError: file «C:d6fagcs8.cmd» not found!
Deletion of file «C:d6fagcs8.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:gbiehbsb.dll» not found!
Deletion of file «C:gbiehbsb.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: could not open file «C:tio8?6.cmd»
Deletion of file «C:tio8?6.cmd» failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
—> an object cannot have this nameError: file «C:fooool.exe» not found!
Deletion of file «C:fooool.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:8ng8w.com» not found!
Deletion of file «C:8ng8w.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:x.com» not found!
Deletion of file «C:x.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:xn1i9x.com» not found!
Deletion of file «C:xn1i9x.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:invwft2h.com» not found!
Deletion of file «c:invwft2h.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: could not open file «c:AutoRunAutoStart.exe»
Deletion of file «c:AutoRunAutoStart.exe» failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
—> bad path / the parent directory does not existError: could not open file «c:AutoRunautorun.pif»
Deletion of file «c:AutoRunautorun.pif» failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
—> bad path / the parent directory does not existError: file «c:ktnquo.exe» not found!
Deletion of file «c:ktnquo.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:NewVirusRemoval.vbs» not found!
Deletion of file «c:NewVirusRemoval.vbs» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:kinza.exe» not found!
Deletion of file «c:kinza.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:rs.cmd» not found!
Deletion of file «c:rs.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:yssjnngm.cmd» not found!
Deletion of file «c:yssjnngm.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:h3.bat» not found!
Deletion of file «c:h3.bat» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:6fnlpetp.exe» not found!
Deletion of file «c:6fnlpetp.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:boot.exe» not found!
Deletion of file «c:boot.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «C:6j2j.com» not found!
Deletion of file «C:6j2j.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:jbnlnu8.exe» not found!
Deletion of file «c:jbnlnu8.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:1q8p0y.com» not found!
Deletion of file «c:1q8p0y.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:2g.com» not found!
Deletion of file «c:2g.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:39ysi89.com» not found!
Deletion of file «c:39ysi89.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:3jkka91.com» not found!
Deletion of file «c:3jkka91.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:92j11sm.com» not found!
Deletion of file «c:92j11sm.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:a.exe» not found!
Deletion of file «c:a.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:cjrp8.com» not found!
Deletion of file «c:cjrp8.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:dp.exe» not found!
Deletion of file «c:dp.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:jg6w3yx.com» not found!
Deletion of file «c:jg6w3yx.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:ntnq.exe» not found!
Deletion of file «c:ntnq.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:nw0t1l0d.exe» not found!
Deletion of file «c:nw0t1l0d.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:q0rppr.exe» not found!
Deletion of file «c:q0rppr.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:tj8odymw.exe» not found!
Deletion of file «c:tj8odymw.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:uh31.exe» not found!
Deletion of file «c:uh31.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:vnkucvv.com» not found!
Deletion of file «c:vnkucvv.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:xpq63xl.exe» not found!
Deletion of file «c:xpq63xl.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:xwpehlv.com» not found!
Deletion of file «c:xwpehlv.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:fun.xls.exe» not found!
Deletion of file «c:fun.xls.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:iqe68o.bat» not found!
Deletion of file «c:iqe68o.bat» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: could not open file «c:AutoRunAutoStart.exe»
Deletion of file «c:AutoRunAutoStart.exe» failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
—> bad path / the parent directory does not existError: file «c:ampfrb.cmd» not found!
Deletion of file «c:ampfrb.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:hbs.exe» not found!
Deletion of file «c:hbs.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:yfog8p.exe» not found!
Deletion of file «c:yfog8p.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:as.bat» not found!
Deletion of file «c:as.bat» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:phwe.com» not found!
Deletion of file «c:phwe.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:o0s.cmd» not found!
Deletion of file «c:o0s.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:xa2c.exe» not found!
Deletion of file «c:xa2c.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:killVBS.vbs» not found!
Deletion of file «c:killVBS.vbs» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:uxdeiect.com» not found!
Deletion of file «c:uxdeiect.com» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:clshsy.cmd» not found!
Deletion of file «c:clshsy.cmd» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: file «c:awda2.exe» not found!
Deletion of file «c:awda2.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existFile «c:windowssystem32setup2.exe» deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Удалил файл setup2.exe прогой для насильного удаления, прописал в реестр насильно показывать скрытые файлы.
Не получается запустить все тот же маваре ввиду появления в начале работы компьютера длинного файла в реестре, дальше не знаю как уже действовать без помощи)setup2.exe это только малая толика того, что нужно удалить.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:
Drivers to delete:
gxvxcserv.sys
Files to delete:
%windir%system32driversgxvxcoxoippfmqstnkmapyurvubpiudbeoeex.sysКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, сохраните его на ваш рабочий стол.Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.Жду от вас:
— Avenger лог
— MBAM лог
— свежий RSIT лог (только log.txt)Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver «gxvxcserv.sys» found!
ImagePath: systemrootsystem32driversgxvxcoxoippfmqstnkmapyurvubpiudbeoeex.sys
Start Type: 4 (Disabled)Rootkit scan completed.
Driver «gxvxcserv.sys» deleted successfully.
File «C:Windowssystem32driversgxvxcoxoippfmqstnkmapyurvubpiudbeoeex.sys» deleted successfully.Completed script processing.
*******************
Finished! Terminate.
Malwarebytes’ Anti-Malware 1.36
Версия базы данных: 1945
Windows 6.0.6001 Service Pack 107.05.2009 1:47:10
mbam-log-2009-05-07 (01-46-52).txtТип проверки: Полная (C:|D:|)
Проверено объектов: 270575
Прошло времени: 2 hour(s), 7 minute(s), 27 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 1
Заражено параметров реестра: 6
Заражено папок: 1
Заражено файлов: 4Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
(Вредоносные программы не обнаружены)Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWinSys2 (Trojan.Agent) -> No action taken.Заражено параметров реестра:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersNameServer (Trojan.DNSChanger) -> Data: 85.255.112.79,85.255.112.213 -> No action taken.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{e8385dd8-8390-46c1-9022-b8197e95470e}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.79,85.255.112.213 -> No action taken.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersNameServer (Trojan.DNSChanger) -> Data: 85.255.112.79,85.255.112.213 -> No action taken.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{e8385dd8-8390-46c1-9022-b8197e95470e}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.79,85.255.112.213 -> No action taken.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersNameServer (Trojan.DNSChanger) -> Data: 85.255.112.79,85.255.112.213 -> No action taken.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{e8385dd8-8390-46c1-9022-b8197e95470e}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.79,85.255.112.213 -> No action taken.Заражено папок:
C:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.Заражено файлов:
D:videoCaesar 4rld-c4kg.exe (Spyware.OnlineGames) -> No action taken.
D:distributAll_Microsoft_XP_Programs_KeygenXPKey.exe (Trojan.Downloader) -> No action taken.
C:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini (Trojan.Agent) -> No action taken.
C:WindowsSystem32startup.exe (Trojan.Agent) -> No action taken.Logfile of random’s system information tool 1.06 (written by random/random)
Run by Юрий at 2009-05-07 02:03:47
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 48 GB (20%) free of 238 GB
Total RAM: 2046 MB (56% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:49, on 07.05.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:WindowsRtHDVCpl.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesA4TechMouseAmoumain.exe
C:WindowsSystem32rundll32.exe
C:WindowsWindowsMobilewmdSync.exe
C:Program FilesJavajre6binjusched.exe
C:Windowsehomeehtray.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesMedia KeyMagicKey.exe
C:Program FilesMedia KeyOSD.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersЮрийDesktopRSIT.exe
C:Program Filestrend microЮрий.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40488
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: FieryAds advertising module v1.5.0 — {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} — C:PROGRA~1FieryAdsFieryAds.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: MyCentria Internet Mate v2.0 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL (file missing)
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [Windows Mobile-based device management] %windir%WindowsMobilewmdSync.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [WinPatrol Russian v.2] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [AGEIA PhysX SysTray] C:Program FilesAGEIA TechnologiesbinTrayIcon.exe
O4 — HKCU..Run: [msnmsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [QIP.Online] C:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: ubisoft register.lnk = C:Program FilesUbi SoftRegisterschedule.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Media Key.lnk = C:Program FilesMedia KeyMagicKey.exe
O8 — Extra context menu item: &Перевести с помощью ABBYY Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Windows DreamScene — {E31004D1-A431-41B8-826F-E902F9D95C81} — C:WindowsSystem32DreamScene.dll
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe—
End of file — 7794 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-06-26 308856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}]
FieryAds advertising module v1.5.0 — C:PROGRA~1FieryAdsFieryAds.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-03-09 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.0 — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-01-18 4349952]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2007-06-29 286720]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2005-12-07 30208]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-05-18 49152]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2006-12-14 258048]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-06-26 185896]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2007-02-10 241664]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2008-09-17 13580832]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2008-09-17 92704]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-12-20 949376]
«Windows Mobile-based device management»=C:WindowsWindowsMobilewmdSync.exe [2008-01-21 215552]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-03-09 148888]
«WinPatrol Russian v.2″=C:Program FilesBillP StudiosWinPatrolwinpatrol.exe [2007-08-06 292152][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-21 125952]
«AGEIA PhysX SysTray»=C:Program FilesAGEIA TechnologiesbinTrayIcon.exe []
«msnmsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe /background []
«QIP.Online»=C:Program FilesQIP.Onlineqiponline.exe auto_start []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-10 216520]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2009-03-17 203928]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-21 202240][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdVantage]
C:Program FilesAdVantageAdVantage.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDog303]
C:WindowsVM303_STI.EXE [2006-01-24 61440][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2007-08-24 33648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
C:Program FilesWindows LiveMessengerMsnMsgr.Exe /background [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregXerox PanelMgr]
C:WindowsXeroxPanelMgrSSMMgr.exe [2007-03-22 524288]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Media Key.lnk — C:Program FilesMedia KeyMagicKey.exeC:UsersЮрийAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
ubisoft register.lnk — C:Program FilesUbi SoftRegisterschedule.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerSharedTaskScheduler]
Windows DreamScene — {E31004D1-A431-41B8-826F-E902F9D95C81} — C:WindowsSystem32DreamScene.dll [2007-07-20 233888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87d7b0a3-1fd5-11de-9861-001bb97660ba}]
shellAutoRuncommand — F:autorun.exe======List of files/folders created in the last 1 months======
2009-12-14 04:26:03 —-A—- C:Windows2591wormdz5.dll
2009-12-12 02:40:31 —-A—- C:Windowssystem32695csp5zare532.dll
2009-12-08 08:58:49 —-A—- C:Windowssystem3230895h5cktool2bz.exe
2009-12-05 02:17:16 —-A—- C:Windows3395hacktool7bfz.dll
2009-12-01 12:51:35 —-A—- C:Windowssystem3210e95tezl1107.dll
2009-11-28 08:32:18 —-A—- C:Windows16524s9yzfc.dll
2009-11-27 14:45:26 —-A—- C:Windowssystem3217552h9cktool1b5z.dll
2009-11-26 07:18:43 —-A—- C:Windowssystem3224095ow9loadez189.exe
2009-11-25 05:47:27 —-A—- C:Windowssystem323095spy63z.exe
2009-11-24 10:53:55 —-A—- C:Windows9ez4vir2755.exe
2009-11-22 15:20:35 —-A—- C:Windowssystem326641w5zm4a59.exe
2009-11-22 00:21:07 —-A—- C:Windowssystem322652t59eat17835z.exe
2009-11-21 13:46:25 —-A—- C:Windows6d3aztea531309.exe
2009-11-21 04:50:00 —-A—- C:Windows77f3spz5ar92680.exe
2009-11-14 10:32:16 —-A—- C:Windows7bddazdw5re3092.dll
2009-11-09 02:30:04 —-A—- C:Windows3zt59j5e4.exe
2009-11-01 04:56:20 —-A—- C:Windowssystem32765zvi9us56.exe
2009-10-25 15:06:30 —-A—- C:Windowssystem324d509hrzat15659.exe
2009-10-24 11:17:58 —-A—- C:Windows7c7c9ze5l826.dll
2009-10-15 11:34:28 —-A—- C:Windowssystem3221195worm535z.exe
2009-10-14 05:24:02 —-A—- C:Windows3zb5threa912129.exe
2009-10-12 09:25:41 —-A—- C:Windows4b0ddo9nzoad5r1101.exe
2009-10-06 03:47:42 —-A—- C:Windows2b15azdwa9e2215.exe
2009-09-28 03:04:12 —-A—- C:Windows1z188hacktoo915b5.exe
2009-09-24 04:57:26 —-A—- C:Windows2969znot-9-v5rus2d3.dll
2009-09-22 16:54:19 —-A—- C:Windows3a35bac9dzor84.dll
2009-09-21 10:16:33 —-A—- C:Windowssystem325z9athre5t24449.dll
2009-09-20 17:45:14 —-A—- C:Windows5c69spar5e37z.dll
2009-09-20 01:12:13 —-A—- C:Windowsz79cvir25689.exe
2009-09-19 06:24:46 —-A—- C:Windowssystem3269595pz449.exe
2009-09-16 17:35:52 —-A—- C:Windows7z96spars52040.dll
2009-09-15 23:12:16 —-A—- C:Windowssystem3214306not-a5zi9us241.dll
2009-09-10 15:30:16 —-A—- C:Windows8447spa5bot987z.exe
2009-09-10 14:52:29 —-A—- C:Windows48z6vi911825.exe
2009-09-08 20:55:04 —-A—- C:Windows1893zworm5a8.exe
2009-09-08 19:10:18 —-A—- C:Windowssystem3235aedownlozder9559.exe
2009-09-07 03:14:42 —-A—- C:Windows83795pambot981z.exe
2009-09-03 12:21:05 —-A—- C:Windows19915zpy5985.dll
2009-09-03 11:53:17 —-A—- C:Windowssystem324282tzi9f28905.exe
2009-08-26 02:24:32 —-A—- C:Windows1b25add9aze25.exe
2009-08-25 23:50:31 —-A—- C:Windows60fa9pywzre758.dll
2009-08-16 15:17:29 —-A—- C:Windowsz6029troj5045.dll
2009-08-12 05:37:35 —-A—- C:Windowssystem3227585not-59vzrus474.dll
2009-08-11 22:42:05 —-A—- C:Windowssystem3217092zr5j327.exe
2009-08-11 00:50:31 —-A—- C:Windows10502worm95z.exe
2009-08-09 16:06:45 —-A—- C:Windowssystem32224429ot-a-5irus199z.dll
2009-08-09 12:23:05 —-A—- C:Windows19254troz9a.dll
2009-08-06 12:16:22 —-A—- C:Windowssystem329zthreat15649.exe
2009-08-03 12:44:12 —-A—- C:Windows6290v5rus2d5z.exe
2009-08-01 15:05:27 —-A—- C:Windowssystem32cb7thzef2595.exe
2009-07-29 01:49:49 —-A—- C:Windows14497s5ambot59z.dll
2009-07-27 15:21:03 —-A—- C:Windowsz351spywar92875.exe
2009-07-27 12:38:18 —-A—- C:Windows2948thre5t229z4.exe
2009-07-20 12:41:49 —-A—- C:Windows496cthre5t131z4.dll
2009-07-19 23:30:02 —-A—- C:Windows115addware269z.exe
2009-07-17 00:05:56 —-A—- C:Windowssystem32935dowzloader1141.exe
2009-07-16 03:47:34 —-A—- C:Windowssystem3222536z95us4dc.dll
2009-07-09 01:18:48 —-A—- C:Windowssystem321592sparze1419.dll
2009-07-08 07:21:26 —-A—- C:Windowssystem32992avir2745z.dll
2009-07-07 17:52:22 —-A—- C:Windows1eecdownlo5dez1719.exe
2009-07-04 03:55:05 —-A—- C:Windowssystem3229ed9hre5t11049z.dll
2009-07-03 05:25:03 —-A—- C:Windowssystem327f9ftzie9595.dll
2009-06-29 03:48:34 —-A—- C:Windowssystem3219b0sparz52062.exe
2009-06-27 14:57:14 —-A—- C:Windows29427hac5tooz19a.dll
2009-06-27 02:16:58 —-A—- C:Windowssystem3295b5ackdooz25859.dll
2009-06-27 01:23:33 —-A—- C:Windowsfbfdo5z9oader1544.exe
2009-06-25 10:57:37 —-A—- C:Windowssystem324081n9t-a-virus5z05.exe
2009-06-13 23:26:58 —-A—- C:Windows64b49hiz51058.dll
2009-06-13 12:15:25 —-A—- C:Windows1536back5oor8z69.dll
2009-06-12 21:46:47 —-A—- C:Windows51292hacktozl6b1.exe
2009-06-11 08:57:07 —-A—- C:Windowssystem3235z209orm26.dll
2009-06-09 20:14:35 —-A—- C:Windowssystem32283695rojz59.dll
2009-06-09 11:12:20 —-A—- C:Windowssystem329bz05pyware1776.exe
2009-06-08 07:42:21 —-A—- C:Windows2z544spambot493.dll
2009-06-02 19:27:45 —-A—- C:Windowssystem3253bdspar9z1215.dll
2009-06-02 16:37:53 —-A—- C:Windowssystem329934h5cktool356z.exe
2009-05-21 10:19:51 —-A—- C:Windowssystem322a05sp5rse2z969.exe
2009-05-17 21:28:12 —-A—- C:Windows68z6s9y5bc.exe
2009-05-15 18:30:37 —-A—- C:Windows76b8stezl1590.exe
2009-05-12 12:37:06 —-A—- C:Windows267715acktool519z.exe
2009-05-07 02:01:09 —-D—- C:rsit
2009-05-06 23:38:47 —-D—- C:UsersЮрийAppDataRoamingMalwarebytes
2009-05-04 22:20:10 —-D—- C:WindowsERDNT
2009-05-04 21:55:05 —-D—- C:UsersЮрийAppDataRoamingWinPatrol
2009-05-04 21:54:58 —-D—- C:Program FilesBillP Studios
2009-05-04 12:49:59 —-A—- C:Windowsntbtlog.txt
2009-05-04 12:41:20 —-D—- C:Program Filestrend micro
2009-05-04 11:22:15 —-D—- C:ProgramDataMalwarebytes
2009-05-04 11:22:15 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-04 09:57:06 —-A—- C:Windowszfe7spar5e969.exe
2009-05-04 09:57:06 —-A—- C:Windowsz9560virus95.dll
2009-05-04 09:57:06 —-A—- C:Windowsz5ecsparse1559.dll
2009-05-04 09:57:06 —-A—- C:Windowsz4b6steal259.dll
2009-05-04 09:57:06 —-A—- C:Windowsz345vi5us25a9.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem32espywar929z25.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem327522hacktz5l1b59.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem327470zot9a-vir5s73.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem327237zpa95e333.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem326a25s9z5l71.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem325638back9oo5z2.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem325402not-a-virusz94.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem324da9dzwnloa5er872.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem324d7cthizf859.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem32425ztroj1c9.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem32415az9ckdoor2395.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem323335szea51950.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3229822ha9kto5lz66.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3229755zirus3fb.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3225178z9y5a2.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem3223zbsparse2595.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem321c819azkdoor2511.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem32158aback9zor2658.dll
2009-05-04 09:57:06 —-A—- C:Windowssystem3215189aczdoor82.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem32149375zr9s6d8.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem321460zhac9tool385.exe
2009-05-04 09:57:06 —-A—- C:Windowssystem3214355viruz479.dll
2009-05-04 09:57:06 —-A—- C:Windows9dd0spyware57z.exe
2009-05-04 09:57:06 —-A—- C:Windows6cz9th9ef5229.exe
2009-05-04 09:57:06 —-A—- C:Windows6015doznl9ader3239.dll
2009-05-04 09:57:06 —-A—- C:Windows5c32s9ywzre3051.exe
2009-05-04 09:57:06 —-A—- C:Windows4z30sp9ware2405.dll
2009-05-04 09:57:06 —-A—- C:Windows498bthzeat94195.dll
2009-05-04 09:57:06 —-A—- C:Windows489095azse3244.dll
2009-05-04 09:57:06 —-A—- C:Windows35d9zteal2571.exe
2009-05-04 09:57:06 —-A—- C:Windows35cc9ownzoad5r499.dll
2009-05-04 09:57:06 —-A—- C:Windows35827zp913f.dll
2009-05-04 09:57:06 —-A—- C:Windows25929t5ojz92.exe
2009-05-04 09:57:06 —-A—- C:Windows2168virus5z39.dll
2009-05-04 09:57:06 —-A—- C:Windows12198s5z38f.exe
2009-05-04 09:57:06 —-A—- C:Windows10zspa5se9929.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem32z4565wor9539.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem32z25asteal9137.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem329z70backdo5r226.dll
2009-05-04 09:57:05 —-A—- C:Windowssystem326523vz9us52e.exe
2009-05-04 09:57:05 —-A—- C:Windowssystem3252b5ba5kzoor974.dll
2009-05-04 09:57:05 —-A—- C:Windowssystem3236d695eal1z6.dll
2009-05-04 09:57:05 —-A—- C:Windowssystem321d0es5a9ze481.exe
2009-05-04 09:57:05 —-A—- C:Windows7z77b5ckdoor9919.exe
2009-05-04 09:57:05 —-A—- C:Windows799zspambo9795.dll
2009-05-04 09:57:05 —-A—- C:Windows690adownloader759z.exe
2009-05-04 09:57:05 —-A—- C:Windows39539v5rusz05.exe
2009-05-04 09:57:05 —-A—- C:Windows24145szy49.exe
2009-05-02 19:41:51 —-RHD—- C:UsersЮрийAppDataRoamingSecuROM
2009-05-02 19:40:34 —-D—- C:Windowssystem32AGEIA
2009-05-02 19:40:34 —-D—- C:Program FilesAGEIA Technologies
2009-05-02 19:40:27 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-05-02 19:08:52 —-D—- C:Program FilesSacred 2 — Fallen Angel
2009-05-02 08:56:05 —-A—- C:Windowssystem325cdspzwar95011.exe
2009-05-01 23:36:48 —-D—- C:Program FilesStardock
2009-04-27 13:21:15 —-D—- C:Program FilesQuickyPlaeyr
2009-04-25 14:25:55 —-A—- C:Windowssystem3235fdown5zader3930.dll
2009-04-25 09:53:14 —-A—- C:Windowssystem32zfcathr9a55601.exe
2009-04-25 00:28:43 —-D—- C:Program FilesCommon FilesSkype
2009-04-25 00:28:41 —-RD—- C:Program FilesSkype
2009-04-24 01:47:55 —-A—- C:WindowsSCUnin.exe
2009-04-24 01:47:18 —-D—- C:Program FilesStarcraft
2009-04-22 19:33:51 —-D—- C:UsersЮрийAppDataRoamingMy Games
2009-04-22 07:56:23 —-A—- C:Windowssystem32905z1spy5ca.dll
2009-04-18 20:51:13 —-D—- C:Program FilesAlien Shooter
2009-04-18 19:33:35 —-D—- C:Program FilesReflexiveArcade
2009-04-18 12:52:17 —-A—- C:Windows4241downloa5erz958.exe
2009-04-16 19:55:53 —-A—- C:Windowssystem324z98v5r9299.exe
2009-04-15 23:06:29 —-A—- C:Windowssystem32winhttp.dll
2009-04-15 23:06:26 —-A—- C:Windowssystem32xolehlp.dll
2009-04-15 23:06:26 —-A—- C:Windowssystem32msdtcprx.dll
2009-04-15 23:06:17 —-A—- C:Windowssystem32rpcss.dll
2009-04-15 23:06:17 —-A—- C:Windowssystem32ntkrnlpa.exe
2009-04-15 23:06:16 —-A—- C:Windowssystem32ntoskrnl.exe
2009-04-15 23:06:15 —-A—- C:Windowssystem32printfilterpipelinesvc.exe
2009-04-15 23:06:14 —-A—- C:Windowssystem32sdohlp.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32printfilterpipelineprxy.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32iasrecst.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32iashost.exe
2009-04-15 23:06:14 —-A—- C:Windowssystem32iasdatastore.dll
2009-04-15 23:06:14 —-A—- C:Windowssystem32iasads.dll
2009-04-15 23:06:10 —-A—- C:Windowssystem32lsasrv.dll
2009-04-15 23:06:10 —-A—- C:Windowssystem32kernel32.dll
2009-04-15 23:06:09 —-A—- C:Windowssystem32secur32.dll
2009-04-15 23:06:09 —-A—- C:Windowssystem32apilogen.dll
2009-04-15 23:06:09 —-A—- C:Windowssystem32amxread.dll
2009-04-15 23:06:03 —-A—- C:Windowssystem32mshtml.dll
2009-04-15 23:06:02 —-A—- C:Windowssystem32ieframe.dll
2009-04-15 23:06:01 —-A—- C:Windowssystem32urlmon.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32wininet.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32msfeeds.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32iertutil.dll
2009-04-15 23:06:00 —-A—- C:Windowssystem32iedkcs32.dll
2009-04-15 23:05:59 —-A—- C:Windowssystem32occache.dll
2009-04-15 23:05:59 —-A—- C:Windowssystem32ieaksie.dll
2009-04-15 23:05:58 —-A—- C:Windowssystem32ieUnatt.exe
2009-04-15 23:05:58 —-A—- C:Windowssystem32ieencode.dll
2009-04-15 23:05:57 —-A—- C:Windowssystem32mstime.dll
2009-04-15 23:05:56 —-A—- C:Windowssystem32jsproxy.dll
2009-04-14 03:48:47 —-A—- C:Windowssystem3219775s5azbot50c.dll
2009-04-11 06:30:18 —-A—- C:Windowssystem32z49fback5oor2574.dll
2009-04-10 23:11:25 —-D—- C:ProgramDataPOP3Profiles======List of files/folders modified in the last 1 months======
2009-05-07 02:03:48 —-D—- C:WindowsTemp
2009-05-07 02:02:28 —-D—- C:WindowsPrefetch
2009-05-07 02:01:09 —-D—- C:WindowsSystem32
2009-05-07 02:01:08 —-D—- C:Windowsinf
2009-05-07 02:01:08 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-05-07 01:57:15 —-D—- C:Program FilesMozilla Firefox
2009-05-07 01:55:42 —-AD—- C:Program Files
2009-05-07 01:53:49 —-HD—- C:ProgramData
2009-05-07 01:53:12 —-SHD—- C:System Volume Information
2009-05-07 01:50:33 —-D—- C:Windowssystem32drivers
2009-05-07 01:48:47 —-RSHD—- C:RECYCLER
2009-05-06 23:30:48 —-D—- C:UsersЮрийAppDataRoamingSkype
2009-05-06 23:30:03 —-D—- C:Program FilesPowerArchiver
2009-05-06 23:29:43 —-D—- C:UsersЮрийAppDataRoaminguTorrent
2009-05-06 21:29:00 —-D—- C:UsersЮрийAppDataRoamingskypePM
2009-05-06 19:27:55 —-D—- C:Program FilesRising Force Online
2009-05-05 16:56:53 —-HD—- C:Windowssystem32GroupPolicy
2009-05-04 22:25:00 —-D—- C:Программы установки
2009-05-04 22:20:10 —-D—- C:Windows
2009-05-04 21:39:46 —-D—- C:Windowssystem32catroot2
2009-05-04 21:21:56 —-RD—- C:Users
2009-05-04 20:35:46 —-D—- C:Windowssystem32Tools
2009-05-04 18:51:06 —-SHD—- C:WindowsInstaller
2009-05-04 18:51:05 —-D—- C:Windowswinsxs
2009-05-04 10:38:30 —-D—- C:WindowsLogs
2009-05-04 10:10:52 —-RSD—- C:Windowsassembly
2009-05-03 09:25:03 —-D—- C:UsersЮрийAppDataRoamingICQ
2009-05-02 19:41:50 —-A—- C:Windowssystem32CmdLineExt.dll
2009-05-02 19:40:58 —-D—- C:Windowssystem32catroot
2009-05-02 19:40:27 —-D—- C:Program FilesCommon Files
2009-05-02 19:38:12 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-05-02 10:21:51 —-D—- C:Program FilesFieryAds
2009-05-01 23:37:46 —-D—- C:WindowsMicrosoft.NET
2009-04-28 00:32:27 —-RSD—- C:WindowsFonts
2009-04-27 23:34:02 —-D—- C:Program FilesLineage II
2009-04-26 17:37:13 —-A—- C:WindowsNeroDigital.ini
2009-04-25 00:28:55 —-D—- C:Windowssystem32Tasks
2009-04-25 00:28:43 —-D—- C:ProgramDataSkype
2009-04-23 00:46:27 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-16 12:13:12 —-D—- C:Windowssystem32wbem
2009-04-16 12:13:12 —-D—- C:Program FilesWindows Mail
2009-04-16 12:13:09 —-D—- C:Windowssystem32manifeststore
2009-04-16 12:13:09 —-D—- C:WindowsAppPatch
2009-04-16 12:13:07 —-D—- C:Program FilesInternet Explorer
2009-04-16 03:04:23 —-D—- C:ProgramDataMicrosoft Help
2009-04-11 14:08:40 —-D—- C:Program FilesUbisoft
2009-04-08 21:34:37 —-D—- C:Program FilesCommon FilesYandex======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:Windowssystem32DRIVERSAmfilter.sys [2007-01-24 8704]
R1 cdrbsdrv;cdrbsdrv; C:Windowssystem32driverscdrbsdrv.sys [2008-11-16 33408]
R1 CSC;Offline Files Driver; C:Windowssystem32driverscsc.sys [2008-01-21 350720]
R1 nod32drv;nod32drv; C:Windowssystem32driversnod32drv.sys [2008-12-20 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 AMON;AMON; C:Windowssystem32driversamon.sys [2008-12-20 512096]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2008-12-03 278728]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2008-12-03 25416]
R2 SSPORT;SSPORT; ??C:Windowssystem32DriversSSPORT.sys [2006-11-22 5120]
R3 FStarForce;FStarForce; C:Windowssystem32DRIVERSFStarForce.sys [2008-10-24 9216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-01-18 1729632]
R3 kbfiltr;Keyboard Filter; C:Windowssystem32DRIVERSKBFILTER.SYS [2002-07-11 12856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:Windowssystem32DRIVERSnvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2008-09-17 7379872]
S2 DgiVecp;DgiVecp; ??C:Windowssystem32DriversDgiVecp.sys [2006-06-11 41984]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:Windowssystem32DRIVERSAmusbprt.sys [2007-02-10 13824]
S3 avx5cwfi;avx5cwfi; C:Windowssystem32driversavx5cwfi.sys []
S3 azddj1lw;azddj1lw; C:Windowssystem32driversazddj1lw.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-03-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-02-11 79488]
S3 KMWDFilter;KMWDFilter; ??C:WindowsSystem32DriversKMWDFilter.SYS [2007-03-29 17024]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 npkcrypt;npkcrypt; ??C:Program FilesLineage2systemnpkcrypt.sys [2005-03-31 21442]
S3 NTACCESS;NTACCESS; ??D:NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 SetupNTGLM7X;SetupNTGLM7X; ??D:NTGLM7X.sys []
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys []
S3 winusb;WinUSB Service; C:Windowssystem32DRIVERSwinusb.sys [2008-01-21 31616]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S3 ZSMC303;VIMICRO USB PC Camera (VC0303); C:WindowsSystem32DriversusbVM303.sys [2006-02-23 391300]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2008-01-21 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%system32cscsvc.dll,-200; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-12-20 552064]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2008-09-17 196608]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%system32fxsresm.dll,-118; C:Windowssystem32fxssvc.exe [2008-01-21 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-05-30 572416]
S3 UmRdpService;@%SystemRoot%system32umrdp.dll,-1000; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 usprserv;User Privilege Service; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%system32wbengine.exe,-104; C:Windowssystem32wbengine.exe [2008-01-21 917504]
EOF
Вроде ничего нового вредоносного не заметил, читая логи, комп снова стал летать, начал закрываться нормально в спящий режим, новых троянов малваре не обнаруживает
Нужно ещё немного подчистить.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:
Drivers to delete:
avx5cwfi
azddj1lw
usprserv
Registry keys to delete:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}
Files to delete:
C:Windows2591wormdz5.dll
C:Windowssystem32695csp5zare532.dll
C:Windowssystem3230895h5cktool2bz.exe
C:Windows3395hacktool7bfz.dll
C:Windowssystem3210e95tezl1107.dll
C:Windows16524s9yzfc.dll
C:Windowssystem3217552h9cktool1b5z.dll
C:Windowssystem3224095ow9loadez189.exe
C:Windowssystem323095spy63z.exe
C:Windows9ez4vir2755.exe
C:Windowssystem326641w5zm4a59.exe
C:Windowssystem322652t59eat17835z.exe
C:Windows6d3aztea531309.exe
C:Windows77f3spz5ar92680.exe
C:Windows7bddazdw5re3092.dll
C:Windows3zt59j5e4.exe
C:Windowssystem32765zvi9us56.exe
C:Windowssystem324d509hrzat15659.exe
C:Windows7c7c9ze5l826.dll
C:Windowssystem3221195worm535z.exe
C:Windows3zb5threa912129.exe
C:Windows4b0ddo9nzoad5r1101.exe
C:Windows2b15azdwa9e2215.exe
C:Windows1z188hacktoo915b5.exe
C:Windows2969znot-9-v5rus2d3.dll
C:Windows3a35bac9dzor84.dll
C:Windowssystem325z9athre5t24449.dll
C:Windows5c69spar5e37z.dll
C:Windowsz79cvir25689.exe
C:Windowssystem3269595pz449.exe
C:Windows7z96spars52040.dll
C:Windowssystem3214306not-a5zi9us241.dll
C:Windows8447spa5bot987z.exe
C:Windows48z6vi911825.exe
C:Windows1893zworm5a8.exe
C:Windowssystem3235aedownlozder9559.exe
C:Windows83795pambot981z.exe
C:Windows19915zpy5985.dll
C:Windowssystem324282tzi9f28905.exe
C:Windows1b25add9aze25.exe
C:Windows60fa9pywzre758.dll
C:Windowsz6029troj5045.dll
C:Windowssystem3227585not-59vzrus474.dll
C:Windowssystem3217092zr5j327.exe
C:Windows10502worm95z.exe
C:Windowssystem32224429ot-a-5irus199z.dll
C:Windows19254troz9a.dll
C:Windowssystem329zthreat15649.exe
C:Windows6290v5rus2d5z.exe
C:Windowssystem32cb7thzef2595.exe
C:Windows14497s5ambot59z.dll
C:Windowsz351spywar92875.exe
C:Windows2948thre5t229z4.exe
C:Windows496cthre5t131z4.dll
C:Windows115addware269z.exe
C:Windowssystem32935dowzloader1141.exe
C:Windowssystem3222536z95us4dc.dll
C:Windowssystem321592sparze1419.dll
C:Windowssystem32992avir2745z.dll
C:Windows1eecdownlo5dez1719.exe
C:Windowssystem3229ed9hre5t11049z.dll
C:Windowssystem327f9ftzie9595.dll
C:Windowssystem3219b0sparz52062.exe
C:Windows29427hac5tooz19a.dll
C:Windowssystem3295b5ackdooz25859.dll
C:Windowsfbfdo5z9oader1544.exe
C:Windowssystem324081n9t-a-virus5z05.exe
C:Windows64b49hiz51058.dll
C:Windows1536back5oor8z69.dll
C:Windows51292hacktozl6b1.exe
C:Windowssystem3235z209orm26.dll
C:Windowssystem32283695rojz59.dll
C:Windowssystem329bz05pyware1776.exe
C:Windows2z544spambot493.dll
C:Windowssystem3253bdspar9z1215.dll
C:Windowssystem329934h5cktool356z.exe
C:Windowssystem322a05sp5rse2z969.exe
C:Windows68z6s9y5bc.exe
C:Windows76b8stezl1590.exe
C:Windows267715acktool519z.exe
C:Windowszfe7spar5e969.exe
C:Windowsz9560virus95.dll
C:Windowsz5ecsparse1559.dll
C:Windowsz4b6steal259.dll
C:Windowsz345vi5us25a9.exe
C:Windowssystem32espywar929z25.exe
C:Windowssystem327522hacktz5l1b59.dll
C:Windowssystem327470zot9a-vir5s73.exe
C:Windowssystem327237zpa95e333.exe
C:Windowssystem326a25s9z5l71.exe
C:Windowssystem325638back9oo5z2.dll
C:Windowssystem325402not-a-virusz94.exe
C:Windowssystem324da9dzwnloa5er872.exe
C:Windowssystem324d7cthizf859.dll
C:Windowssystem32425ztroj1c9.exe
C:Windowssystem32415az9ckdoor2395.dll
C:Windowssystem323335szea51950.dll
C:Windowssystem3229822ha9kto5lz66.dll
C:Windowssystem3229755zirus3fb.dll
C:Windowssystem3225178z9y5a2.exe
C:Windowssystem3223zbsparse2595.exe
C:Windowssystem321c819azkdoor2511.dll
C:Windowssystem32158aback9zor2658.dll
C:Windowssystem3215189aczdoor82.exe
C:Windowssystem32149375zr9s6d8.exe
C:Windowssystem321460zhac9tool385.exe
C:Windowssystem3214355viruz479.dll
C:Windows9dd0spyware57z.exe
C:Windows6cz9th9ef5229.exe
C:Windows6015doznl9ader3239.dll
C:Windows5c32s9ywzre3051.exe
C:Windows4z30sp9ware2405.dll
C:Windows498bthzeat94195.dll
C:Windows489095azse3244.dll
C:Windows35d9zteal2571.exe
C:Windows35cc9ownzoad5r499.dll
C:Windows35827zp913f.dll
C:Windows25929t5ojz92.exe
C:Windows2168virus5z39.dll
C:Windows12198s5z38f.exe
C:Windows10zspa5se9929.exe
C:Windowssystem32z4565wor9539.exe
C:Windowssystem32z25asteal9137.exe
C:Windowssystem329z70backdo5r226.dll
C:Windowssystem326523vz9us52e.exe
C:Windowssystem3252b5ba5kzoor974.dll
C:Windowssystem3236d695eal1z6.dll
C:Windowssystem321d0es5a9ze481.exe
C:Windows7z77b5ckdoor9919.exe
C:Windows799zspambo9795.dll
C:Windows690adownloader759z.exe
C:Windows39539v5rusz05.exe
C:Windows24145szy49.exe
C:Windowssystem325cdspzwar95011.exe
C:Windowssystem3235fdown5zader3930.dll
C:Windowssystem32zfcathr9a55601.exe
C:Windowssystem32905z1spy5ca.dll
C:Windows4241downloa5erz958.exe
C:Windowssystem324z98v5r9299.exe
C:Windowssystem3219775s5azbot50c.dll
C:Windowssystem32z49fback5oor2574.dll
Кликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ. И приложите свежий RSIT лог.Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Error: registry key «RegistryMachineSystemCurrentControlSetServicesavx5cwfi» not found!
Deletion of driver «avx5cwfi» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existError: registry key «RegistryMachineSystemCurrentControlSetServicesazddj1lw» not found!
Deletion of driver «azddj1lw» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existDriver «usprserv» deleted successfully.
File «C:Windows2591wormdz5.dll» deleted successfully.
File «C:Windowssystem32695csp5zare532.dll» deleted successfully.
File «C:Windowssystem3230895h5cktool2bz.exe» deleted successfully.
File «C:Windows3395hacktool7bfz.dll» deleted successfully.
File «C:Windowssystem3210e95tezl1107.dll» deleted successfully.
File «C:Windows16524s9yzfc.dll» deleted successfully.
File «C:Windowssystem3217552h9cktool1b5z.dll» deleted successfully.
File «C:Windowssystem3224095ow9loadez189.exe» deleted successfully.
File «C:Windowssystem323095spy63z.exe» deleted successfully.
File «C:Windows9ez4vir2755.exe» deleted successfully.
File «C:Windowssystem326641w5zm4a59.exe» deleted successfully.
File «C:Windowssystem322652t59eat17835z.exe» deleted successfully.
File «C:Windows6d3aztea531309.exe» deleted successfully.
File «C:Windows77f3spz5ar92680.exe» deleted successfully.
File «C:Windows7bddazdw5re3092.dll» deleted successfully.
File «C:Windows3zt59j5e4.exe» deleted successfully.
File «C:Windowssystem32765zvi9us56.exe» deleted successfully.
File «C:Windowssystem324d509hrzat15659.exe» deleted successfully.
File «C:Windows7c7c9ze5l826.dll» deleted successfully.
File «C:Windowssystem3221195worm535z.exe» deleted successfully.
File «C:Windows3zb5threa912129.exe» deleted successfully.
File «C:Windows4b0ddo9nzoad5r1101.exe» deleted successfully.
File «C:Windows2b15azdwa9e2215.exe» deleted successfully.
File «C:Windows1z188hacktoo915b5.exe» deleted successfully.
File «C:Windows2969znot-9-v5rus2d3.dll» deleted successfully.
File «C:Windows3a35bac9dzor84.dll» deleted successfully.
File «C:Windowssystem325z9athre5t24449.dll» deleted successfully.
File «C:Windows5c69spar5e37z.dll» deleted successfully.
File «C:Windowsz79cvir25689.exe» deleted successfully.
File «C:Windowssystem3269595pz449.exe» deleted successfully.
File «C:Windows7z96spars52040.dll» deleted successfully.
File «C:Windowssystem3214306not-a5zi9us241.dll» deleted successfully.
File «C:Windows8447spa5bot987z.exe» deleted successfully.
File «C:Windows48z6vi911825.exe» deleted successfully.
File «C:Windows1893zworm5a8.exe» deleted successfully.
File «C:Windowssystem3235aedownlozder9559.exe» deleted successfully.
File «C:Windows83795pambot981z.exe» deleted successfully.
File «C:Windows19915zpy5985.dll» deleted successfully.
File «C:Windowssystem324282tzi9f28905.exe» deleted successfully.
File «C:Windows1b25add9aze25.exe» deleted successfully.
File «C:Windows60fa9pywzre758.dll» deleted successfully.
File «C:Windowsz6029troj5045.dll» deleted successfully.
File «C:Windowssystem3227585not-59vzrus474.dll» deleted successfully.
File «C:Windowssystem3217092zr5j327.exe» deleted successfully.
File «C:Windows10502worm95z.exe» deleted successfully.
File «C:Windowssystem32224429ot-a-5irus199z.dll» deleted successfully.
File «C:Windows19254troz9a.dll» deleted successfully.
File «C:Windowssystem329zthreat15649.exe» deleted successfully.
File «C:Windows6290v5rus2d5z.exe» deleted successfully.
File «C:Windowssystem32cb7thzef2595.exe» deleted successfully.
File «C:Windows14497s5ambot59z.dll» deleted successfully.
File «C:Windowsz351spywar92875.exe» deleted successfully.
File «C:Windows2948thre5t229z4.exe» deleted successfully.
File «C:Windows496cthre5t131z4.dll» deleted successfully.
File «C:Windows115addware269z.exe» deleted successfully.
File «C:Windowssystem32935dowzloader1141.exe» deleted successfully.
File «C:Windowssystem3222536z95us4dc.dll» deleted successfully.
File «C:Windowssystem321592sparze1419.dll» deleted successfully.
File «C:Windowssystem32992avir2745z.dll» deleted successfully.
File «C:Windows1eecdownlo5dez1719.exe» deleted successfully.
File «C:Windowssystem3229ed9hre5t11049z.dll» deleted successfully.
File «C:Windowssystem327f9ftzie9595.dll» deleted successfully.
File «C:Windowssystem3219b0sparz52062.exe» deleted successfully.
File «C:Windows29427hac5tooz19a.dll» deleted successfully.
File «C:Windowssystem3295b5ackdooz25859.dll» deleted successfully.
File «C:Windowsfbfdo5z9oader1544.exe» deleted successfully.
File «C:Windowssystem324081n9t-a-virus5z05.exe» deleted successfully.
File «C:Windows64b49hiz51058.dll» deleted successfully.
File «C:Windows1536back5oor8z69.dll» deleted successfully.
File «C:Windows51292hacktozl6b1.exe» deleted successfully.
File «C:Windowssystem3235z209orm26.dll» deleted successfully.
File «C:Windowssystem32283695rojz59.dll» deleted successfully.
File «C:Windowssystem329bz05pyware1776.exe» deleted successfully.
File «C:Windows2z544spambot493.dll» deleted successfully.
File «C:Windowssystem3253bdspar9z1215.dll» deleted successfully.
File «C:Windowssystem329934h5cktool356z.exe» deleted successfully.
File «C:Windowssystem322a05sp5rse2z969.exe» deleted successfully.
File «C:Windows68z6s9y5bc.exe» deleted successfully.
File «C:Windows76b8stezl1590.exe» deleted successfully.
File «C:Windows267715acktool519z.exe» deleted successfully.
File «C:Windowszfe7spar5e969.exe» deleted successfully.
File «C:Windowsz9560virus95.dll» deleted successfully.
File «C:Windowsz5ecsparse1559.dll» deleted successfully.
File «C:Windowsz4b6steal259.dll» deleted successfully.
File «C:Windowsz345vi5us25a9.exe» deleted successfully.
File «C:Windowssystem32espywar929z25.exe» deleted successfully.
File «C:Windowssystem327522hacktz5l1b59.dll» deleted successfully.
File «C:Windowssystem327470zot9a-vir5s73.exe» deleted successfully.
File «C:Windowssystem327237zpa95e333.exe» deleted successfully.
File «C:Windowssystem326a25s9z5l71.exe» deleted successfully.
File «C:Windowssystem325638back9oo5z2.dll» deleted successfully.
File «C:Windowssystem325402not-a-virusz94.exe» deleted successfully.
File «C:Windowssystem324da9dzwnloa5er872.exe» deleted successfully.
File «C:Windowssystem324d7cthizf859.dll» deleted successfully.
File «C:Windowssystem32425ztroj1c9.exe» deleted successfully.
File «C:Windowssystem32415az9ckdoor2395.dll» deleted successfully.
File «C:Windowssystem323335szea51950.dll» deleted successfully.
File «C:Windowssystem3229822ha9kto5lz66.dll» deleted successfully.
File «C:Windowssystem3229755zirus3fb.dll» deleted successfully.
File «C:Windowssystem3225178z9y5a2.exe» deleted successfully.
File «C:Windowssystem3223zbsparse2595.exe» deleted successfully.
File «C:Windowssystem321c819azkdoor2511.dll» deleted successfully.
File «C:Windowssystem32158aback9zor2658.dll» deleted successfully.
File «C:Windowssystem3215189aczdoor82.exe» deleted successfully.
File «C:Windowssystem32149375zr9s6d8.exe» deleted successfully.
File «C:Windowssystem321460zhac9tool385.exe» deleted successfully.
File «C:Windowssystem3214355viruz479.dll» deleted successfully.
File «C:Windows9dd0spyware57z.exe» deleted successfully.
File «C:Windows6cz9th9ef5229.exe» deleted successfully.
File «C:Windows6015doznl9ader3239.dll» deleted successfully.
File «C:Windows5c32s9ywzre3051.exe» deleted successfully.
File «C:Windows4z30sp9ware2405.dll» deleted successfully.
File «C:Windows498bthzeat94195.dll» deleted successfully.
File «C:Windows489095azse3244.dll» deleted successfully.
File «C:Windows35d9zteal2571.exe» deleted successfully.
File «C:Windows35cc9ownzoad5r499.dll» deleted successfully.
File «C:Windows35827zp913f.dll» deleted successfully.
File «C:Windows25929t5ojz92.exe» deleted successfully.
File «C:Windows2168virus5z39.dll» deleted successfully.
File «C:Windows12198s5z38f.exe» deleted successfully.
File «C:Windows10zspa5se9929.exe» deleted successfully.
File «C:Windowssystem32z4565wor9539.exe» deleted successfully.
File «C:Windowssystem32z25asteal9137.exe» deleted successfully.
File «C:Windowssystem329z70backdo5r226.dll» deleted successfully.
File «C:Windowssystem326523vz9us52e.exe» deleted successfully.
File «C:Windowssystem3252b5ba5kzoor974.dll» deleted successfully.
File «C:Windowssystem3236d695eal1z6.dll» deleted successfully.
File «C:Windowssystem321d0es5a9ze481.exe» deleted successfully.
File «C:Windows7z77b5ckdoor9919.exe» deleted successfully.
File «C:Windows799zspambo9795.dll» deleted successfully.
File «C:Windows690adownloader759z.exe» deleted successfully.
File «C:Windows39539v5rusz05.exe» deleted successfully.
File «C:Windows24145szy49.exe» deleted successfully.
File «C:Windowssystem325cdspzwar95011.exe» deleted successfully.
File «C:Windowssystem3235fdown5zader3930.dll» deleted successfully.
File «C:Windowssystem32zfcathr9a55601.exe» deleted successfully.
File «C:Windowssystem32905z1spy5ca.dll» deleted successfully.
File «C:Windows4241downloa5erz958.exe» deleted successfully.
File «C:Windowssystem324z98v5r9299.exe» deleted successfully.
File «C:Windowssystem3219775s5azbot50c.dll» deleted successfully.
File «C:Windowssystem32z49fback5oor2574.dll» deleted successfully.
Registry key «HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}» deleted successfully.Completed script processing.
*******************
Finished! Terminate.
- Для ответа в этой теме необходимо авторизоваться.
