• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › На экране появилось Warning You’re danger
Adguard
 

На экране появилось Warning You’re danger

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › На экране появилось Warning You’re danger

  • This topic has 14 ответов, 2 участника, and was last updated 16 years, 2 months назад by darknvkz.
Просмотр 15 сообщений - с 1 по 15 (из 15 всего)
  • Автор
    Сообщения
  • 3 июля, 2009 в 10:56 дп #16843
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    System Security обнаружил 32 вредоносных объекта — трояны, черви… Предлагает немедленно скачать из сети платную защиту. Комп уже начал отключаться, перезагружаться самостоятельно. Имена : Spyware.IEMonster.d, Spyware.IMMonitor, Trojan-Tooso, MailGrabber.s, Alg.t, Clicker.EC, Infostealer.Banker.E, Dialer.xpehbam, Win32-clagger.c, win32-black mail.xx, outsbot.u, Per Filer, Miewer.a, Peacomm.dam, Rbot.fm, Delbot.AI, Sdbot.ADN, Rbot.CBX, Spamta.KG.worm, Zlob.PornAdvertiser.ba, и другие… Что делать ?
    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by 1 at 2009-07-03 18:38:16
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (7%) free of 51 GB
    Total RAM: 1023 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:38:53, on 03.07.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSRTHDCPL.EXE
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesATI TechnologiesATI.ACECLI.EXE
    C:Program FilesMail.RuAgentMAgent.exe
    C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe
    C:WINDOWSsystem32lssas.exe
    C:Program FilesESETESET Smart Securityegui.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:WINDOWSsystem32system.exe
    C:WINDOWSsystem32lssas.exe
    C:Documents and SettingsAll UsersApplication Data1664281416642814.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    C:Program FilesMessengermsmsgs.exe
    C:Program FilesFree Download Managerfdm.exe
    C:Program FilesCommon FilesYandexYupdateyupdate.exe
    C:Program FilesYandexOnlineonline.exe
    C:Program FilesDownload Masterdmaster.exe
    C:Program FilesICQ6.5ICQ.exe
    C:Program Files2gisUpdateClientWin32UpdateClientService.exe
    C:Program FilesESETESET Smart Securityekrn.exe
    C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    C:Program FilesCyberLinkShared filesRichVideo.exe
    C:Program FilesiPodbiniPodService.exe
    C:Program FilesInternet ExplorerIEXPLORE.EXE
    C:Program FilesATI TechnologiesATI.ACEcli.exe
    C:Program FilesATI TechnologiesATI.ACEcli.exe
    C:DownloadsПрограммыRSIT.exe
    C:Program Filestrend micro1.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win.mail.ru/cgi-bin/msglist?folder=0&1056379155
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    F2 — REG:system.ini: UserInit=c:windowssystem32userinit.exe,C:WINDOWSsystem32twext.exe,
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll
    O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesMail.RuSputnikMailRuSputnik.dll
    O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
    O2 — BHO: FDMIECookiesBHO Class — {CC59E0F9-7E43-44FA-9FAA-8377850BF205} — C:Program FilesFree Download Manageriefdm2.dll
    O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
    O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
    O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
    O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
    O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
    O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
    O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
    O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
    O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
    O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
    O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [MaxMenuMgr] «C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe»
    O4 — HKLM..Run: [Local Security Authority Service] C:WINDOWSsystem32lssas.exe
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
    O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
    O4 — HKLM..Run: [PromoReg] C:WINDOWSsystem32system.exe
    O4 — HKLM..Run: [16642814] C:Documents and SettingsAll UsersApplication Data1664281416642814.exe
    O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
    O4 — HKCU..Run: [Free Download Manager] C:Program FilesFree Download Managerfdm.exe -autorun
    O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
    O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
    O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
    O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
    O4 — HKUSS-1-5-18..Run: [userinit] C:WINDOWSsystem32oembios.exe (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..Run: [Web Navigate] C:WINDOWSTEMP1.tmp (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [userinit] C:WINDOWSsystem32oembios.exe (User ‘Default user’)
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
    O8 — Extra context menu item: Закачать все с помощью FDM — file://C:Program FilesFree Download Managerdlall.htm
    O8 — Extra context menu item: Закачать выбранное с помощью FDM — file://C:Program FilesFree Download Managerdlselected.htm
    O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
    O8 — Extra context menu item: Закачать с помощью FDM — file://C:Program FilesFree Download Managerdllink.htm
    O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/search.htm
    O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/planet.htm
    O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/dic.htm
    O8 — Extra context menu item: Перевести эту страницу в Google — C:Documents and SettingsAll UsersApplication DataTuneUp SoftwareTuneUp UtilitiesWebgtranslate.htm
    O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/282
    O8 — Extra context menu item: Скачать видео с Free Download Manager — file://C:Program FilesFree Download Managerdlfvideo.htm
    O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/283
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: BitComet — {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} — res://C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll/206 (file missing)
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O12 — Plugin for .amr: C:Program FilesInternet ExplorerPLUGINSnpqtplugin3.dll
    O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll
    O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
    O23 — Service: ATI Smart ATIRpcSs (ATIRpcSs) — Unknown owner — C:DOCUME~11LOCALS~1Tempfile142.exe (file missing)
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Seagate Service (FreeAgentGoNext Service) — Seagate Technology LLC — C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: microsoft install le (msile) — Unknown owner — C:WINDOWSsystemmsile.exe (file missing)
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: WM System Decode Application — Unknown owner — C:WINDOWSsystemmsdct.exe (file missing)
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
    O24 — Desktop Component 0: (no name) — http://content.foto.my.mail.ru/mail/irina.dvorkina/_myphoto/i-6.jpg

    —
    End of file — 11590 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksОдним Щелчком.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll [2009-01-16 656696]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-14 680624]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
    IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2005-05-24 67584]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class — C:Program FilesFree Download Manageriefdm2.dll [2008-12-30 98304]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2003-02-17 61440]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-04-18 2427968]
    {893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2008-03-14 204800]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-14 680624]
    {468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-17 804336]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-09-25 90112]
    «RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2005-05-25 14477312]
    «Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-04 69632]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-03-15 71216]
    «LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-02-07 54832]
    «NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-04-14 6210744]
    «MaxMenuMgr»=C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe [2008-07-30 177448]
    «Local Security Authority Service»=C:WINDOWSsystem32lssas.exe [2004-08-17 1101824]
    «egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-10-24 1451264]
    «iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2007-04-27 257088]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
    «KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
    «PromoReg»=C:WINDOWSsystem32system.exe [2009-07-03 628736]
    «16642814»=C:Documents and SettingsAll UsersApplication Data1664281416642814 [2009-07-03 56]
    «TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2008-11-16 1234312]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
    «swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-04-21 68856]
    «MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
    «Free Download Manager»=C:Program FilesFree Download Managerfdm.exe [2009-01-31 3399727]
    «Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
    «YandexOnline»=C:Program FilesYandexOnlineonline.exe [2008-04-07 2297640]
    «Download Master»=C:Program FilesDownload Masterdmaster.exe [2006-01-06 931328]
    «ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
    «AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll»

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2006-12-17 110592]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDxw87.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmsile]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinam44.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincv13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWineh37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmi26.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmj80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmk13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinng71.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn88.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqn54.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrb20.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinug37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinuv11.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinvg80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyl47.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyx50.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWM System Decode Application]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDxw87.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmsile]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinam44.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincv13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWineh37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmi26.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmj80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmk13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinng71.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpn88.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqn54.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrb20.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinug37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinuv11.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinvg80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyl47.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyx50.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWM System Decode Application]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145
    «ForceClassicControlPanel»=1

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
    «C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
    «C:WINDOWSsystemmsile.exe»=»C:WINDOWSsystemmsile.exe:*:msile»
    «C:WINDOWSsystemmsdct.exe»=»C:WINDOWSsystemmsdct.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3273.scr»=»C:WINDOWSSystem3273.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3264.scr»=»C:WINDOWSSystem3264.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3220.scr»=»C:WINDOWSSystem3220.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3246.scr»=»C:WINDOWSSystem3246.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3224.scr»=»C:WINDOWSSystem3224.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3232.scr»=»C:WINDOWSSystem3232.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3282.scr»=»C:WINDOWSSystem3282.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3215.scr»=»C:WINDOWSSystem3215.scr:*:WM System Decode Application»
    «C:WINDOWSSystem323.scr»=»C:WINDOWSSystem323.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3250.scr»=»C:WINDOWSSystem3250.scr:*:WM System Decode Application»
    «C:WINDOWSSystem325.scr»=»C:WINDOWSSystem325.scr:*:WM System Decode Application»
    «C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:ENABLE»
    «C:WINDOWSSystem3270.scr»=»C:WINDOWSSystem3270.scr:*:WM System Decode Application»
    «C:WINDOWSsystem32wznr.exe»=»C:WINDOWSsystem32wznr.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3240.scr»=»C:WINDOWSSystem3240.scr:*:WM System Decode Application»
    «C:WINDOWSSystem324.scr»=»C:WINDOWSSystem324.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3237.scr»=»C:WINDOWSSystem3237.scr:*:WM System Decode Application»
    «C:WINDOWSsystem32rnpc.exe»=»C:WINDOWSsystem32rnpc.exe:*:WM System Decode Application»
    «C:WINDOWSsystem32mizby.exe»=»C:WINDOWSsystem32mizby.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3262.scr»=»C:WINDOWSSystem3262.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3280.scr»=»C:WINDOWSSystem3280.scr:*:WM System Decode Application»
    «C:WINDOWSsystem32qzhv.exe»=»C:WINDOWSsystem32qzhv.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3253.scr»=»C:WINDOWSSystem3253.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3285.scr»=»C:WINDOWSSystem3285.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3277.scr»=»C:WINDOWSSystem3277.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3243.scr»=»C:WINDOWSSystem3243.scr:*:WM System Decode Application»
    «c:windowssystem32userinit.exe»=»c:windowssystem32userinit.exe:*:Enabled:ENABLE»
    «C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»
    «C:WINDOWSSystem3276.scr»=»C:WINDOWSSystem3276.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3288.scr»=»C:WINDOWSSystem3288.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3258.scr»=»C:WINDOWSSystem3258.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3235.scr»=»C:WINDOWSSystem3235.scr:*:WM System Decode Application»
    «C:WINDOWSSystem327.scr»=»C:WINDOWSSystem327.scr:*:WM System Decode Application»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    ======List of files/folders created in the last 1 months======

    2009-07-03 18:38:18 —-D—- C:Program Filestrend micro
    2009-07-03 18:38:16 —-D—- C:rsit
    2009-07-03 17:48:26 —-A—- C:report.txt
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32ztvunace26.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32ztvcabinet.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32UNRAR3.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32unacev2.dll
    2009-07-03 17:35:38 —-D—- C:Program FilesTrojan Remover
    2009-07-03 17:35:38 —-D—- C:Documents and SettingsAll UsersApplication DataSimply Super Software
    2009-07-03 16:47:01 —-D—- C:Documents and SettingsAll UsersApplication Data16642814
    2009-07-03 16:45:07 —-D—- C:Program FilesWinPcap
    2009-07-03 15:47:35 —-A—- C:WINDOWSsystem32iclac.exe
    2009-07-03 10:10:44 —-A—- C:WINDOWSsystem32system.exe
    2009-07-03 10:10:34 —-A—- C:WINDOWSsystem32nyuvbojr.exe
    2009-06-30 11:42:50 —-A—- C:WINDOWSsystem32tzwrqr.exe
    2009-06-29 11:12:11 —-A—- C:supportmail.exe
    2009-06-26 22:20:14 —-D—- C:jimm_best119501
    2009-06-26 15:12:32 —-D—- C:Флэшка
    2009-06-26 01:27:05 —-A—- C:WINDOWSsystem32tgtfuu.exe
    2009-06-25 15:49:22 —-A—- C:WINDOWSsystem32slgxhyk.exe
    2009-06-21 09:14:35 —-A—- C:ntf5.exe
    2009-06-20 18:03:25 —-RSHD—- C:X
    2009-06-19 00:02:28 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesCommon FilesAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesAdobe
    2009-06-11 11:00:20 —-A—- C:WINDOWSsystem32vksaver.dll
    2009-06-11 00:43:12 —-A—- C:WINDOWSsystem32qzhv.exe
    2009-06-10 12:50:11 —-A—- C:WINDOWSsystem32mizby.exe
    2009-06-09 23:18:54 —-A—- C:WINDOWSsystem32rnpc.exe
    2009-06-09 10:18:56 —-D—- C:Documents and Settings1Application DataSoftware Informer
    2009-06-09 10:18:45 —-D—- C:Program FilesSoftware Informer
    2009-06-09 10:18:44 —-D—- C:Documents and Settings1Application DataFree Download Manager
    2009-06-09 10:18:36 —-D—- C:Documents and SettingsAll UsersApplication DataFreeDownloadManager.ORG
    2009-06-09 10:18:34 —-D—- C:Program FilesFree Download Manager
    2009-06-09 09:52:01 —-A—- C:WINDOWSsystem32wznr.exe
    2009-06-05 22:49:13 —-A—- C:WINDOWSsystem32rwjjbe.exe
    2009-06-04 16:56:58 —-A—- C:WINDOWSsystem32qrkhysln.exe
    2009-06-04 15:10:09 —-A—- C:WINDOWSsystem32uxtuneup.dll
    2009-06-04 15:10:08 —-D—- C:Documents and Settings1Application DataTuneUp Software
    2009-06-04 15:10:08 —-A—- C:WINDOWSsystem32TuneUpDefragService.exe
    2009-06-04 15:09:52 —-D—- C:Documents and SettingsAll UsersApplication DataTuneUp Software
    2009-06-04 15:09:44 —-D—- C:Program FilesTuneUp Utilities 2008

    ======List of files/folders modified in the last 1 months======

    2009-07-03 18:38:37 —-D—- C:WINDOWSTemp
    2009-07-03 18:38:18 —-RHD—- C:Program Files
    2009-07-03 18:38:09 —-D—- C:WINDOWSPrefetch
    2009-07-03 18:32:02 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
    2009-07-03 18:20:36 —-A—- C:WINDOWSNeroDigital.ini
    2009-07-03 18:01:22 —-D—- C:WINDOWSsystem32CatRoot2
    2009-07-03 18:01:21 —-D—- C:WINDOWSsystem32
    2009-07-03 17:58:39 —-D—- C:WINDOWSsystem32Lang
    2009-07-03 17:58:30 —-HD—- C:WINDOWS
    2009-07-03 17:32:50 —-D—- C:Program FilesSpyRemover Pro
    2009-07-03 16:45:08 —-D—- C:WINDOWSsystem32drivers
    2009-07-03 11:23:34 —-A—- C:WINDOWSSchedLgU.Txt
    2009-07-03 10:10:49 —-D—- C:WINDOWSsystem
    2009-07-02 00:09:31 —-SHD—- C:WINDOWSInstaller
    2009-06-30 01:27:35 —-A—- C:WINDOWSwinamp.ini
    2009-06-27 23:42:39 —-D—- C:Downloads
    2009-06-27 21:50:22 —-A—- C:WINDOWSPhotoSnapViewer.INI
    2009-06-27 21:14:10 —-D—- C:WINDOWSMinidump
    2009-06-21 22:23:52 —-D—- C:Documents and Settings1Application DataICQ
    2009-06-21 09:14:56 —-A—- C:WINDOWSModemLog_Последовательный кабель для связи компьютеров.txt
    2009-06-19 00:04:04 —-D—- C:Documents and Settings1Application DataAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesCommon Files
    2009-06-18 18:33:33 —-D—- C:Program FilesMozilla Firefox
    2009-06-06 16:08:51 —-D—- C:Program FilesDrWeb
    2009-06-06 16:08:46 —-SD—- C:WINDOWSTasks
    2009-06-06 15:59:43 —-A—- C:WINDOWSntbtlog.txt
    2009-06-06 14:40:50 —-D—- C:WINDOWSHelp
    2009-06-04 15:44:38 —-HD—- C:Program FilesInstallShield Installation Information

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-10-24 53256]
    R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-10-24 54280]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
    R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2002-09-16 4228]
    R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2008-06-23 5632]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-10-24 39944]
    R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-10-24 73224]
    R2 npf;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2007-11-16 34064]
    R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-12-17 1918464]
    R3 ATIAVAIW;ATI T200 Unified AVStream service; C:WINDOWSsystem32DRIVERSatinavt2.sys [2006-12-06 168832]
    R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-10-24 31240]
    R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-05-26 3134976]
    R3 ip100xp;ASUS NX1001 Network Adapter NT Driver; C:WINDOWSsystem32DRIVERSipfnd51.sys [2006-03-27 26752]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-14 5810]
    R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-21 5888]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-05-06 232064]
    S2 acpi32;acpi32; ??C:WINDOWSsystem32driversacpi32.sys []
    S2 amd64si;amd64si; ??C:WINDOWSsystem32driversamd64si.sys []
    S2 ati64si;ati64si; ??C:WINDOWSsystem32driversati64si.sys []
    S2 fips32cup;fips32cup; ??C:WINDOWSsystem32driversfips32cup.sys []
    S2 i386si;i386si; ??C:WINDOWSsystem32driversi386si.sys []
    S2 ksi32sk;ksi32sk; ??C:WINDOWSsystem32driversksi32sk.sys []
    S2 netsik;netsik; ??C:WINDOWSsystem32driversnetsik.sys []
    S2 nicsk32;nicsk32; ??C:WINDOWSsystem32driversnicsk32.sys []
    S2 port135sik;port135sik; ??C:WINDOWSsystem32driversport135sik.sys []
    S2 securentm;securentm; ??C:WINDOWSsystem32driverssecurentm.sys []
    S2 systemntmi;systemntmi; ??C:WINDOWSsystem32driverssystemntmi.sys []
    S2 ws2_32sik;ws2_32sik; ??C:WINDOWSsystem32driversws2_32sik.sys []
    S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
    S3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2006-09-19 15664]
    S3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-21 9600]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-21 12160]
    S3 MPE;BDA MPE фильтр; C:WINDOWSsystem32DRIVERSMPE.sys [2004-08-04 15360]
    S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
    S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
    S3 sysdrv32;Play Port I/O Driver; ??C:WINDOWSsystem32driverssysdrv32.sys []
    S3 tcpsr;tcpsr; ??C:WINDOWSSystem32driverstcpsr.sys []
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
    S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
    S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-12-17 434176]
    R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-10-24 468224]
    R2 FreeAgentGoNext Service;Seagate Service; C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe [2008-07-30 161064]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-05-14 272024]
    R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
    R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-17 14336]
    R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2007-04-27 500800]
    S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-12-21 520192]
    S2 ATIRpcSs;ATI Smart ATIRpcSs; C:DOCUME~11LOCALS~1Tempfile142.exe srv []
    S2 msile;microsoft install le; C:WINDOWSsystemmsile.exe []
    S2 WM System Decode Application;WM System Decode Application; C:WINDOWSsystemmsdct.exe []
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-10-24 19200]
    S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-04-18 138168]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-29 89136]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-06-04 307968]

    EOF


    info.txt logfile of random’s system information tool 1.06 2009-07-03 18:38:56

    ======Uninstall list======

    —>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
    —>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
    —>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
    —>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
    —>C:WINDOWSUNNeroVision.exe /UNINSTALL
    —>C:WINDOWSUNRecode.exe /UNINSTALL
    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
    Adobe Reader 9.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
    Apple Software Update—>MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
    ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
    ATI Catalyst Control Center—>MsiExec.exe /I{B7777E08-1344-42E8-975B-6F541F9ADBD8}
    ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    BitComet 1.09—>C:Program FilesBitCometuninst.exe
    Chessmaster 9000—>C:PROGRA~1CHESSM~1UNWISE.EXE C:PROGRA~1CHESSM~1INSTALL.LOG
    ColorPic—>C:WINDOWSColorPic Uninstaller.exe
    CometBird (3.0.5)—>C:Program FilesCometBirduninstallhelper.exe
    Download Master version 4.5.2.963—>»C:Program FilesDownload Masterunins000.exe»
    Dream Aquarium—>»C:Program FilesDream AquariumUnInstall.exe»
    Dream Render 2.20—>»C:Program FilesDreamRenderunins000.exe»
    eMule—>»C:Program FileseMuleUninstall.exe»
    eMusic — 50 Free MP3 offer—>»C:Program FilesWinampeMusicUninst-eMusic-promotion.exe»
    ESET Smart Security—>MsiExec.exe /I{11374A07-C399-494C-95E3-C9710021FB3C}
    EVEREST Home v1.50.187 (remove only)—>»C:Program FilesEVEREST Home v1.50.187uninstall.exe»
    Free Download Manager 3.0—>»C:Program FilesFree Download Managerunins000.exe»
    Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
    High Definition Audio — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
    HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
    ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
    iTunes—>MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
    K-Lite Mega Codec Pack 1.65—>»C:Program FilesK-Lite Codec Packunins000.exe»
    Mail.Ru Агент 5.4 (сборка 2647, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
    Mail.Ru Спутник 2.0.1.90—>c:program filesmail.rusputnikSputnikInstaller.exe -uninstall
    Marvell Miniport Driver—>MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
    Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
    Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
    Mozilla Firefox (3.0)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
    MSXML 6.0 Parser—>MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
    Nero 7 Ultra Edition—>MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1049}
    PowerDVD Ultra—>»C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -l0x000409 /z-uninstall
    PowerQuest PartitionMagic 8.0—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
    QuickTime—>MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
    Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
    Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
    SAMSUNG CDMA Modem Driver Set—>C:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
    SAMSUNG Mobile USB Modem ^^—>C:WINDOWSsystem32Samsung_USB_Drivers4SSVDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software—>C:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
    Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
    Samsung PC Studio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -l0x19 -removeonly
    Seagate Manager Installer—>»C:Program FilesInstallShield Installation Information{B1D89E54-08B1-4542-A69B-E634AEF10A40}setup.exe» -runfromtemp -l0x0409 -removeonly
    Seagate Manager Installer—>MsiExec.exe /X{B1D89E54-08B1-4542-A69B-E634AEF10A40}
    Software Informer 1.0 BETA—>»C:Program FilesSoftware Informerunins000.exe»
    SystemSecurity2009—>C:Documents and Settings1Главное менюПрограммыSystem Security\System Security
    Total Commander 7.00 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
    Trojan Remover 6.7.4—>»C:Program FilesTrojan Removerunins000.exe»
    TuneUp Utilities 2008 RUS от http://www.zhmak.info —>MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    VKSaver—>»C:DownloadsПрограммыVKSaveruninstall.exe»
    WhereIsIt? 3.68—>»C:Program FilesWhereIsItunins000.exe»
    Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
    Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
    Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
    WinRAR archiver—>C:Program FilesWinRARuninstall.exe
    XnView Deluxe 2—>C:PROGRA~1XNVIEW~1UNWISE.EXE C:PROGRA~1XNVIEW~1INSTALL.LOG
    Данные ДубльГИС г.Новокузнецк 01.06.2009—>MsiExec.exe /X{7895D791-608A-4315-A732-7DCE61A75033}
    ДубльГИС 3.0.5.4—>MsiExec.exe /X{67A1DF48-1CEA-468C-ADAA-74BA915437D8}
    Проигрыватель Windows Media 10—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
    Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}
    Я.Онлайн 1.0.0—>»C:Program FilesYandexOnlineunins000.exe»

    ======Hosts File======

    127.0.0.1 kaspersky.com
    127.0.0.1 norton.com

    ======Security center information======

    AV: ESET Smart Security 3.0
    FW: Персональный файервол ESET

    ======System event log======

    Computer Name: 2-79CA789501F34
    Event Code: 10005
    Message: Ошибка DCOM «%1058» при попытке запуска службы EventSystem с аргументами «»
    для запуска сервера:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Record Number: 33293
    Source Name: DCOM
    Time Written: 20090606132539.000000+480
    Event Type: ошибка
    User: NT AUTHORITYSYSTEM

    Computer Name: 2-79CA789501F34
    Event Code: 4202
    Message: Система обнаружила, что сетевой адаптер DEVICETCPIP_{77794C54-3656-4848-9086-29413B41F222} был отключен от сети, и сетевая
    конфигурация этого адаптера была освобождена. Если сетевой адаптер не был
    отключен, то возможно, что он неисправен. Чтобы получить обновленные
    драйверы, обратитесь к вендору.

    Record Number: 33292
    Source Name: Tcpip
    Time Written: 20090606132537.000000+480
    Event Type: информация
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 6005
    Message: Запущена служба журнала событий.

    Record Number: 33291
    Source Name: EventLog
    Time Written: 20090606132517.000000+480
    Event Type: информация
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 6009
    Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

    Record Number: 33290
    Source Name: EventLog
    Time Written: 20090606132517.000000+480
    Event Type: информация
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 6006
    Message: Служба журнала событий остановлена.

    Record Number: 33289
    Source Name: EventLog
    Time Written: 20090606132340.000000+480
    Event Type: информация
    User:

    =====Application event log=====

    Computer Name: 2-79CA789501F34
    Event Code: 8
    Message: Ошибка получения автоматического обновления последовательного номера стороннего корневого списка из: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> с кодом ошибки: Возврат из операции произошел из-за превышения времени ожидания.

    Record Number: 4719
    Source Name: crypt32
    Time Written: 20090125230536.000000+420
    Event Type: ошибка
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 0
    Message:
    Record Number: 4718
    Source Name: iPod Service
    Time Written: 20090125213353.000000+420
    Event Type: информация
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 8193
    Message: Ошибка теневого копирования тома: непредвиденная ошибка при вызове программы CoCreateInstance. hr = 0x80040206.

    Record Number: 4717
    Source Name: VSS
    Time Written: 20090125213352.000000+420
    Event Type: ошибка
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 4609
    Message: Система событий COM+ обнаружила неверный код возврата в ходе внутренней обработки. Значение HRESULT: 80070422 (строка 44 из d:qxp_slpcomcom1xsrceventstier1eventsystemobj.cpp). Обратитесь в службу поддержки Майкрософт.
    Record Number: 4716
    Source Name: EventSystem
    Time Written: 20090125213352.000000+420
    Event Type: ошибка
    User:

    Computer Name: 2-79CA789501F34
    Event Code: 0
    Message:
    Record Number: 4715
    Source Name: RichVideo
    Time Written: 20090125213351.000000+420
    Event Type: информация
    User:

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACE;C:Program FilesK-Lite Codec PackQuickTimeQTSystem;C:Program FilesSamsungSamsung PC Studio 3
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=15
    «PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    «PROCESSOR_REVISION»=0409
    «NUMBER_OF_PROCESSORS»=2
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP
    «CLASSPATH»=.;C:Program FilesK-Lite Codec PackQuickTimeQTSystemQTJava.zip
    «QTJAVA»=C:Program FilesK-Lite Codec PackQuickTimeQTSystemQTJava.zip

    EOF

    3 июля, 2009 в 3:35 пп #24693
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    System Security — это поддельная антиспайварная программа, её нужно удалить как можно быстрее. Кроме неё, компьютер ещё заражён несколькими троянами.

    Запустите HijackThis, для этого кликните Пуск, Выполнить, введите 

    C:Program Filestrend micro1.exe

    и нажмите Enter.
    Кликните по кнопке Do a system scan only.
    Далее отметьте галочкой (слева) следующие строки, если они присутствуют:

    F2 - REG:system.ini: UserInit=c:windowssystem32userinit.exe,C:WINDOWSsystem32twext.exe,
    
O4 - HKLM..Run: [PromoReg] C:WINDOWSsystem32system.exe
    
O4 - HKLM..Run: [16642814] C:Documents and SettingsAll UsersApplication Data1664281416642814.exe
    
O4 - HKUSS-1-5-18..Run: [userinit] C:WINDOWSsystem32oembios.exe (User 'SYSTEM')
    
O4 - HKUSS-1-5-18..Run: [Web Navigate] C:WINDOWSTEMP1.tmp (User 'SYSTEM')
    
O4 - HKUS.DEFAULT..Run: [userinit] C:WINDOWSsystem32oembios.exe (User 'Default user')

    Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
    Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.

    Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
    Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.

    Жду от вас MBAM лог и свежий RSIT лог (запускайте RSIT после Malwarebytes Anti-malware).

    3 июля, 2009 в 4:02 пп #24694
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    А можно узнать, что повлечёт за собой выделение галочками указанных строк ?

    3 июля, 2009 в 4:37 пп #24695
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Ещё вопрос — для запуска MBAM, антивирус отключать не нужно ? У меня НОД32. ESET Smart Security.

    3 июля, 2009 в 5:52 пп #24696
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Спасибо ! Всё получилось !

    Malwarebytes’ Anti-Malware 1.38
    Версия базы данных: 2369
    Windows 5.1.2600 Service Pack 2

    04.07.2009 1:27:35
    mbam-log-2009-07-04 (01-27-35).txt

    Тип проверки: Полная (A:|C:|D:|E:|F:|M:|N:|V:|)
    Проверено объектов: 279819
    Прошло времени: 1 hour(s), 1 minute(s), 23 second(s)

    Заражено процессов в памяти: 1
    Заражено модулей в памяти: 0
    Заражено ключей реестра: 40
    Заражено значений реестра: 10
    Заражено параметров реестра: 6
    Заражено папок: 11
    Заражено файлов: 60

    Заражено процессов в памяти:
    C:WINDOWSsystem32lssas.exe (Backdoor.Bot) -> Unloaded process successfully.

    Заражено модулей в памяти:
    (Вредоносные программы не обнаружены)

    Заражено ключей реестра:
    HKEY_CLASSES_ROOTxvideoplugin.jetmimefiltr (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTxvideoplugin.jetmimefiltr.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTxvideoplugin.jetvideoplugin (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTxvideoplugin.jetvideoplugin.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{047d87fd-bfc5-4ac3-9ad3-acecc7b49016} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{8e569e70-9e91-4cf9-820c-99ddc3a05a0c} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{1094613f-84b6-4131-aec1-71df88291044} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{befc54ba-36eb-4cfc-ba55-587361577a26} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypelib{3a596471-ecbe-4aee-b543-79ae8c8ff7a9} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTAppID{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1094613f-84b6-4131-aec1-71df88291044} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMControlSet002Servicessysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMControlSet003Servicessysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMControlSet004Servicessysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesamd64si (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesati64si (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesport135sik (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicessecurentm (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREXP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTAppIDpllib.dll (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicestcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesacpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesi386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesSystemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesmsile (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeBootMinimalmsile (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeBootNetworkmsile (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesnicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesnetsik (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesfips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesWM System Decode Application (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeBootMinimalWM System Decode Application (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeBootNetworkWM System Decode Application (Backdoor.IRCBot) -> Quarantined and deleted successfully.

    Заражено значений реестра:
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorer{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunPromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlocal security authority service (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkUID (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERControl Paneldon’t loadscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERControl Paneldon’t loadwscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRList (Malware.Trace) -> Quarantined and deleted successfully.

    Заражено параметров реестра:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Заражено папок:
    C:WINDOWSsystem32wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.
    c:documents and settingsLocalServiceApplication Datasysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.
    c:documents and settingsNetworkServiceApplication Datasysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:documents and settingsLocalServiceApplication Datawsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
    c:documents and settingsNetworkServiceApplication Datawsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
    c:program filesSpyRemover Pro (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesXP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywaredata (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywareMicrosoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

    Заражено файлов:
    c:ntf5.exe (Trojan.Slenfbot) -> Quarantined and deleted successfully.
    c:program filesspyremover proSpyRemoverPro.exe (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesxp_antispywarehtmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
    c:downloadsпрограммыSpyRemover 2.70.exe (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:documents and settings1local settingsTempTMPF82.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:documents and settings1local settingsTempIXP000.TMPBURIMI~1.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:documents and settings1local settingsTempIXP001.TMPpic.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:documents and settings1local settingsTempIXP002.TMPNEWPAC~1.EXE (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    c:documents and settings1local settingsTempIXP003.TMPpic.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:documents and settingsall usersapplication data1664281416642814.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    c:system volume information_restore{9ae0ecb5-7c98-4d1f-aeb7-ec302061440a}RP403A0091565.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:system volume information_restore{9ae0ecb5-7c98-4d1f-aeb7-ec302061440a}RP403A0091579.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:system volume information_restore{9ae0ecb5-7c98-4d1f-aeb7-ec302061440a}RP403A0091612.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32iclac.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32mozaemoo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32tzwrqr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32gabccuwq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32dnyq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32nyuvbojr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32slgxhyk.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32sljvuyl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32system.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32tgtfuu.exe (Trojan.Downloader.MJ) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32xqihdf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32ynvy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32yrvfny.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32qljulris.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32driverssysdrv32.#ys (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32driverssysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    n:программыSpyRemover 2.70.exe (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32wsnpoemaudio.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32wsnpoemvideo.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32sysproc64sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32sysproc64sysproc86.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    c:documents and settingslocalserviceapplication datasysproc64sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    c:documents and settingsnetworkserviceapplication datasysproc64sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32twain_32local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32twain_32user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:WINDOWSsystem32twain_32user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:documents and settingslocalserviceapplication datawsnpoemaudio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:documents and settingsnetworkserviceapplication datawsnpoemaudio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:program filesspyremover proNews.html (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesspyremover proScanHistory.ini (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesspyremover proSftTree_IX86_U_50.ocx (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesspyremover proSpyRemover Pro_Startup.txt (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesspyremover proSS_BHR.ini (Rogue.SpyRemover) -> Quarantined and deleted successfully.
    c:program filesxp_antispywarepthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywareXP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywaredatadaily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywaremicrosoft.vc80.crtMicrosoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywaremicrosoft.vc80.crtmsvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywaremicrosoft.vc80.crtmsvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    c:program filesxp_antispywaremicrosoft.vc80.crtmsvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32rdbmju.exe (Trojan.Agent) -> Delete on reboot.
    c:documents and settings1рабочий столXP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:documents and settings1delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:WINDOWSTempNOD1.tmp (Spyware.OnlineGames) -> Not selected for removal.
    c:documents and settings1oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by 1 at 2009-07-04 01:34:56
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (7%) free of 51 GB
    Total RAM: 1023 MB (32% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:35:00, on 04.07.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSRTHDCPL.EXE
    C:Program FilesATI TechnologiesATI.ACECLI.EXE
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesMail.RuAgentMAgent.exe
    C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe
    C:Program FilesESETESET Smart Securityegui.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    C:Program FilesMessengermsmsgs.exe
    C:Program FilesFree Download Managerfdm.exe
    C:Program FilesCommon FilesYandexYupdateyupdate.exe
    C:Program FilesYandexOnlineonline.exe
    C:Program Files2gisUpdateClientWin32UpdateClientService.exe
    C:Program FilesDownload Masterdmaster.exe
    C:Program FilesICQ6.5ICQ.exe
    C:Program FilesESETESET Smart Securityekrn.exe
    C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    C:Program FilesCyberLinkShared filesRichVideo.exe
    C:Program FilesiPodbiniPodService.exe
    C:Program FilesATI TechnologiesATI.ACEcli.exe
    C:Program FilesATI TechnologiesATI.ACEcli.exe
    C:Program FilesInternet ExplorerIEXPLORE.EXE
    C:Program FilesMalwarebytes’ Anti-Malwarembam.exe
    C:WINDOWSsystem32rdbmju.exe
    C:DownloadsПрограммыRSIT.exe
    C:Program Filestrend micro1.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win.mail.ru/cgi-bin/msglist?folder=0&1056379155
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll
    O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesMail.RuSputnikMailRuSputnik.dll
    O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
    O2 — BHO: FDMIECookiesBHO Class — {CC59E0F9-7E43-44FA-9FAA-8377850BF205} — C:Program FilesFree Download Manageriefdm2.dll
    O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
    O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
    O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
    O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
    O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
    O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
    O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
    O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
    O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
    O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
    O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [MaxMenuMgr] «C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe»
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
    O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
    O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
    O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
    O4 — HKLM..RunOnce: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
    O4 — HKCU..Run: [Free Download Manager] C:Program FilesFree Download Managerfdm.exe -autorun
    O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
    O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
    O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
    O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
    O8 — Extra context menu item: Закачать все с помощью FDM — file://C:Program FilesFree Download Managerdlall.htm
    O8 — Extra context menu item: Закачать выбранное с помощью FDM — file://C:Program FilesFree Download Managerdlselected.htm
    O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
    O8 — Extra context menu item: Закачать с помощью FDM — file://C:Program FilesFree Download Managerdllink.htm
    O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/search.htm
    O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/planet.htm
    O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/dic.htm
    O8 — Extra context menu item: Перевести эту страницу в Google — C:Documents and SettingsAll UsersApplication DataTuneUp SoftwareTuneUp UtilitiesWebgtranslate.htm
    O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/282
    O8 — Extra context menu item: Скачать видео с Free Download Manager — file://C:Program FilesFree Download Managerdlfvideo.htm
    O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/283
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: BitComet — {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} — res://C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll/206 (file missing)
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O12 — Plugin for .amr: C:Program FilesInternet ExplorerPLUGINSnpqtplugin3.dll
    O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll
    O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
    O23 — Service: ATI Smart ATIRpcSs (ATIRpcSs) — Unknown owner — C:DOCUME~11LOCALS~1Tempfile142.exe (file missing)
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Seagate Service (FreeAgentGoNext Service) — Seagate Technology LLC — C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
    O24 — Desktop Component 0: (no name) — http://content.foto.my.mail.ru/mail/irina.dvorkina/_myphoto/i-6.jpg

    —
    End of file — 10945 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksОдним Щелчком.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll [2009-01-16 656696]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-14 680624]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
    IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2005-05-24 67584]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class — C:Program FilesFree Download Manageriefdm2.dll [2008-12-30 98304]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2003-02-17 61440]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-04-18 2427968]
    {893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2008-03-14 204800]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-14 680624]
    {468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-17 804336]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-09-25 90112]
    «RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2005-05-25 14477312]
    «Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-04 69632]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-03-15 71216]
    «LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-02-07 54832]
    «NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-04-14 6210744]
    «MaxMenuMgr»=C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe [2008-07-30 177448]
    «egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-10-24 1451264]
    «iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2007-04-27 257088]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
    «KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
    «TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2008-11-16 1234312]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
    «Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2009-06-17 414992]
    «Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-06-17 1287440]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
    «swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-04-21 68856]
    «MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
    «Free Download Manager»=C:Program FilesFree Download Managerfdm.exe [2009-01-31 3399727]
    «Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
    «YandexOnline»=C:Program FilesYandexOnlineonline.exe [2008-04-07 2297640]
    «Download Master»=C:Program FilesDownload Masterdmaster.exe [2006-01-06 931328]
    «ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
    «AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll»

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2006-12-17 110592]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDxw87.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinam44.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincv13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWineh37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmi26.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmj80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmk13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinng71.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn88.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqn54.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrb20.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinug37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinuv11.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinvg80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyl47.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyx50.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDxw87.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinam44.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincv13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWineh37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmi26.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmj80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmk13.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinng71.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpn88.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqn54.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrb20.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinug37.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinuv11.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinvg80.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyl47.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyx50.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
    «C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
    «C:WINDOWSsystemmsile.exe»=»C:WINDOWSsystemmsile.exe:*:msile»
    «C:WINDOWSsystemmsdct.exe»=»C:WINDOWSsystemmsdct.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3273.scr»=»C:WINDOWSSystem3273.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3264.scr»=»C:WINDOWSSystem3264.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3220.scr»=»C:WINDOWSSystem3220.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3246.scr»=»C:WINDOWSSystem3246.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3224.scr»=»C:WINDOWSSystem3224.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3232.scr»=»C:WINDOWSSystem3232.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3282.scr»=»C:WINDOWSSystem3282.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3215.scr»=»C:WINDOWSSystem3215.scr:*:WM System Decode Application»
    «C:WINDOWSSystem323.scr»=»C:WINDOWSSystem323.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3250.scr»=»C:WINDOWSSystem3250.scr:*:WM System Decode Application»
    «C:WINDOWSSystem325.scr»=»C:WINDOWSSystem325.scr:*:WM System Decode Application»
    «C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:ENABLE»
    «C:WINDOWSSystem3270.scr»=»C:WINDOWSSystem3270.scr:*:WM System Decode Application»
    «C:WINDOWSsystem32wznr.exe»=»C:WINDOWSsystem32wznr.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3240.scr»=»C:WINDOWSSystem3240.scr:*:WM System Decode Application»
    «C:WINDOWSSystem324.scr»=»C:WINDOWSSystem324.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3237.scr»=»C:WINDOWSSystem3237.scr:*:WM System Decode Application»
    «C:WINDOWSsystem32rnpc.exe»=»C:WINDOWSsystem32rnpc.exe:*:WM System Decode Application»
    «C:WINDOWSsystem32mizby.exe»=»C:WINDOWSsystem32mizby.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3262.scr»=»C:WINDOWSSystem3262.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3280.scr»=»C:WINDOWSSystem3280.scr:*:WM System Decode Application»
    «C:WINDOWSsystem32qzhv.exe»=»C:WINDOWSsystem32qzhv.exe:*:WM System Decode Application»
    «C:WINDOWSSystem3253.scr»=»C:WINDOWSSystem3253.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3285.scr»=»C:WINDOWSSystem3285.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3277.scr»=»C:WINDOWSSystem3277.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3243.scr»=»C:WINDOWSSystem3243.scr:*:WM System Decode Application»
    «c:windowssystem32userinit.exe»=»c:windowssystem32userinit.exe:*:Enabled:ENABLE»
    «C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»
    «C:WINDOWSSystem3276.scr»=»C:WINDOWSSystem3276.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3288.scr»=»C:WINDOWSSystem3288.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3258.scr»=»C:WINDOWSSystem3258.scr:*:WM System Decode Application»
    «C:WINDOWSSystem3235.scr»=»C:WINDOWSSystem3235.scr:*:WM System Decode Application»
    «C:WINDOWSSystem327.scr»=»C:WINDOWSSystem327.scr:*:WM System Decode Application»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    ======List of files/folders created in the last 1 months======

    2009-07-04 01:28:37 —-A—- C:WINDOWSviqhq.txt
    2009-07-04 01:11:23 —-N—- C:WINDOWSsystem32rdbmju.exe
    2009-07-04 00:13:13 —-D—- C:Documents and Settings1Application DataMalwarebytes
    2009-07-04 00:13:07 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2009-07-04 00:13:06 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
    2009-07-03 18:43:51 —-H—- C:~WRL1550.tmp
    2009-07-03 18:43:51 —-H—- C:~WRL1483.tmp
    2009-07-03 18:43:51 —-H—- C:~WRL0005.tmp
    2009-07-03 18:43:51 —-H—- C:~WRL0003.tmp
    2009-07-03 18:38:18 —-D—- C:Program Filestrend micro
    2009-07-03 18:38:16 —-D—- C:rsit
    2009-07-03 17:48:26 —-A—- C:report.txt
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32ztvunace26.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32ztvcabinet.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32UNRAR3.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32unacev2.dll
    2009-07-03 17:35:38 —-D—- C:Program FilesTrojan Remover
    2009-07-03 17:35:38 —-D—- C:Documents and SettingsAll UsersApplication DataSimply Super Software
    2009-07-03 16:47:01 —-D—- C:Documents and SettingsAll UsersApplication Data16642814
    2009-07-03 16:45:07 —-D—- C:Program FilesWinPcap
    2009-06-29 11:12:11 —-A—- C:supportmail.exe
    2009-06-26 22:20:14 —-D—- C:jimm_best119501
    2009-06-26 15:12:32 —-D—- C:Флэшка
    2009-06-20 18:03:25 —-RSHD—- C:X
    2009-06-19 00:02:28 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesCommon FilesAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesAdobe
    2009-06-11 11:00:20 —-A—- C:WINDOWSsystem32vksaver.dll
    2009-06-11 00:43:12 —-A—- C:WINDOWSsystem32qzhv.exe
    2009-06-10 12:50:11 —-A—- C:WINDOWSsystem32mizby.exe
    2009-06-09 23:18:54 —-A—- C:WINDOWSsystem32rnpc.exe
    2009-06-09 10:18:56 —-D—- C:Documents and Settings1Application DataSoftware Informer
    2009-06-09 10:18:45 —-D—- C:Program FilesSoftware Informer
    2009-06-09 10:18:44 —-D—- C:Documents and Settings1Application DataFree Download Manager
    2009-06-09 10:18:36 —-D—- C:Documents and SettingsAll UsersApplication DataFreeDownloadManager.ORG
    2009-06-09 10:18:34 —-D—- C:Program FilesFree Download Manager
    2009-06-09 09:52:01 —-A—- C:WINDOWSsystem32wznr.exe
    2009-06-05 22:49:13 —-A—- C:WINDOWSsystem32rwjjbe.exe

    ======List of files/folders modified in the last 1 months======

    2009-07-04 01:34:45 —-D—- C:WINDOWSTemp
    2009-07-04 01:33:03 —-D—- C:WINDOWSPrefetch
    2009-07-04 01:28:37 —-HD—- C:WINDOWS
    2009-07-04 01:28:37 —-D—- C:WINDOWSsystem32drivers
    2009-07-04 01:27:35 —-RHD—- C:Program Files
    2009-07-04 01:27:35 —-D—- C:WINDOWSsystem32
    2009-07-03 23:53:12 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
    2009-07-03 23:21:16 —-D—- C:WINDOWSsystem32Lang
    2009-07-03 19:36:01 —-D—- C:WINDOWSMinidump
    2009-07-03 19:04:09 —-A—- C:WINDOWSSchedLgU.Txt
    2009-07-03 18:20:36 —-A—- C:WINDOWSNeroDigital.ini
    2009-07-03 18:01:22 —-D—- C:WINDOWSsystem32CatRoot2
    2009-07-03 10:10:49 —-D—- C:WINDOWSsystem
    2009-07-02 00:09:31 —-SHD—- C:WINDOWSInstaller
    2009-06-30 01:27:35 —-A—- C:WINDOWSwinamp.ini
    2009-06-27 23:42:39 —-D—- C:Downloads
    2009-06-27 21:50:22 —-A—- C:WINDOWSPhotoSnapViewer.INI
    2009-06-21 22:23:52 —-D—- C:Documents and Settings1Application DataICQ
    2009-06-21 09:14:56 —-A—- C:WINDOWSModemLog_Последовательный кабель для связи компьютеров.txt
    2009-06-19 00:04:04 —-D—- C:Documents and Settings1Application DataAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesCommon Files
    2009-06-18 18:33:33 —-D—- C:Program FilesMozilla Firefox
    2009-06-12 12:43:51 —-D—- C:Program FilesTuneUp Utilities 2008
    2009-06-06 16:08:51 —-D—- C:Program FilesDrWeb
    2009-06-06 16:08:46 —-SD—- C:WINDOWSTasks
    2009-06-06 15:59:43 —-A—- C:WINDOWSntbtlog.txt
    2009-06-06 14:40:50 —-D—- C:WINDOWSHelp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-10-24 53256]
    R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-10-24 54280]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
    R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2002-09-16 4228]
    R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2008-06-23 5632]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-10-24 39944]
    R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-10-24 73224]
    R2 npf;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2007-11-16 34064]
    R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-12-17 1918464]
    R3 ATIAVAIW;ATI T200 Unified AVStream service; C:WINDOWSsystem32DRIVERSatinavt2.sys [2006-12-06 168832]
    R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-10-24 31240]
    R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-05-26 3134976]
    R3 ip100xp;ASUS NX1001 Network Adapter NT Driver; C:WINDOWSsystem32DRIVERSipfnd51.sys [2006-03-27 26752]
    R3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
    R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-14 5810]
    R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-21 5888]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-05-06 232064]
    S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
    S3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2006-09-19 15664]
    S3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-21 9600]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-21 12160]
    S3 MPE;BDA MPE фильтр; C:WINDOWSsystem32DRIVERSMPE.sys [2004-08-04 15360]
    S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
    S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
    S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
    S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-12-17 434176]
    R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-10-24 468224]
    R2 FreeAgentGoNext Service;Seagate Service; C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe [2008-07-30 161064]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-05-14 272024]
    R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
    R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-17 14336]
    R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2007-04-27 500800]
    S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-12-21 520192]
    S2 ATIRpcSs;ATI Smart ATIRpcSs; C:DOCUME~11LOCALS~1Tempfile142.exe srv []
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-10-24 19200]
    S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-04-18 138168]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-29 89136]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-06-04 307968]

    EOF

    4 июля, 2009 в 3:57 пп #24697
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Необходимо ещё поработать.
    Скачайте OTM by OldTimer кликнув по этой ссылке.
    Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

    :Processes
    explorer.exe

    :services
    dwshd
    ATIRpcSs

    :reg
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDxw87.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinam44.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincv13.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWineh37.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmi26.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmj80.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmk13.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinng71.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn88.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqn54.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrb20.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinug37.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinuv11.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinvg80.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyl47.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyx50.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDxw87.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinam44.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincv13.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWineh37.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmi26.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmj80.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmk13.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinng71.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpn88.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqn54.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrb20.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinug37.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinuv11.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinvg80.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyl47.sys]
    [-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyx50.sys]

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «C:WINDOWSsystemmsile.exe»=-
    «C:WINDOWSsystemmsdct.exe»=-
    «C:WINDOWSSystem3273.scr»=-
    «C:WINDOWSSystem3264.scr»=-
    «C:WINDOWSSystem3220.scr»=-
    «C:WINDOWSSystem3246.scr»=-
    «C:WINDOWSSystem3224.scr»=-
    «C:WINDOWSSystem3232.scr»=-
    «C:WINDOWSSystem3282.scr»=-
    «C:WINDOWSSystem3215.scr»=-
    «C:WINDOWSSystem323.scr»=-
    «C:WINDOWSSystem3250.scr»=-
    «C:WINDOWSSystem325.scr»=-
    «C:WINDOWSSystem3270.scr»=-
    «C:WINDOWSsystem32wznr.exe»=-
    «C:WINDOWSSystem3240.scr»=-
    «C:WINDOWSSystem324.scr»=-
    «C:WINDOWSSystem3237.scr»=-
    «C:WINDOWSsystem32rnpc.exe»=-
    «C:WINDOWSsystem32mizby.exe»=-
    «C:WINDOWSSystem3262.scr»=-
    «C:WINDOWSSystem3280.scr»=-
    «C:WINDOWSsystem32qzhv.exe»=-
    «C:WINDOWSSystem3253.scr»=-
    «C:WINDOWSSystem3285.scr»=-
    «C:WINDOWSSystem3277.scr»=-
    «C:WINDOWSSystem3243.scr»=-
    «c:windowssystem32userinit.exe»=-
    «C:WINDOWSSystem3276.scr»=-
    «C:WINDOWSSystem3288.scr»=-
    «C:WINDOWSSystem3258.scr»=-
    «C:WINDOWSSystem3235.scr»=-
    «C:WINDOWSSystem327.scr»=-

    :files
    C:WINDOWSviqhq.txt
    C:WINDOWSsystem32rdbmju.exe
    C:~WRL1550.tmp
    C:~WRL1483.tmp
    C:~WRL0005.tmp
    C:~WRL0003.tmp
    C:WINDOWSsystem32qzhv.exe
    C:WINDOWSsystem32mizby.exe
    C:WINDOWSsystem32rnpc.exe
    C:WINDOWSsystem32wznr.exe
    C:WINDOWSsystem32rwjjbe.exe

    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]

    Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
    По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.

    Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.

    15 июля, 2009 в 6:10 пп #24699
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========

    ServiceDriver key dwshd deleted successfully.

    ServiceDriver key ATIRpcSs deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDxw87.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinam44.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincv13.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWineh37.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmi26.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmj80.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmk13.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinng71.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpn88.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqn54.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrb20.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinug37.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinuv11.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinvg80.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyl47.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyx50.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDxw87.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinam44.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincv13.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWineh37.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmi26.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmj80.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmk13.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinng71.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpn88.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqn54.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrb20.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinug37.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinuv11.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinvg80.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyl47.sys deleted successfully.
    Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyx50.sys deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystemmsile.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystemmsdct.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3273.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3264.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3220.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3246.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3224.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3232.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3282.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3215.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem323.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3250.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem325.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3270.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32wznr.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3240.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem324.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3237.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32rnpc.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32mizby.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3262.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3280.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32qzhv.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3253.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3285.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3277.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3243.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\c:windowssystem32userinit.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3276.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3288.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3258.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3235.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem327.scr deleted successfully.
    ========== FILES ==========
    File/Folder C:WINDOWSviqhq.txt not found.
    File/Folder C:WINDOWSsystem32rdbmju.exe not found.
    C:~WRL1550.tmp moved successfully.
    C:~WRL1483.tmp moved successfully.
    C:~WRL0005.tmp moved successfully.
    C:~WRL0003.tmp moved successfully.
    C:WINDOWSsystem32qzhv.exe moved successfully.
    C:WINDOWSsystem32mizby.exe moved successfully.
    C:WINDOWSsystem32rnpc.exe moved successfully.
    C:WINDOWSsystem32wznr.exe moved successfully.
    C:WINDOWSsystem32rwjjbe.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 1
    ->Temp folder emptied: 266964 bytes
    ->Temporary Internet Files folder emptied: 41387715 bytes
    ->FireFox cache emptied: 33740041 bytes
    ->Opera cache emptied: 25128 bytes

    User: All Users

    User: bc_cache

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: History

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 1196320 bytes

    User: NeroDemo9936

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5771628 bytes

    User: nro.log

    User: outlook logging

    User: RarSFX0

    User: RarSFX1

    User: Temporary Internet Files

    User: Word8.0

    User: {0224D940-355C-4D78-B77D-7AE4F95E0D7D}

    User: {1A432D84-46B0-48C1-8627-630F537A07DB}

    User: {1DDACEF5-8159-480F-B422-356EA3348CDB}

    User: {29A6DC69-3F3D-4A00-A00E-DCA419447D01}

    User: {2AED8C51-2A2D-42FB-91A0-A9832B03C457}

    User: {2F96E29C-EAA6-4FAA-BFC3-31803092169F}

    User: {3033D600-E02C-47F9-85DC-87842ADE24C5}

    User: {3AA1B6C2-A9C2-4335-AE4C-4C93578A6F8A}

    User: {544F0A8F-9BD0-439A-8EFA-853766009D7E}

    User: {5A5B1B16-4B84-49E3-BBA3-AB39AF98922E}

    User: {6188C444-3D09-453E-BCBE-7374561AB5F4}

    User: {66CD8377-CCFB-4F0B-9534-2E7364CFC15C}

    User: {7465E1BA-3D0F-44EF-BF56-FBA57D881A79}

    User: {74E76E57-C492-416B-8501-1E7BFE3E00D9}

    User: {83E7CDF3-6085-4E8F-9EE5-A1CE6B2C668E}

    User: {8920D230-E58B-46C8-99F8-EF4381F571F0}

    User: {8D508B88-168A-4520-A5EC-A33F59B4644B}

    User: {9AA87111-1B86-434B-93F2-BB89B9663846}

    User: {A51E5D96-0868-4511-A48E-FE74134F034F}

    User: {ABB5D489-DD4D-42AE-8AAF-3794377D5B81}

    User: {BBB47B0F-52E9-4DAD-A646-E2983004AC75}

    User: {D4C99C61-7ABB-494D-B172-1FBDA61CCC79}

    User: {DA7F148D-1672-4167-AA82-41C5D8612E17}

    User: {F1FE01D5-9676-4411-8825-4DFB49E03737}

    User: {FF216CE2-5B14-4D38-B96D-ED28A64DEAFB}

    User: Временная папка 1 для Bombas.zip

    %systemdrive% .tmp files removed: 47616 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 5709 bytes
    Windows Temp folder emptied: 2037347 bytes
    RecycleBin emptied: 263838214 bytes

    Total Files Cleaned = 332,21 mb

    OTM by OldTimer — Version 3.0.0.5 log created on 07162009_020129

    Files moved on Reboot…

    Registry entries deleted on Reboot…

    15 июля, 2009 в 6:13 пп #24700
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by 1 at 2009-07-16 02:13:23
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (6%) free of 51 GB
    Total RAM: 1023 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:13:26, on 16.07.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSnotepad.exe
    C:WINDOWSRTHDCPL.EXE
    C:Program FilesATI TechnologiesATI.ACECLI.EXE
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesMail.RuAgentMAgent.exe
    C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe
    C:Program FilesESETESET Smart Securityegui.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    C:Program FilesMessengermsmsgs.exe
    C:Program FilesFree Download Managerfdm.exe
    C:Program FilesCommon FilesYandexYupdateyupdate.exe
    C:Program FilesYandexOnlineonline.exe
    C:Program FilesDownload Masterdmaster.exe
    C:Program Files2gisUpdateClientWin32UpdateClientService.exe
    C:Program FilesICQ6.5ICQ.exe
    C:Program FilesESETESET Smart Securityekrn.exe
    C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    C:Program FilesCyberLinkShared filesRichVideo.exe
    C:Program FilesiPodbiniPodService.exe
    C:Program FilesInternet ExplorerIEXPLORE.EXE
    C:Program FilesATI TechnologiesATI.ACEcli.exe
    C:Program FilesATI TechnologiesATI.ACEcli.exe
    C:DownloadsПрограммыRSIT.exe
    C:Program Filestrend micro1.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win.mail.ru/cgi-bin/msglist?folder=0&1056379155
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll
    O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesMail.RuSputnikMailRuSputnik.dll
    O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
    O2 — BHO: FDMIECookiesBHO Class — {CC59E0F9-7E43-44FA-9FAA-8377850BF205} — C:Program FilesFree Download Manageriefdm2.dll
    O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
    O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
    O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
    O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
    O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
    O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
    O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
    O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
    O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
    O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
    O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [MaxMenuMgr] «C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe»
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
    O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
    O4 — HKCU..Run: [Free Download Manager] C:Program FilesFree Download Managerfdm.exe -autorun
    O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
    O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
    O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
    O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
    O8 — Extra context menu item: Закачать все с помощью FDM — file://C:Program FilesFree Download Managerdlall.htm
    O8 — Extra context menu item: Закачать выбранное с помощью FDM — file://C:Program FilesFree Download Managerdlselected.htm
    O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
    O8 — Extra context menu item: Закачать с помощью FDM — file://C:Program FilesFree Download Managerdllink.htm
    O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/search.htm
    O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/planet.htm
    O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/dic.htm
    O8 — Extra context menu item: Перевести эту страницу в Google — C:Documents and SettingsAll UsersApplication DataTuneUp SoftwareTuneUp UtilitiesWebgtranslate.htm
    O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/282
    O8 — Extra context menu item: Скачать видео с Free Download Manager — file://C:Program FilesFree Download Managerdlfvideo.htm
    O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/283
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: BitComet — {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} — res://C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll/206 (file missing)
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O12 — Plugin for .amr: C:Program FilesInternet ExplorerPLUGINSnpqtplugin3.dll
    O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll
    O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Seagate Service (FreeAgentGoNext Service) — Seagate Technology LLC — C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
    O24 — Desktop Component 0: (no name) — http://content.foto.my.mail.ru/mail/irina.dvorkina/_myphoto/i-6.jpg

    —
    End of file — 10433 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksОдним Щелчком.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll [2009-01-16 656696]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-14 680624]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
    IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2005-05-24 67584]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class — C:Program FilesFree Download Manageriefdm2.dll [2008-12-30 98304]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2003-02-17 61440]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-04-18 2427968]
    {893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2008-03-14 204800]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-14 680624]
    {468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-17 804336]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-09-25 90112]
    «RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2005-05-25 14477312]
    «Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-04 69632]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-03-15 71216]
    «LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-02-07 54832]
    «NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-04-14 6210744]
    «MaxMenuMgr»=C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe [2008-07-30 177448]
    «egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-10-24 1451264]
    «iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2007-04-27 257088]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
    «TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2008-11-16 1234312]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
    «swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-04-21 68856]
    «MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
    «Free Download Manager»=C:Program FilesFree Download Managerfdm.exe [2009-01-31 3399727]
    «Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
    «YandexOnline»=C:Program FilesYandexOnlineonline.exe [2008-04-07 2297640]
    «Download Master»=C:Program FilesDownload Masterdmaster.exe [2006-01-06 931328]
    «ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
    «AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll»

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2006-12-17 110592]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
    «C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:ENABLE»
    «C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    ======List of files/folders created in the last 1 months======

    2009-07-16 02:01:29 —-D—- C:_OTM
    2009-07-16 00:15:48 —-D—- C:Program FilesToolKitService
    2009-07-15 21:34:59 —-D—- C:FlylinkDC++(2)
    2009-07-04 00:13:13 —-D—- C:Documents and Settings1Application DataMalwarebytes
    2009-07-04 00:13:07 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2009-07-04 00:13:06 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
    2009-07-03 18:38:18 —-D—- C:Program Filestrend micro
    2009-07-03 18:38:16 —-D—- C:rsit
    2009-07-03 17:48:26 —-A—- C:report.txt
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32ztvunace26.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32ztvcabinet.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32UNRAR3.dll
    2009-07-03 17:35:59 —-A—- C:WINDOWSsystem32unacev2.dll
    2009-07-03 17:35:38 —-D—- C:Program FilesTrojan Remover
    2009-07-03 17:35:38 —-D—- C:Documents and SettingsAll UsersApplication DataSimply Super Software
    2009-07-03 16:47:01 —-D—- C:Documents and SettingsAll UsersApplication Data16642814
    2009-07-03 16:45:07 —-D—- C:Program FilesWinPcap
    2009-06-29 11:12:11 —-A—- C:supportmail.exe
    2009-06-26 22:20:14 —-D—- C:jimm_best119501
    2009-06-26 15:12:32 —-D—- C:Флэшка
    2009-06-20 18:03:25 —-RSHD—- C:X
    2009-06-19 00:02:28 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesCommon FilesAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesAdobe

    ======List of files/folders modified in the last 1 months======

    2009-07-16 02:13:21 —-D—- C:WINDOWSTemp
    2009-07-16 02:11:36 —-D—- C:Documents and Settings1Application DataFree Download Manager
    2009-07-16 02:01:53 —-D—- C:WINDOWSsystem32
    2009-07-16 01:54:01 —-D—- C:WINDOWSPrefetch
    2009-07-16 01:36:15 —-D—- C:WINDOWSsystem32config
    2009-07-16 01:35:51 —-D—- C:WINDOWSsystem32wbem
    2009-07-16 01:35:50 —-D—- C:WINDOWSRegistration
    2009-07-16 01:35:12 —-A—- C:WINDOWSSchedLgU.Txt
    2009-07-16 01:20:31 —-D—- C:Program FilesMozilla Firefox
    2009-07-16 00:18:26 —-D—- C:WINDOWSsystem32drivers
    2009-07-16 00:15:48 —-SD—- C:WINDOWSDownloaded Program Files
    2009-07-16 00:15:48 —-RHD—- C:Program Files
    2009-07-16 00:15:43 —-D—- C:WINDOWSsystem32CatRoot2
    2009-07-15 14:40:56 —-D—- C:Downloads
    2009-07-15 09:54:23 —-D—- C:WINDOWSsystem32Lang
    2009-07-14 18:40:47 —-HD—- C:WINDOWS
    2009-07-14 15:49:08 —-A—- C:WINDOWSNeroDigital.ini
    2009-07-12 23:51:06 —-A—- C:WINDOWSPhotoSnapViewer.INI
    2009-07-09 00:01:38 —-SHD—- C:WINDOWSInstaller
    2009-07-04 13:56:33 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
    2009-07-03 19:36:01 —-D—- C:WINDOWSMinidump
    2009-07-03 10:10:49 —-D—- C:WINDOWSsystem
    2009-06-30 01:27:35 —-A—- C:WINDOWSwinamp.ini
    2009-06-21 22:23:52 —-D—- C:Documents and Settings1Application DataICQ
    2009-06-21 09:14:56 —-A—- C:WINDOWSModemLog_Последовательный кабель для связи компьютеров.txt
    2009-06-19 00:04:04 —-D—- C:Documents and Settings1Application DataAdobe
    2009-06-19 00:01:57 —-D—- C:Program FilesCommon Files

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-10-24 53256]
    R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-10-24 54280]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
    R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2002-09-16 4228]
    R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2008-06-23 5632]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-10-24 39944]
    R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-10-24 73224]
    R2 npf;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2007-11-16 34064]
    R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-12-17 1918464]
    R3 ATIAVAIW;ATI T200 Unified AVStream service; C:WINDOWSsystem32DRIVERSatinavt2.sys [2006-12-06 168832]
    R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-10-24 31240]
    R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-05-26 3134976]
    R3 ip100xp;ASUS NX1001 Network Adapter NT Driver; C:WINDOWSsystem32DRIVERSipfnd51.sys [2006-03-27 26752]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-14 5810]
    R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-21 5888]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-05-06 232064]
    S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
    S3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2006-09-19 15664]
    S3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-21 9600]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-21 12160]
    S3 MPE;BDA MPE фильтр; C:WINDOWSsystem32DRIVERSMPE.sys [2004-08-04 15360]
    S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
    S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
    S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-12-17 434176]
    R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-10-24 468224]
    R2 FreeAgentGoNext Service;Seagate Service; C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe [2008-07-30 161064]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-05-14 272024]
    R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
    R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-17 14336]
    R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2007-04-27 500800]
    S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-12-21 520192]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-10-24 19200]
    S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-04-18 138168]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-29 89136]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-06-04 307968]

    EOF

    19 июля, 2009 в 4:40 пп #24698
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Лог выглядит нормально.

    Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
    Результаты сканирования вставьте в ваш ответ.

    20 июля, 2009 в 5:42 дп #24701
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Не знаю, связано ли это с описанной мной выше проблемой, но у меня начались сбои с Internet Explorer.
    В-основном, при посещении сайта ВКонтакте.ру. Периодически окна, открытые на этом сайте, самопроизвольно закрываются, а иногда путешествие по этому сайту закрывает все окна, открытые в IE, и я вообще вылетаю из интернета. Может быть, посоветуете что-нибудь ?

    22 июля, 2009 в 2:17 пп #24702
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Как я уже писал выше, просканируйте компьютер онлайн сканером Касперского.

    Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
    После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

    Жду лог онлайн сканера и Combofix лог.

    23 июля, 2009 в 3:06 дп #24703
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Но ведь программа Касперского может войти в конфликт с установленным у меня антивирусом НОД32 ?

    24 июля, 2009 в 3:38 пп #24704
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Онлайн сканер никоим образом не будет конфликтовать с вашим антивирусом.

    8 августа, 2009 в 2:19 пп #24705
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Перед скачиванием сканера Касперского обнаружил предупреждение : «Внимание! Kaspersky Online Scanner 7.0 может не запуститься, если на вашем компьютере уже установлена и запущена другая антивирусная программа. Пожалуйста, отключите установленное на вашем компьютере антивирусное программное обеспечение перед запуском Kaspersky Online Scanner 7.0. «
    Опасаюсь устанавливать.
    Последняя проверка Malwarebytes:
    Malwarebytes’ Anti-Malware 1.38
    Версия базы данных: 2369
    Windows 5.1.2600 Service Pack 2

    08.08.2009 22:18:17
    mbam-log-2009-08-08 (22-18-17).txt

    Тип проверки: Быстрая
    Проверено объектов: 121748
    Прошло времени: 5 minute(s), 33 second(s)

    Заражено процессов в памяти: 1
    Заражено модулей в памяти: 0
    Заражено ключей реестра: 0
    Заражено значений реестра: 3
    Заражено параметров реестра: 0
    Заражено папок: 0
    Заражено файлов: 1

    Заражено процессов в памяти:
    C:WINDOWSsysmngsr322.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Заражено модулей в памяти:
    (Вредоносные программы не обнаружены)

    Заражено ключей реестра:
    (Вредоносные программы не обнаружены)

    Заражено значений реестра:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogontaskman (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmicrosoft driver setup (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRunmicrosoft driver setup (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Заражено параметров реестра:
    (Вредоносные программы не обнаружены)

    Заражено папок:
    (Вредоносные программы не обнаружены)

    Заражено файлов:
    c:WINDOWSsysmngsr322.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    8 августа, 2009 в 2:32 пп #24706
    darknvkz
    Participant
    • Темы:1
    • Сообщений:10
    • ☆

    Почему то начали самопроизвольно открываться пустые окна в Интернет Эксплорере. Любой автозапуск антивирус начал воспринимать, как угрозу. И невозможно стало теперь безопасно извлечь подсоединённый плеер — всплывает окно «невозможно… используется другой программой». Какой программой ? Непонятно…

  • Автор
    Сообщения
Просмотр 15 сообщений - с 1 по 15 (из 15 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 11 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 12 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    6 years, 2 months назад
  • Замучила реклама опубликовано Данила Беспятов
    6 years, 3 months назад
  • Замучила реклама опубликовано Марк
    6 years назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years, 5 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    6 years, 2 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 6 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)