Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › помогите
- This topic has 13 ответов, 2 участника, and was last updated 14 years, 7 months назад by Admin.
-
АвторСообщения
-
17 августа, 2009 в 2:27 пп #17002
здравствуйте.У меня проблема,подцепил трояна,антивирусники не чего не видят, и »Malwarebytes’ Anti- Malware» не помогает.В сети меня постоянно после каждого действия перекидывает на это сайт http://savekeep.com/ru/warning,по бокам монитора вылазят сообщения,»опасность заражения,ппытка кражи паролей и т.д».Что делать помогите плиззз
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-17 17:36:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (32%) free of 38 GB
Total RAM: 511 MB (16% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:59, on 17.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32uphclean.exe
C:program filespunto switcherps.exe
C:program filesVolumeControlvolume.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesNokiaNokia PC Suite 6Launch Application 2.exe
C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesNokiaNokia PC Suite 6PcSync2.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem324bm8hfs5.exe
C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe
C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe
C:PROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
D:ФильмыRSIT.exe
C:Program FilesTranslateIt!Translateit.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=44290
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://vdonsk.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://hosting.conduit.com/Uninstall?toolbarid=&version=4.5.189.21&uid=
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer предоставлен: Яндекс
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Symantec Intrusion Prevention — {6D53EC84-6AAE-4787-AEEE-F4628F01010C} — C:Program FilesNorton AntiVirusEngine16.5.0.134IPSBHO.DLL
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.15642swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O3 — Toolbar: (no name) — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — (no file)
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Punto Switcher] C:program filespunto switcherps.exe
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [CHotkey] mHotkey.exe
O4 — HKLM..Run: [D:ssclientssclientssClient.exe] D:ssclientssclientssClient.exe
O4 — HKLM..Run: [mouseElf] C:PROGRA~1NAVIGA~1MouseElf.EXE
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6Launch Application 2.exe -onlytray
O4 — HKLM..Run: [DataLayer] C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
O4 — HKLM..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [D:Internet Explorerinstall_flash_player_10_active_x.exe] D:Internet Explorerinstall_flash_player_10_active_x.exe
O4 — HKLM..Run: [Google Quick Search Box] «C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe» /autorun
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [DrWebScheduler] «C:Program FilesDrWebDRWEBSCD.EXE»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [oSecurity] «C:Program FilesSmartfix2009osecurity.exe»
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir Desktopavgnt.exe» /min
O4 — HKLM..RunOnce: [Cleanup] C:cleanup.exe
O4 — HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadlibNMBgMonitor.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [4bm8hfs5.exe] C:WINDOWSsystem324bm8hfs5.exe
O4 — HKLM..PoliciesExplorerRun: [sysmgr] C:WINDOWSsystem32sysmgr.exe
O4 — Global Startup: hp psc 1000 series.lnk = ?
O4 — Global Startup: hpoddt01.exe.lnk = ?
O4 — Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 — Global Startup: Ускоренный запуск Adobe Reader.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Альбом клипов HP — {58ECB495-38F0-49cb-A538-10282ABF65E7} — C:Program FilesHewlett-PackardSmart Web Printinghpswp_extensions.dll
O9 — Extra button: Расширенный выбор HP — {700259D7-1666-479a-93B1-3250410481E8} — C:Program FilesHewlett-PackardSmart Web Printinghpswp_extensions.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O17 — HKLMSystemCCSServicesTcpip..{8AD3F6FA-5DCA-45DD-8BD4-5168DB8463EF}: NameServer = 193.111.3.1,193.111.2.6
O17 — HKLMSystemCCSServicesTcpip..{BC056DA1-74A0-4040-9BFC-44FCA074BDB9}: NameServer = 85.255.114.8 85.255.112.210
O18 — Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 — AppInit_DLLs: ??????P
O21 — SSODL: UpdateCheck — {FCFDF40A-03B2-41BB-B099-B7964DABC60C} — C:WINDOWSsystem32regjpi.dll (file missing)
O23 — Service: Avira AntiVir Scheduler (AntiVirSchedulerService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopsched.exe
O23 — Service: Avira AntiVir Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopavguard.exe
O23 — Service: Ati HotKey Poller — Unknown owner — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Norton AntiVirus — Symantec Corporation — C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O24 — Desktop Component 0: (no name) — http://materinstvo.ru/skins/default/public/images/articles/s412_1237275554_1.jpg—
End of file — 9703 bytes======Scheduled tasks folder======
C:WINDOWStasksFRU Task #Hewlett-Packard#hp psc 1100 series#1170355636.job
C:WINDOWStasksWebReg 20070201214811.job
C:WINDOWStasksБазовая очистка.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention — C:Program FilesNorton AntiVirusEngine16.5.0.134IPSBHO.DLL [2009-08-16 107896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-20 259696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.15642swg.dll [2009-08-02 669168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll [2009-05-14 470512][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-20 259696]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-24 3697952][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:program filespunto switcherps.exe [2004-11-14 205824]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-16 36864]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-03-03 335872]
«CHotkey»=C:WINDOWSmHotkey.exe [2002-07-05 491008]
«D:ssclientssclientssClient.exe»=D:ssclientssclientssClient.exe []
«mouseElf»=C:PROGRA~1NAVIGA~1MouseElf.EXE [2004-09-20 196608]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6Launch Application 2.exe [2004-11-25 143360]
«DataLayer»=C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE [2004-12-09 1068032]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2005-11-09 128920]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-03-28 593920]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-12-16 185896]
«D:Internet Explorerinstall_flash_player_10_active_x.exe»=D:Internet Explorerinstall_flash_player_10_active_x.exe []
«Google Quick Search Box»=C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe [2009-05-14 68592]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2009-04-10 37888]
«DrWebScheduler»=C:Program FilesDrWebDRWEBSCD.EXE []
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe /agent []
«SpIDerMail»=C:Program FilesDrWebspiderml.exe []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2006-04-22 65024]
«oSecurity»=C:Program FilesSmartfix2009osecurity.exe []
«avgnt»=C:Program FilesAviraAntiVir Desktopavgnt.exe [2009-03-02 209153][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Cleanup»=C:cleanup.exe [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«sysmgr»=C:WINDOWSsystem32sysmgr.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«PcSync»=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe [2004-11-24 880640]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadlibNMBgMonitor.exe [2005-10-28 94208]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-01-11 39408]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe []
«4bm8hfs5.exe»=C:WINDOWSsystem324bm8hfs5.exe [2009-08-17 326656]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
hp psc 1000 series.lnk — C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
hpoddt01.exe.lnk — C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
InterVideo WinCinema Manager.lnk — C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
Ускоренный запуск Adobe Reader.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»??????P»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2004-08-03 86016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
avldr.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UpdateCheck — {FCFDF40A-03B2-41BB-B099-B7964DABC60C} — C:WINDOWSsystem32regjpi.dll [][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymEFA.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSymEFA.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«InstallVisualStyle»=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=C:WINDOWSResourcesThemesRoyale.theme
«SynchronousMachineGroupPolicy»=0
«SynchronousUserGroupPolicy»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMConfigurePrograms»=1
«NoDrives»=262144
«ForceCopyACLWithFile»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:GamesCounter-Strikecstrike.exe»=»D:GamesCounter-Strikecstrike.exe:*:Enabled:Counter-Strike Launcher»
«D:GamesCounter-Strikehl.exe»=»D:GamesCounter-Strikehl.exe:*:Enabled:Half-Life Launcher»
«C:Program FilesTotalCmdTOTALCMD.EXE»=»C:Program FilesTotalCmdTOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«C:Documents and SettingsAdminРабочий столnfsuclient.exe»=»C:Documents and SettingsAdminРабочий столnfsuclient.exe:*:Enabled:nfsuclient»
«C:nfsNeed For Speed Undergroundspeed.exe»=»C:nfsNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«D:Разноеpc telephonePC-TelephonePCTel.exe»=»D:Разноеpc telephonePC-TelephonePCTel.exe:*:Disabled:PC-Telephone executable»
«C:ИгрыRise of Nationrise.exe»=»C:ИгрыRise of Nationrise.exe:*:Enabled:Rise of Nations»
«C:Program FilesNeroNero 7Nero MediaHomeNeroMediaHome.exe»=»C:Program FilesNeroNero 7Nero MediaHomeNeroMediaHome.exe:*:Enabled:Nero MediaHome»
«C:Program FilesValvehl.exe»=»C:Program FilesValvehl.exe:*:Enabled:Half-Life Launcher»
«D:Чат Комфорт (Full)CommFort.exe»=»D:Чат Комфорт (Full)CommFort.exe:*:Enabled:CommFort»
«C:WINDOWSsystem32svchosst.exe»=»C:WINDOWSsystem32svchosst.exe:*:Enabled:Windows Life Messenger»
«C:WINDOWSsystem32sysmgr.exe»=»C:WINDOWSsystem32sysmgr.exe:*:Enabled:Windows Life Messenger»
«D:GamesCS16hl.exe»=»D:GamesCS16hl.exe:*:Enabled:Half-Life Launcher»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:AC3 audio (ac3)»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{433ca3a0-ebc0-11dd-9ca6-000d87c0ba45}]
shellAutoRuncommand — G:vuqyhy.exe
shellexplorecommand — G:vuqyhy.exe
shellopencommand — G:vuqyhy.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a5160540-ef0f-11dd-9cab-000d87c0ba45}]
shellAutoRuncommand — G:
shellopencommand — rundll32.exe .\p2psvw.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a5160541-ef0f-11dd-9cab-000d87c0ba45}]
shellAutoRuncommand — G:
shellopencommand — rundll32.exe .\scrigtpw.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a5160542-ef0f-11dd-9cab-000d87c0ba45}]
shellAutoRuncommand — G:
shellopencommand — rundll32.exe .\lssap.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c7788a90-adbf-11dd-bf95-000d87c0ba45}]
shellAutoRuncommand — G:yiaalj.exe
shellexplorecommand — G:yiaalj.exe
shellopencommand — G:yiaalj.exe======List of files/folders created in the last 1 months======
2009-12-28 23:38:54 —-A—- C:WINDOWS11z00hac9tool54c.dll
2009-12-27 19:24:35 —-A—- C:WINDOWSsystem324553spy9are2629z.exe
2009-12-26 07:05:34 —-A—- C:WINDOWSsystem3216515zorm9515.exe
2009-12-24 20:36:47 —-A—- C:WINDOWS526eback9oo52456z.dll
2009-12-24 08:11:34 —-A—- C:WINDOWS97zaddw5re2112.exe
2009-12-24 02:29:26 —-A—- C:WINDOWS4852backdoorz940.exe
2009-12-19 16:04:12 —-A—- C:WINDOWSsystem3256zaddware1692.dll
2009-12-19 15:32:01 —-A—- C:WINDOWSsystem3213d4a5dwa9z1897.exe
2009-12-18 06:13:54 —-A—- C:WINDOWSsystem32518wo9m155z.exe
2009-12-14 15:39:50 —-A—- C:WINDOWSsystem32z6898t9oj35f.dll
2009-12-13 19:49:00 —-A—- C:WINDOWS29eastea593z.dll
2009-12-13 16:15:53 —-A—- C:WINDOWS5ze8a5d9are512.dll
2009-12-13 09:05:44 —-A—- C:WINDOWSsystem3255979n9z-a-virus79.exe
2009-12-12 09:37:29 —-A—- C:WINDOWSsystem323e65ac9door65z.exe
2009-12-12 02:06:10 —-A—- C:WINDOWS5157addzare3091.dll
2009-12-11 00:06:41 —-A—- C:WINDOWSz421addw5re21209.exe
2009-12-10 10:34:41 —-A—- C:WINDOWSsystem32122zspars914955.exe
2009-12-07 02:15:09 —-A—- C:WINDOWS90992zackto5l3a5.exe
2009-12-06 17:08:55 —-A—- C:WINDOWS14912not59-viruz407.exe
2009-12-04 23:08:18 —-A—- C:WINDOWSsystem322614dow95oadzr920.dll
2009-12-03 18:02:24 —-A—- C:WINDOWSsystem3256fbspyware291z.exe
2009-12-03 11:53:51 —-A—- C:WINDOWSsystem324b56downloade91121z.dll
2009-12-02 06:23:14 —-A—- C:WINDOWS25d4vi91z72.dll
2009-12-02 02:07:18 —-A—- C:WINDOWSsystem325d59szarse359.dll
2009-12-01 06:06:04 —-A—- C:WINDOWSsystem3230289tzo565e.exe
2009-12-01 04:28:14 —-A—- C:WINDOWSsystem326485sparze5299.exe
2009-11-29 00:56:24 —-A—- C:WINDOWS58110szy596.exe
2009-11-27 22:05:53 —-A—- C:WINDOWSsystem3216619ha5ktooz596.dll
2009-11-26 11:30:36 —-A—- C:WINDOWSsystem324e35szarse954.exe
2009-11-25 06:06:06 —-A—- C:WINDOWS5f99zownloader3004.exe
2009-11-23 13:46:09 —-A—- C:WINDOWSd95sp9rse58z4.dll
2009-11-23 07:34:54 —-A—- C:WINDOWS8969s5y3z.exe
2009-11-22 20:41:20 —-A—- C:WINDOWSsystem326119st5alz177.exe
2009-11-21 15:20:06 —-A—- C:WINDOWS92494spyz1c5.exe
2009-11-21 04:08:10 —-A—- C:WINDOWS3217vzr2295.dll
2009-11-19 15:22:23 —-A—- C:WINDOWS51249zirus19b.exe
2009-11-17 21:59:56 —-A—- C:WINDOWSsystem329d25addware1z50.dll
2009-11-16 12:10:21 —-A—- C:WINDOWSsystem32968woz56d9.exe
2009-11-15 12:26:34 —-A—- C:WINDOWSsystem321c655iz1907.exe
2009-11-14 13:30:37 —-A—- C:WINDOWSsystem3250e5addwar9739z.dll
2009-11-14 07:49:01 —-A—- C:WINDOWSsystem323acabackdo9z22505.dll
2009-11-07 13:56:59 —-A—- C:WINDOWSsystem32434ead5warez2569.exe
2009-11-06 23:36:36 —-A—- C:WINDOWSsystem322z5235ackt9ol45c.exe
2009-11-06 04:10:10 —-A—- C:WINDOWS17d5backdoor1z9.dll
2009-11-05 10:09:04 —-A—- C:WINDOWS5z665virus594.dll
2009-11-05 08:53:51 —-A—- C:WINDOWS250zsp559b.exe
2009-11-05 03:29:39 —-A—- C:WINDOWSsystem3217910vi9us36z5.dll
2009-11-01 22:17:32 —-A—- C:WINDOWSz041t9rea511021.dll
2009-10-29 00:53:35 —-A—- C:WINDOWSsystem325912stza5878.exe
2009-10-27 19:30:54 —-A—- C:WINDOWSsystem32220z7troj59e9.dll
2009-10-27 05:20:50 —-A—- C:WINDOWS368spyza591966.exe
2009-10-26 03:41:10 —-A—- C:WINDOWSsystem329fd35zreat16271.exe
2009-10-22 19:05:08 —-A—- C:WINDOWS63zb9pyware2185.exe
2009-10-21 15:46:13 —-A—- C:WINDOWSsystem3256cdthre9t10019z.exe
2009-10-20 10:25:19 —-A—- C:WINDOWS95100trojz615.exe
2009-10-17 03:13:13 —-A—- C:WINDOWSsystem3215640spy3z9.dll
2009-10-16 10:28:54 —-A—- C:WINDOWS57a2downz9ader5746.exe
2009-10-15 04:37:07 —-A—- C:WINDOWS5zaevir1594.dll
2009-10-13 05:53:41 —-A—- C:WINDOWS4d65stezl7799.dll
2009-10-12 06:29:43 —-A—- C:WINDOWSsystem32z255hackto9l5ef.exe
2009-10-11 17:23:49 —-A—- C:WINDOWS23495hackto5z401.exe
2009-10-09 17:53:07 —-A—- C:WINDOWSsystem3259d7szarse755.exe
2009-10-07 19:50:10 —-A—- C:WINDOWS29942vir5z48b.dll
2009-10-06 19:21:11 —-A—- C:WINDOWS3z14t5rea98925.dll
2009-10-02 19:00:26 —-A—- C:WINDOWS79095ownloader1z9.exe
2009-10-02 14:17:58 —-A—- C:WINDOWSz59steal888.exe
2009-09-26 01:30:18 —-A—- C:WINDOWS5946adz5are1466.exe
2009-09-22 20:05:45 —-A—- C:WINDOWS5116zorm569.exe
2009-09-22 06:29:56 —-A—- C:WINDOWS25209spy57bz.dll
2009-09-21 17:49:00 —-A—- C:WINDOWSsystem3216895t5ojzc9.dll
2009-09-15 09:18:25 —-A—- C:WINDOWSsystem3228570no9-a-virus31z.dll
2009-09-09 15:55:38 —-A—- C:WINDOWS3998s5eaz1661.exe
2009-09-09 09:13:12 —-A—- C:WINDOWS16043wor59e0z.exe
2009-09-08 15:34:35 —-A—- C:WINDOWSsystem3229475not-a-virus563z.exe
2009-09-03 23:46:08 —-A—- C:WINDOWSsystem327a20a9dzare2305.dll
2009-09-01 21:04:30 —-A—- C:WINDOWS18dbspa9z5976.dll
2009-08-27 03:57:54 —-A—- C:WINDOWS9857wz5m59.exe
2009-08-25 21:04:50 —-A—- C:WINDOWSsystem325a36v5r69z.exe
2009-08-17 18:35:41 —-A—- C:WINDOWS5d9backdzor50.dll
2009-08-17 17:36:05 —-D—- C:Program Filestrend micro
2009-08-17 17:36:03 —-D—- C:rsit
2009-08-17 16:32:03 —-A—- C:WINDOWSsystem32pidvskam.txt
2009-08-17 16:13:49 —-D—- C:Avenger
2009-08-17 16:12:58 —-A—- C:zip.exe
2009-08-17 16:12:58 —-A—- C:cleanup.bat
2009-08-17 06:50:19 —-A—- C:WINDOWS5c71ba5kdooz2924.exe
2009-08-17 01:36:18 —-A—- C:WINDOWSsystem3224797spambot556z.dll
2009-08-17 01:36:18 —-A—- C:WINDOWS69979hr5az25547.dll
2009-08-17 01:36:18 —-A—- C:WINDOWS3983d9wnlz5der1787.dll
2009-08-17 01:36:17 —-A—- C:WINDOWSsystem3212993zroj4ba5.dll
2009-08-17 01:36:17 —-A—- C:WINDOWS9c1asteal3z45.dll
2009-08-17 01:36:16 —-A—- C:WINDOWS53cbvi5950z.dll
2009-08-17 01:36:16 —-A—- C:WINDOWS3949zspam5ot536.dll
2009-08-17 01:36:15 —-A—- C:WINDOWSsystem3225957not5a-virus29fz.dll
2009-08-17 01:36:15 —-A—- C:WINDOWS258885zrus9e0.exe
2009-08-17 01:36:15 —-A—- C:WINDOWS13360not-z-vi95s2e1.dll
2009-08-17 01:36:14 —-A—- C:WINDOWS5145st9zl2993.exe
2009-08-17 01:36:14 —-A—- C:WINDOWS22295i9us56z.dll
2009-08-17 01:36:10 —-A—- C:WINDOWS266929a5kzool517.dll
2009-08-17 01:36:10 —-A—- C:WINDOWS1db5downz59der2156.exe
2009-08-17 01:36:09 —-A—- C:WINDOWSsystem3296152hacktzol476.dll
2009-08-17 01:36:09 —-A—- C:WINDOWSsystem3222292spamb5tzc.exe
2009-08-17 01:36:09 —-A—- C:WINDOWS3135zspy9e5.dll
2009-08-17 01:35:43 —-A—- C:WINDOWSsystem327e9ebackdo5z648.exe
2009-08-17 01:35:43 —-A—- C:WINDOWS5420zi9us503.exe
2009-08-17 01:35:42 —-A—- C:WINDOWSz9601hackt95l4f4.exe
2009-08-17 01:35:41 —-A—- C:WINDOWSsystem326bz8s5ea976.dll
2009-08-17 01:35:41 —-A—- C:WINDOWS31536spamzot1019.exe
2009-08-17 01:35:40 —-A—- C:WINDOWS14z12not-a9virus654.dll
2009-08-17 01:35:39 —-A—- C:WINDOWSsystem3252zasp5wa9e2398.dll
2009-08-17 01:35:39 —-A—- C:WINDOWSsystem32374cszars53993.dll
2009-08-17 01:35:39 —-A—- C:WINDOWS9edzh5ef1090.exe
2009-08-17 01:35:39 —-A—- C:WINDOWS5b4a9oznlo5der2187.dll
2009-08-17 01:35:39 —-A—- C:WINDOWS5155st9zl995.exe
2009-08-17 01:35:39 —-A—- C:WINDOWS22z14not-9-viru550f.dll
2009-08-17 01:35:38 —-A—- C:WINDOWSsystem3293425pyware288z.dll
2009-08-17 01:35:38 —-A—- C:WINDOWSsystem3290843spambot2z75.dll
2009-08-17 01:35:38 —-A—- C:WINDOWSsystem322c91steaz5208.exe
2009-08-17 01:35:37 —-A—- C:WINDOWSsystem3232f35hreat29z769.exe
2009-08-17 01:35:37 —-A—- C:WINDOWS759cstea9132z.dll
2009-08-17 01:35:37 —-A—- C:WINDOWS58a9ownloadez935.exe
2009-08-17 01:35:37 —-A—- C:WINDOWS4992d5wnloadzr2425.dll
2009-08-17 01:35:37 —-A—- C:WINDOWS131945azk9ool119.dll
2009-08-17 01:35:36 —-A—- C:WINDOWS7e535tea9325z.dll
2009-08-17 01:35:36 —-A—- C:WINDOWS7a959hreat23z24.exe
2009-08-17 01:35:35 —-A—- C:WINDOWSsystem322652s9arse3065z.dll
2009-08-17 01:35:35 —-A—- C:WINDOWS17857spz5da9.dll
2009-08-17 01:35:33 —-A—- C:WINDOWSsystem32862zspambo9155.dll
2009-08-17 01:35:33 —-A—- C:WINDOWSsystem327c59vzr20299.exe
2009-08-17 01:35:32 —-A—- C:WINDOWSsystem32b8azpars58939.dll
2009-08-17 01:35:32 —-A—- C:WINDOWSsystem3274ecspyzare9745.dll
2009-08-17 01:35:32 —-A—- C:WINDOWSsystem3224z12spy7995.exe
2009-08-17 01:35:32 —-A—- C:WINDOWS542z1vir9s264.dll
2009-08-17 01:35:31 —-A—- C:WINDOWSsystem3225z9vir2689.dll
2009-08-17 01:35:30 —-A—- C:WINDOWSsystem324bm8hfs5.exe
2009-08-17 01:35:30 —-A—- C:WINDOWSsystem321540z9ot-a-virus1d.exe
2009-08-17 01:35:30 —-A—- C:WINDOWS16896h5cktoz9136.dll
2009-08-16 23:39:33 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-08-16 23:39:33 —-A—- C:WINDOWSsystem32S32EVNT1.DLL
2009-08-16 23:38:57 —-D—- C:Program FilesWindows Sidebar
2009-08-16 23:38:57 —-D—- C:Program FilesNorton AntiVirus
2009-08-16 23:38:57 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-08-16 23:38:53 —-D—- C:Documents and SettingsAll UsersApplication DataNorton
2009-08-16 20:59:11 —-D—- C:Program FilesInstallShield Installation Information
2009-08-16 20:14:25 —-D—- C:Program FilesNortonInstaller
2009-08-16 20:14:25 —-D—- C:Documents and SettingsAll UsersApplication DataNortonInstaller
2009-08-16 14:26:06 —-D—- C:Program FilesAvira
2009-08-16 14:26:06 —-D—- C:Documents and SettingsAll UsersApplication DataAvira
2009-08-15 21:54:10 —-A—- C:WINDOWS3bbc9ackdoor530z.dll
2009-08-15 21:08:43 —-A—- C:WINDOWS3699sparsz1587.exe
2009-08-15 05:04:37 —-A—- C:WINDOWSsystem323a565zwnloade91093.dll
2009-08-14 14:28:37 —-D—- C:Program FilesAlwil Software
2009-08-13 23:16:51 —-A—- C:WINDOWSsystem32z829th9eat56923.exe
2009-08-13 13:54:54 —-D—- C:Documents and SettingsAdminApplication DataTranslateIt7.5
2009-08-13 13:54:42 —-D—- C:Program FilesTranslateIt!
2009-08-12 02:08:21 —-A—- C:WINDOWSsystem326b2fsp9zare26505.dll
2009-08-11 00:49:40 —-A—- C:WINDOWS291115pamzot168.exe
2009-08-10 13:08:41 —-A—- C:WINDOWS8058not-a-virz97f4.exe
2009-08-09 14:27:54 —-A—- C:WINDOWS599d5ackzoor247.dll
2009-08-07 02:41:46 —-A—- C:WINDOWS31bct9zeat17453.exe
2009-08-05 19:33:48 —-A—- C:WINDOWSsystem3241e5threat98576z.exe
2009-08-05 15:27:18 —-A—- C:WINDOWS18a99hi5f2z63.dll
2009-08-03 12:07:46 —-A—- C:WINDOWS3896backdzor3225.dll
2009-08-02 10:58:49 —-A—- C:WINDOWSsystem323dcbt9zeat223945.exe
2009-07-31 22:49:28 —-D—- C:Program FilesYandex
2009-07-31 22:49:28 —-D—- C:Documents and SettingsAdminApplication DataYandex
2009-07-31 22:49:27 —-HD—- C:WINDOWSmsdownld.tmp
2009-07-31 22:49:01 —-D—- C:WINDOWSWBEM
2009-07-31 22:48:03 —-HDC—- C:WINDOWSie8
2009-07-31 22:48:03 —-D—- C:WINDOWSsystem32ru-RU
2009-07-28 22:53:53 —-A—- C:WINDOWSsystem3211380spz3935.exe
2009-07-26 21:46:46 —-D—- C:WINDOWSsystem32AGEIA
2009-07-26 21:46:45 —-D—- C:Program FilesAGEIA Technologies
2009-07-26 21:46:37 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-07-26 15:04:46 —-A—- C:WINDOWSsystem327ec8addwar5z592.dll
2009-07-25 10:39:46 —-D—- C:Documents and SettingsAdminApplication DataPanda Security
2009-07-24 10:22:11 —-A—- C:WINDOWS48645parse99z9.exe
2009-07-24 09:32:23 —-A—- C:WINDOWSsystem326513sparse194z.dll
2009-07-23 10:57:08 —-A—- C:WINDOWSsystem3293z2threat24557.dll
2009-07-23 09:43:34 —-A—- C:WINDOWS310b5ckz9or1698.dll
2009-07-23 05:30:49 —-A—- C:WINDOWS7d3esparse259z.exe
2009-07-21 05:59:32 —-A—- C:WINDOWSsystem32150aaddwzr92870.dll
2009-07-18 18:54:32 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-07-18 18:45:45 —-D—- C:WINDOWSPrefetch
2009-07-18 18:45:45 —-A—- C:WINDOWSSchedLgU.Txt
2009-07-18 17:45:30 —-D—- C:Documents and SettingsAdminApplication DataAvant Profiles
2009-07-18 15:14:28 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files======List of files/folders modified in the last 1 months======
2009-08-17 17:36:38 —-D—- C:WINDOWSTemp
2009-08-17 17:36:05 —-RD—- C:Program Files
2009-08-17 16:39:03 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-08-17 16:32:03 —-D—- C:WINDOWSsystem32drivers
2009-08-17 16:32:03 —-AD—- C:WINDOWSsystem32
2009-08-17 16:28:12 —-D—- C:WINDOWSsystem32CatRoot2
2009-08-17 11:47:11 —-D—- C:Program FilesCommon Files
2009-08-17 11:47:11 —-AD—- C:WINDOWS
2009-08-17 01:28:38 —-D—- C:WINDOWSSoftwareDistribution
2009-08-17 01:23:14 —-D—- C:Documents and SettingsAll UsersApplication DataPanda Security
2009-08-16 23:39:47 —-SHD—- C:System Volume Information
2009-08-16 23:39:36 —-AHD—- C:WINDOWSinf
2009-08-16 23:36:54 —-D—- C:анти вирусы
2009-08-16 23:26:24 —-A—- C:AUTOEXEC.BAT
2009-08-16 14:23:44 —-SHD—- C:WINDOWSInstaller
2009-08-16 14:23:44 —-HD—- C:Config.Msi
2009-08-16 14:23:43 —-D—- C:WINDOWSWinSxS
2009-08-16 11:57:13 —-A—- C:WINDOWSWINCMD.INI
2009-08-16 11:41:28 —-A—- C:WINDOWSwcx_ftp.ini
2009-08-14 17:27:09 —-D—- C:WINDOWSsystem32config
2009-08-13 14:40:03 —-D—- C:Program Filesasd
2009-08-13 14:31:17 —-A—- C:WINDOWSNeroDigital.ini
2009-08-13 13:54:47 —-RSD—- C:WINDOWSFonts
2009-07-31 22:51:21 —-D—- C:Program FilesInternet Explorer
2009-07-31 22:51:20 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-07-31 22:51:20 —-D—- C:WINDOWSHelp
2009-07-31 22:48:55 —-D—- C:WINDOWSMedia
2009-07-26 21:48:11 —-D—- C:WINDOWSsystem32DirectX
2009-07-26 21:48:02 —-RSD—- C:WINDOWSassembly
2009-07-26 21:46:58 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-07-26 21:46:19 —-D—- C:Program FilesOpenAL
2009-07-26 21:46:19 —-A—- C:WINDOWSsystem32wrap_oal.dll
2009-07-26 21:46:19 —-A—- C:WINDOWSsystem32OpenAL32.dll
2009-07-25 19:08:53 —-D—- C:WINDOWSsystem
2009-07-25 11:56:50 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-07-25 10:36:19 —-D—- C:Program FilesKaspersky Lab
2009-07-18 18:53:10 —-D—- C:Program FilesDrWeb
2009-07-18 18:52:40 —-SD—- C:WINDOWSTasks
2009-07-18 17:25:11 —-D—- C:WINDOWSMinidump
2009-07-18 15:24:52 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2007-02-01 82380]
R1 avgio;avgio; ??C:Program FilesAviraAntiVir Desktopavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-03-30 96104]
R1 BHDrvx86;Symantec Heuristics Driver; ??C:WINDOWSsystem32driversNAV1005000.086BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; ??C:WINDOWSsystem32driversNAV1005000.086ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 IDSxpx86;IDSxpx86; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsipsdefs20090810.001IDSxpx86.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-04-14 40448]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-05-13 79488]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); ??C:WINDOWSsystem32driversNAV1005000.086SRTSPX.SYS []
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;Symantec Network Dispatch Driver; ??C:WINDOWSsystem32driversNAV1005000.086SYMTDI.SYS []
R1 VD_FileDisk;VD_FileDisk; C:WINDOWSsystem32driversVD_FileDisk.sys [2005-04-16 15232]
R2 avgntflt;avgntflt; C:WINDOWSsystem32DRIVERSavgntflt.sys [2009-07-28 55656]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-02-27 611820]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-03 768512]
R3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2007-03-21 223128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 NAVENG;NAVENG; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:Documents and SettingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022NAVEX15.SYS []
R3 Pcatip;Pcatip; C:WINDOWSSystem32DRIVERSPcatip.sys [2007-01-29 68960]
R3 Pcouffin;Low level access layer for CD devices; C:WINDOWSSystem32DriversPcouffin.sys [2007-01-29 35936]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 SRTSP;Symantec Real Time Storage Protection; ??C:WINDOWSsystem32driversNAV1005000.086SRTSP.SYS []
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; ??C:WINDOWSsystem32driversNAV1005000.086SYMFW.SYS []
R3 SYMIDS;Symantec Network Filter Driver; ??C:WINDOWSsystem32driversNAV1005000.086SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:WINDOWSsystem32DRIVERSSymIM.sys [2009-08-16 36400]
R3 SYMNDIS;Symantec Network Filter Driver; ??C:WINDOWSsystem32driversNAV1005000.086SYMNDIS.SYS []
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2005-10-26 27264]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-02-13 57984]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S1 FileDisk;FileDisk; C:WINDOWSsystem32driversFileDisk.sys []
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 genmcmnUSB;USB Scroll Mouse Driver; C:WINDOWSsystem32DRIVERSgflmouhid.sys [2004-04-19 6656]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2007-03-08 21568]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2004-11-29 139319]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:WINDOWSsystem32DRIVERSse58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSse58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSse58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSse58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:WINDOWSsystem32DRIVERSse58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSse58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:WINDOWSsystem32DRIVERSse58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:WINDOWSsystem32DRIVERSSymIM.sys [2009-08-16 36400]
S3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2006-04-14 12416]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2005-06-16 31744]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-12-28 26368]
S3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2005-07-30 121856]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zlportio;zlportio; ??c:ИгрыD-DAYD-DayDriver1zlportio.sys []
S3 zmNTZip;zmNTZip; ??C:Program FilesZipMagiczmNTZip.sys []
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:Program FilesAviraAntiVir Desktopsched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:Program FilesAviraAntiVir Desktopavguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-08-03 389120]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2004-08-18 14336]
R2 Norton AntiVirus;Norton AntiVirus; C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe [2009-08-16 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2004-08-18 14336]
R2 UPHClean;User Profile Hive Cleanup; C:WINDOWSsystem32uphclean.exe [2006-01-16 241725]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2004-08-03 516096]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 UMWdf;Компонент драйверов пользовательского режима Windows; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
info.txt logfile of random’s system information tool 1.06 2009-08-17 17:37:05======Uninstall list======
—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>MsiExec /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
32 Bit HP CIO Components Installer—>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 8—>MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.0.5 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
AGEIA PhysX v7.07.24—>MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}setup.exe»
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir Desktopsetup.exe /REMOVE
CheMax Rus 4.8—>»C:Program FilesCheMaxRusunins000.exe»
ContentSaver—>»C:Program FilesContentSaverUninstall.exe»
Counter-Strike 1.6 Melan 2.01—>D:GamesCounter-Strike 1.6 MelanUninstall.exe
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime 9 0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{13B792AA-C078-43A4-8A3A-8B12D629940D}Setup.exe» -l0x19
Disc2Phone—>MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
ebgcInfra—>MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes—>MsiExec.exe /X{8752A55A-6E7C-4A7B-B6CB-C847DB9C6E25}
ebgcSDK—>MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
Fraps—>»C:Frapsuninstall.exe»
GameArena—>MsiExec.exe /I{9B5E67ED-6430-44B4-AD39-577D5B8B1451}
GameSpy Arcade—>C:PROGRA~1GAMESP~1UNWISE.EXE C:PROGRA~1GAMESP~1INSTALL.LOG
GENS—>D:Gamesuninstal.exe
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_9DE96A29E721D90A.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Планета Земля—>MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
hp psc 1100 series—>MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
HP Smart Web Printing—>MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Update—>MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply—>MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Indeo® Software—>C:WINDOWSIsUninst.exe -f»C:Program FilesLigosIndeoUninst.isu» -c»C:Program FilesLigosIndeoIndeo System Filesindounin.dll»
InfoDonsk v9.0—>»C:Program FilesInfoDonskVolgodonskunins000.exe»
InterVideo WinDVD 4—>»C:Program FilesInstallShield Installation Information{98E8A2EF-4EAE-43B8-A172-74842B764777}setup.exe» REMOVEALL
L&H TTS3000 Deutsch—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSGED.inf, Uninstall
L&H TTS3000 Espaсol—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSSPE.inf, Uninstall
L&H TTS3000 Franзais—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSFRF.inf, Uninstall
L&H TTS3000 Italiano—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSITI.inf, Uninstall
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
Little Shop of Treasures 2—>C:PROGRA~1GAMEHO~1LITTLE~1UNWISE.EXE /U C:PROGRA~1GAMEHO~1LITTLE~1INSTALL.LOG
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1 Hotfix (KB886903)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM886903M886903Uninstall.msp»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0—>MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Office Runtime—>MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Mind Medley—>C:PROGRA~1GAMEHO~1MINDME~1UNWISE.EXE /U C:PROGRA~1GAMEHO~1MINDME~1INSTALL.LOG
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser—>MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia keyboard driver Ver1.07—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4F896DE0-EF26-11D5-BBEC-00D0B740900A}Setup.exe»
Navigator—>C:Program FilesNavigatorSetup.exe /Uninstall
Nero 7 Demo—>MsiExec.exe /I{3F7C2E67-9FA7-4558-B335-DA0C509F1049}
Nokia Connectivity Cable Driver—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5} /l1049
Nokia PC Suite—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{9012E9AD-0183-4FAD-A379-BCC5B6C62098} /l1049
Norton AntiVirus—>C:Program FilesNortonInstaller{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV562C4DD516.5.0.134InstStub.exe /X
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
particleIllusion 3.0—>C:WINDOWSIsUninst.exe -f»C:Program FilesparticleIllusion_3Uninst.isu»
Pontifex—>C:Documents and SettingsAdminРабочий столИгрыuninstall.exe
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
Russian interface language for ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /X{A32C73ED-D8AD-4805-B293-39022C3DF15D}
Sony Ericsson PC Suite—>MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
Total Commander 6.53 Podarok Edition 4—>»C:Program FilesTotalCmdunins000.exe»
TranslateIt! 7.5—>»C:Program FilesTranslateIt!unins000.exe»
Video Converter 3—>C:Program FilesXilisoftVideo Converter 3Uninstall.exe
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XviD 1.1 final uninstall—>»C:Program FilesXviDunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Драйверы для Программа обработки фотографий и изображений HP 2.0 — All-in-One—>MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
еда выполнения Visual Studio 2005 Tools for Office, второй выпуск—>C:Program FilesCommon FilesMicrosoft SharedVSTO8.0Microsoft Visual Studio 2005 Tools for Office Runtimeinstall.exe
Мультимедиа альбом HP—>MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Программа обработки фотографий и изображений HP 2.0 — All-in-One—>MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
рограмма обработки фотографий и изображений HP 2.0 — psc 1100—>C:Program FilesHewlett-PackardDigital Imaging{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}Setuphpzscr01.exe -datfile hposcr02.dat -forcereboot
Телефонный справочник—>C:Program FilesТелефонный справочникuninstal.exe
Яндекс.Бар для Internet Explorer 4.1.0—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
AV: Norton AntiVirus
AV: AntiVir Desktop
FW: R-Firewall======System event log======
Computer Name: REANIMAT-2028C6
Event Code: 7035
Message: Служба «Служба обнаружения SSDP» успешно отправила управляющий элемент «запустить».Record Number: 53803
Source Name: Service Control Manager
Time Written: 20090719195828.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: REANIMAT-2028C6
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 53802
Source Name: Service Control Manager
Time Written: 20090719195826.000000+240
Event Type: информация
User:Computer Name: REANIMAT-2028C6
Event Code: 7035
Message: Служба «Диспетчер подключений удаленного доступа» успешно отправила управляющий элемент «запустить».Record Number: 53801
Source Name: Service Control Manager
Time Written: 20090719195822.000000+240
Event Type: информация
User: REANIMAT-2028C6AdminComputer Name: REANIMAT-2028C6
Event Code: 7036
Message: Служба «Телефония» перешла в состояние Работает.Record Number: 53800
Source Name: Service Control Manager
Time Written: 20090719195822.000000+240
Event Type: информация
User:Computer Name: REANIMAT-2028C6
Event Code: 7036
Message: Служба «Служба шлюза уровня приложения» перешла в состояние Работает.Record Number: 53799
Source Name: Service Control Manager
Time Written: 20090719195822.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: REANIMAT-2028C6
Event Code: 1001
Message: User profile hive cleanup service version 1.6.30.0 started successfully.Record Number: 332
Source Name: UPHClean
Time Written: 20090519132245.000000+240
Event Type: информация
User:Computer Name: REANIMAT-2028C6
Event Code: 13
Message:
Record Number: 331
Source Name: SPIDERNT
Time Written: 20090519132243.000000+240
Event Type: информация
User:Computer Name: REANIMAT-2028C6
Event Code: 0
Message:
Record Number: 330
Source Name: hpqddsvc
Time Written: 20090519132236.000000+240
Event Type: информация
User:Computer Name: REANIMAT-2028C6
Event Code: 105
Message: The service was started.Record Number: 329
Source Name: ATI Smart
Time Written: 20090519132228.000000+240
Event Type: информация
User:Computer Name: REANIMAT-2028C6
Event Code: 1010
Message: User profile hive cleanup service stopped successfully.Record Number: 328
Source Name: UPHClean
Time Written: 20090519124602.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESATI TECHNOLOGIESATI CONTROL PANEL;C:PROGRAM FILESCOMMON FILESTELECA SHARED
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 3 Stepping 3, GenuineIntel
«PROCESSOR_REVISION»=0303
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«DEVMGR_SHOW_DETAILS»=1
«DEVMGR_SHOW_NONPRESENT_DEVICES»=1
EOF
17 августа, 2009 в 4:21 пп #25290Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
17 августа, 2009 в 7:26 пп #25291лог файл вставить не получается,пишут слишком много символов,привышает на 2800,щас в два захода отправлю
19 августа, 2009 в 3:45 пп #25292ComboFix 09-08-10.06 — Admin 17.08.2009 22:48.1.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.116 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: R-Firewall *enabled* {5BD9A3DC-50A1-4B8B-9FFF-1BDFBD36831B}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAdminLocal SettingsTemporary Internet FilesEB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windows1012sp9ware51z4.exe
c:windows10149tr5j6z9.dll
c:windows10221zpa59ot319.bin
c:windows1045zt5oj9e.bin
c:windows1065zhreat124529.cpl
c:windows10952z59m305.cpl
c:windows1097tzief2505.ocx
c:windows10985worz593.exe
c:windows10z95not9a5virus7fe.cpl
c:windows1110ad5wzre1910.cpl
c:windows11119hac5tooz260.dll
c:windows11679v5rus5d3z.cpl
c:windows1181295ojz76.cpl
c:windows11z00hac9tool54c.dll
c:windows11z72v9ru56a6.ocx
c:windows1205zpamb9t76.cpl
c:windows12198hackt9ol5z7.dll
c:windows12409virzs975.bin
c:windows12491spambzt55b9.exe
c:windows1265395t-a-virus1ez.dll
c:windows1277d5w9loader149z.bin
c:windows1283zspamb5t3df9.dll
c:windows131945azk9ool119.dll
c:windows13360not-z-vi95s2e1.dll
c:windows1349thr5at211z3.dll
c:windows13553sp59bot5c5z.dll
c:windows13664tzoj5b69.cpl
c:windows13927z5ojcb9.dll
c:windows139z39roj7fd5.bin
c:windows13z69a5kdoor2741.bin
c:windows140169ot-a-5irus72z.cpl
c:windows14097s5azbot1c8.cpl
c:windows14445viru928dz.ocx
c:windows14515not-a-9irus3a2z.dll
c:windows14579owzload5r1914.cpl
c:windows1462downlzad5r2495.dll
c:windows14912not59-viruz407.exe
c:windows14f2do9nzoader31485.dll
c:windows14z12not-a9virus654.dll
c:windows15007viru9555z.cpl
c:windows1511zhacktool7c9.ocx
c:windows151639orm7z3.bin
c:windows15194vizus6995.dll
c:windows15279pywzre1507.bin
c:windows15299hazktool35d.bin
c:windows153909zrm685.dll
c:windows15391notz9-virus556.dll
c:windows153955ot-a-virus5z59.exe
c:windows15458notz9-virus89.bin
c:windows15557vi9zs354.dll
c:windows15579zcktool4b5.bin
c:windows15595hacktool2e6z.dll
c:windows15689not-a-zi5us1529.cpl
c:windows156e5iz1239.bin
c:windows15766spambot5z9.bin
c:windows15858sp9mbot5z.bin
c:windows15911nzt-a-v9rus458.ocx
c:windows15985virus51fz.dll
c:windows159evzr1990.exe
c:windows159fa9dwar52993z.ocx
c:windows159fba9kdooz2477.exe
c:windows15z30spamb9t51.exe
c:windows15z935py93.bin
c:windows16042viruz956.cpl
c:windows16043wor59e0z.exe
c:windows16125spamb9t25bz.cpl
c:windows16276wor5z92.exe
c:windows16610ha95tozl2d4.ocx
c:windows16695spz94.bin
c:windows16793worm6z5.cpl
c:windows16896h5cktoz9136.dll
c:windows1699t9oz558.ocx
c:windows17759wozm5ad.cpl
c:windows17857spz5da9.dll
c:windows17896zpambot531.cpl
c:windows17d5backdoor1z9.dll
c:windows17z13sp9mb5t2ab.exe
c:windows17z37spa5bot695.dll
c:windows17z9v5r9773.cpl
c:windows18092spaz59t3f0.bin
c:windows18552troj65z9.bin
c:windows18775not-z-vi9u528d.dll
c:windows189zthief3578.dll
c:windows18a99hi5f2z63.dll
c:windows18cc9dd5arez190.bin
c:windows18dbspa9z5976.dll
c:windows1941azdware605.bin
c:windows195409orm5z2.bin
c:windows1956threat19z95.cpl
c:windows1967sparse2z025.cpl
c:windows197z6troj5d1.exe
c:windows19936not-a-5izu96fc.bin
c:windows199dadzware3574.exe
c:windows19z725orm689.cpl
c:windows19z729py5d7.exe
c:windows1aae9owzloader15575.bin
c:windows1b2zste5l9313.bin
c:windows1c8eb5ckdoor16z19.cpl
c:windows1dafv9r2z65.ocx
c:windows1db5downz59der2156.exe
c:windows1e39zpywa5e1670.ocx
c:windows1e5d9hreat599z.bin
c:windows1ee9downzoader2555.cpl
c:windows1fb9zi5492.cpl
c:windows1z3threa55619.cpl
c:windows1z554t9oj692.bin
c:windows1z55virus39c.ocx
c:windows1z5ba5kdo9r3235.bin
c:windows1z785not-a-vir5s4279.ocx
c:windows1z838no9-a-viru56a6.ocx
c:windows1z94spywa5e190.dll
c:windows1z9549ackto5l1f5.dll
c:windows1za3backdo5r9529.cpl
c:windows1zb05h9ef185.dll
c:windows1zc6thie91595.cpl
c:windows1ze5sparse917.ocx
c:windows20031vir95299z.ocx
c:windows2009zspy353.bin
c:windows201z95roj665.dll
c:windows20309hackz9ol4d85.exe
c:windows205529roj16dz.bin
c:windows20582zpy97c.bin
c:windows205dv9rz43.cpl
c:windows2064downlzad9r2533.cpl
c:windows2095spazse1175.exe
c:windows209769iru5zd7.cpl
c:windows21089s5yz8c.dll
c:windows21348not-azviru53259.dll
c:windows21369teal2075z.bin
c:windows21465nzt-a-9irus619.cpl
c:windows21513wo9mz62.ocx
c:windows21586szy98.exe
c:windows2166spz59e1335.cpl
c:windows21940szy5f75.ocx
c:windows2195virus3z9.exe
c:windows21efs5ywzre9958.cpl
c:windows21z87viru5692.ocx
c:windows22099viru5zdc.cpl
c:windows2225zownloade92513.ocx
c:windows22295i9us56z.dll
c:windows223259acktool593z.dll
c:windows224z0n5t-a-virus698.cpl
c:windows2259spambot92z.bin
c:windows22606zp9mbot3345.cpl
c:windows22611wor59az.bin
c:windows226705py9z5.cpl
c:windows22739n5t-a-vizus5d9.dll
c:windows2287s95mbot6c2z.ocx
c:windows22882s5am9ot98z.ocx
c:windows22z09worm5f59.cpl
c:windows22z14not-9-viru550f.dll
c:windows23353zp59bot1c7.cpl
c:windows2347w9r536z.ocx
c:windows23495hackto5z401.exe
c:windows235z7spambot4599.ocx
c:windows236caddw9re5218z.dll
c:windows23732v9ruz5ce.bin
c:windows2379zt9oj257.ocx
c:windows238119zt-a-vir5s623.exe
c:windows23979zacktool5459.ocx
c:windows23b05zdware1795.dll
c:windows24052tr9j51z.cpl
c:windows24072sz5mbot297.dll
c:windows24929wzrm54e.cpl
c:windows24935wormz1.ocx
c:windows2494z5ot-a-virus79.exe
c:windows24zead9ware5103.ocx
c:windows25008spy495z.bin
c:windows25050spamzo9446.bin
c:windows25097zirus59c.bin
c:windows250zsp559b.exe
c:windows2514hackzo9l5c9.ocx
c:windows25173wormz95.ocx
c:windows25209spy57bz.dll
c:windows25212not9azvirus2f3.ocx
c:windows253daddwarez974.bin
c:windows2557zpyware1469.bin
c:windows255athief709z.exe
c:windows25644zackt9ol2e5.ocx
c:windows25675h9cktozl45a.bin
c:windows25793s9azbot5d85.dll
c:windows258885zrus9e0.exe
c:windows258z4tro5289.cpl
c:windows2596ba9kdoor2073z.ocx
c:windows25995spambotz9.ocx
c:windows25d4vi91z72.dll
c:windows25z36hackto9l3ec.bin
c:windows25z58no5-a-virus79f.cpl
c:windows25za9ownloader295.ocx
c:windows26039n9t-azviru5635.cpl
c:windows266929a5kzool517.dll
c:windows27090hackz5ol391.dll
c:windows270995zckt9ol6a6.cpl
c:windows2715zw9rm43e.ocx
c:windows272169or5z63.bin
c:windows272z195ambot710.cpl
c:windows27516v9rus400z.dll
c:windows2765z59rm66f.bin
c:windows276965ot-a-virus1za.cpl
c:windows277595oz-a-virus749.exe
c:windows279955rzj3549.cpl
c:windows27d3zown95ader1307.dll
c:windows2818sp5rsz9076.bin
c:windows28212hackzo59409.bin
c:windows285599zambot59.exe
c:windows2859s5y7z.bin
c:windows28639sp569dz.dll
c:windows28851zo5m19a.cpl
c:windows28890v59us75dz.dll
c:windows28931not-z-viru556a.ocx
c:windows289az9r2351.cpl
c:windows28z599orm571.cpl
c:windows291115pamzot168.exe
c:windows2911zspamb5t395.ocx
c:windows2939threa519511z.ocx
c:windows294dviz2853.dll
c:windows2950th5ef52z.bin
c:windows29557hacktool43z.dll
c:windows2965stzal159.exe
c:windows297bzteal650.bin
c:windows29942vir5z48b.dll
c:windows29961tro52cz9.bin
c:windows299865acktooz174.cpl
c:windows29995roz166.dll
c:windows299z5spy45e.bin
c:windows29dev9rz528.ocx
c:windows29eastea593z.dll
c:windows29fds59zl1628.dll
c:windows29z00vi5us98f.ocx
c:windows2ab1thzeat52095.exe
c:windows2aezsp95are818.exe
c:windows2ba19pa5se2875z.exe
c:windows2c72adzw59e19.bin
c:windows2f7zd5wn9oader1772.ocx
c:windows2z240spam9ot4745.exe
c:windows2z4359eal2560.exe
c:windows2z523wor9250.exe
c:windows2z529wo9m40d.cpl
c:windows2z6spa59e150.ocx
c:windows2z91worm752.exe
c:windows3025thre5z30988.ocx
c:windows305569pambotbz.exe
c:windows3059zhief5442.cpl
c:windows305z4spy492.ocx
c:windows30695t9al2z49.cpl
c:windows3091troj57z9.exe
c:windows30939t5o951z.bin
c:windows31009zo5m506.dll
c:windows310b5ckz9or1698.dll
c:windows3135zspy9e5.dll
c:windows3152zir1190.dll
c:windows31536spamzot1019.exe
c:windows31552w5rm49z9.exe
c:windows31675no9-a-virus5z8.cpl
c:windows31891wo5m579z.cpl
c:windows31931hacktzol58c.cpl
c:windows31959zot9a-virus5d7.bin
c:windows31bct9zeat17453.exe
c:windows31z9thie5100.ocx
c:windows3217vzr2295.dll
c:windows32458hzcktoo93c4.cpl
c:windows32497tzo95d5.cpl
c:windows32576wo597f5z.bin
c:windows3259s9arse635z.bin
c:windows32653vi9u560z.bin
c:windows32b8zh5ef2879.cpl
c:windows32z45virus7519.ocx
c:windows3349s9azbot56.bin
c:windows3359vir20z29.exe
c:windows33855zarse1119.ocx
c:windows3397h5cktooz528.cpl
c:windows341addzar95001.exe
c:windows34859pyware16z5.bin
c:windows34b89z5ef1925.exe
c:windows3552downloazer1193.exe
c:windows3559ir237z.exe
c:windows355fzir20379.bin
c:windows3571vir2z59.cpl
c:windows3593th9ez1519.ocx
c:windows359ds5eal142z.dll
c:windows35a7addwar9z201.cpl
c:windows35d9downloazer380.ocx
c:windows35dzthief9871.bin
c:windows35z2t5ief2937.bin
c:windows368spyza591966.exe
c:windows3695wormcz9.bin
c:windows3699sparsz1587.exe
c:windows369znot-a-virus595.exe
c:windows36e6tzi5f9532.exe
c:windows378fsz5al1495.ocx
c:windows3799hackto5l7z.ocx
c:windows3800zpars53449.ocx
c:windows3896backdzor3225.dll
c:windows38d4zpyw5re1190.dll
c:windows38vi5uz3f19.bin
c:windows3949zspam5ot536.dll
c:windows39585py9ze.dll
c:windows3983d9wnlz5der1787.dll
c:windows3997ad5waze689.exe
c:windows3998hackz5ol4239.bin
c:windows3998s5eaz1661.exe
c:windows39zbvi5797.ocx
c:windows3ab9threat15151z.cpl
c:windows3afzvir593.dll
c:windows3b63thrza594601.exe
c:windows3bbc9ackdoor530z.dll
c:windows3bf3sp9wzre2405.cpl
c:windows3bfad5warez469.cpl
c:windows3c73zown5oader2913.cpl
c:windows3cb9downloadzr545.ocx
c:windows3d06bac9door55z.exe
c:windows3d1e9ddwa5e1z51.exe
c:windows3d76ad5war928z8.cpl
c:windows3dz5thr9at10074.bin
c:windows3dz5vi92091.ocx
c:windows3f379h5ef2228z.ocx
c:windows3fz2a5dware17769.ocx
c:windows3z14t5rea98925.dll
c:windows3z23thr9at14355.ocx
c:windows3z559teal26515.exe
c:windows3z56troj359.ocx
c:windows3z9athie52372.exe
c:windows3zcedownl9a5er3089.cpl
c:windows405dad9warez62.ocx
c:windows405zr5j65e9.dll
c:windows4095sparsez38.dll
c:windows409a5zr3016.ocx
c:windows4182z9arse655.ocx
c:windows4322not-a-9ir5s2z1.dll
c:windows43e0spy9zre3057.bin
c:windows451z9pamb5t790.dll
c:windows455fdo9nloade5z243.cpl
c:windows4579v5zus6e4.bin
c:windows457bbackdo9r1z26.cpl
c:windows4591wor59cz.dll
c:windows459e5hreat13z19.cpl
c:windows45ac9ackdooz761.cpl
c:windows45dest59l2400z.ocx
c:windows45eftzief1639.cpl
c:windows46b8sp9z5e2062.bin
c:windows46bste9l9z5.dll
c:windows46zasteal29365.exe
c:windows4702hackt9ol56bz.cpl
c:windows4771zownloade5499.bin
c:windows4852backdoorz940.exe
c:windows48645parse99z9.exe
c:windows48d05ddware2492z.bin
c:windows49135pambzt2fe.dll
c:windows4992d5wnloadzr2425.dll
c:windows4a58spywaze2964.ocx
c:windows4a59steal915z.bin
c:windows4b5bdownlzad9r781.ocx
c:windows4b65viz3966.cpl
c:windows4b9zthief175.cpl
c:windows4c9athiefz1385.ocx
c:windows4c9fth5ef6z19.cpl
c:windows4d4fdo59lzader1039.dll
c:windows4d65stezl7799.dll
c:windows4d93th5ef16z9.cpl
c:windows4e9ethreaz39952.ocx
c:windows4ec2t9ze5t2025.cpl
c:windows4ef2threatz2259.dll
c:windows4f2cbackd5oz394.exe
c:windows4f84spywa9e252z.dll
c:windows4fa9sparse9512z.ocx
c:windows4fz79ir1524.exe
c:windows4z9dspar9e29255.cpl
c:windows4zbthr9a515291.dll
c:windows5044h9ckto5l7z0.dll
c:windows5084vir9sb0z.dll
c:windows50948worm4d8z.cpl
c:windows5116zorm569.exe
c:windows511tro94d7z.exe
c:windows51249zirus19b.exe
c:windows5145st9zl2993.exe
c:windows5147zwo9m5e0.exe
c:windows5155sp9rse9z4.bin
c:windows5155st9zl995.exe
c:windows5157addzare3091.dll
c:windows515bsze9l5322.dll
c:windows5165thief99z7.exe
c:windows5169sza5se675.ocx
c:windows5199th5ez359.exe
c:windows51e95ownzoader2407.dll
c:windows51not-a5vzrus999.cpl
c:windows51z3sp9ware1251.exe
c:windows520z8troj95b.dll
c:windows5255thzef956.cpl
c:windows526eback9oo52456z.dll
c:windows52954spz14a.bin
c:windows52b5zief30539.exe
c:windows52zdth9ef1583.exe
c:windows53169ddware563z.ocx
c:windows536zvir9s497.dll
c:windows5379zspy7e2.bin
c:windows539thi9z95.exe
c:windows53cbvi5950z.dll
c:windows53f1st9al5157z.cpl
c:windows5420zi9us503.exe
c:windows542z1vir9s264.dll
c:windows54469zrm18d.ocx
c:windows5449spy205z.ocx
c:windows5450addware199z.cpl
c:windows545faddwar92z06.dll
c:windows545zt95eat19537.bin
c:windows5482not-z-virus7139.ocx
c:windows54e3spzrse50689.cpl
c:windows554zhac9tool7ee.bin
c:windows555c9a5kdozr2951.dll
c:windows556e9pywarez94.bin
c:windows5577troj5z99.ocx
c:windows557vi92z89.ocx
c:windows5597not-a-v5ruz2a7.exe
c:windows55d3s9azse1193.ocx
c:windows55dazdware25219.dll
c:windows5628thiefz639.ocx
c:windows5647ad5ware2z96.bin
c:windows56505py590z.ocx
c:windows5650hacktooz4729.bin
c:windows5668v592597z.cpl
c:windows56abackd9oz2065.bin
c:windows56zspyw5r92474.cpl
c:windows5719bzc5door1431.bin
c:windows5752viz9s12b.dll
c:windows57690zacktool7df.ocx
c:windows5793notza-virus926.dll
c:windows5796v95z49.ocx
c:windows5799a9dwarez075.ocx
c:windows57a2downz9ader5746.exe
c:windows57znot-9-5irus115.exe
c:windows58110szy596.exe
c:windows5816viz7995.dll
c:windows58a9ownloadez935.exe
c:windows58z7thief2594.dll
c:windows5918backdoor956z.cpl
c:windows591wormz09.bin
c:windows5922spyz19.dll
c:windows5932nz5-a-vi9use1.bin
c:windows5933not-z-v5rus61a.dll
c:windows5946adz5are1466.exe
c:windows595evir561z9.exe
c:windows595zworm15b.bin
c:windows5966zorm573.ocx
c:windows5968vzr1349.bin
c:windows5991v9r56z.dll
c:windows59977spz501.ocx
c:windows599d5ackzoor247.dll
c:windows59fczt9al762.cpl
c:windows59z0thief685.ocx
c:windows59zcadd5ar91300.cpl
c:windows5a1b5hi9z888.dll
c:windows5a64ba9kdozr2400.bin
c:windows5a85thizf3978.exe
c:windows5aecz5ief1379.ocx
c:windows5b1zack5oor22299.exe
c:windows5b49own5oader2z3.dll
c:windows5b4a9oznlo5der2187.dll
c:windows5c15steal26z9.bin
c:windows5c71ba5kdooz2924.exe
c:windows5c92sparze9025.ocx
c:windows5cz3spa9se5989.bin
c:windows5d75thrzat53359.dll
c:windows5d7stea92965z.exe
c:windows5d9backdzor50.dll
c:windows5e25downlozde92435.cpl
c:windows5ea7thi5z19139.exe
c:windows5f4zsp5wa9e2830.cpl
c:windows5f99zownloader3004.exe
c:windows5fecspywaze5595.cpl
c:windows5z097troj54.cpl
c:windows5z129acktool644.exe
c:windows5z29t5ief119.bin
c:windows5z2athr9at1573.exe
c:windows5z36thie92250.exe
c:windows5z3f5ack9oor2400.cpl
c:windows5z665virus594.dll
c:windows5z84steal695.cpl
c:windows5z88vi912985.bin
c:windows5zaevir1594.dll
c:windows5ze8a5d9are512.dll
c:windows609worz2f95.bin
c:windows60z95ir915.ocx
c:windows616f9te5l315z.bin
c:windows61859orz59a.cpl
c:windows61c9acz5oor3061.ocx
c:windows62009zo5134.cpl
c:windows625z9ir2102.ocx
c:windows6316w9rz5f.dll
c:windows63295hief25z.ocx
c:windows6349spyware95z.exe
c:windows6369spyz59.ocx
c:windows63zb9pyware2185.exe
c:windows6514zir1597.ocx
c:windows6529thizf9424.dll
c:windows6559downloader14z.cpl
c:windows6565sparse79z.cpl
c:windows659bvirz7269.bin
c:windows665zthief9880.cpl
c:windows6725tz9j62e.bin
c:windows67405zy5a9.cpl
c:windows6744vi5uz19.ocx
c:windows6795not5a-zirus4d0.cpl
c:windows67e7dz59loader1934.cpl
c:windows67z2downl5ade92986.exe
c:windows6849th9zat12950.cpl
c:windows688zadd5are2490.dll
c:windows6915thz9at8511.bin
c:windows6925download9r2647z.ocx
c:windows6937s5eal2255z.ocx
c:windows695eth5za92959.ocx
c:windows696caddwar91z95.cpl
c:windows6982s5ywa9e295z.bin
c:windows69979hr5az25547.dll
c:windows699z9teal26185.bin
c:windows69dbad5warz1584.cpl
c:windows6a55thizf9971.dll
c:windows6aae9parse1z155.exe
c:windows6b53th9ez3069.dll
c:windows6ba0st5a9120z.ocx
c:windows6c1dspyza5e2819.ocx
c:windows6ccfthze5t20369.exe
c:windows6cd5zack5oor3249.dll
c:windows6e52doznloa9er2241.cpl
c:windows6f7dt9zea55256.cpl
c:windows6f7zvi91554.cpl
c:windows6f92downlza95r174.ocx
c:windows6fd4stz5l1198.exe
c:windows6z89backdo5r544.ocx
c:windows6z91v5rus3f7.bin
c:windows6za5downloade5539.bin
c:windows705czteal949.dll
c:windows709dba5z9oor1241.exe
c:windows71605zrm6c9.bin
c:windows726thr95t1524z.cpl
c:windows72z8s9ea5548.exe
c:windows7339tzre9t167115.dll
c:windows738thre959z27.bin
c:windows73daddw9ze252.cpl
c:windows74159zcktool6f3.dll
c:windows7429virzs7a95.bin
c:windows7519zackdoor2653.exe
c:windows753a9hiefz358.bin
c:windows753zspy359.dll
c:windows759cstea9132z.dll
c:windows75a9vir35z3.bin
c:windows75abbazkd95r969.dll
c:windows75cbthie949z.bin
c:windows7628s5y79z.bin
c:windows7629sp5rse255z.ocx
c:windows7639haczt95l4c8.cpl
c:windows766zvir9125.exe
c:windows769za5dware293.ocx
c:windows76e6spar5e2z39.ocx
c:windows774sp9zbot45d.bin
c:windows7765w9rz96.dll
c:windows77b59teal1z13.bin
c:windows77z3tr5j599.cpl
c:windows79095ownloader1z9.exe
c:windows79155pz19b.ocx
c:windows7931sp5zare15589.dll
c:windows799z9p5mbot791.cpl
c:windows79d3spywzre1765.exe
c:windows79dbb5ckdoorz104.ocx
c:windows7a06down5oader9z4.cpl
c:windows7a959hreat23z24.exe
c:windows7a97spzrse325.bin
c:windows7aaea5d9are238z.cpl
c:windows7b589zwnloader616.exe
c:windows7b95hizf1543.bin
c:windows7b95zddware1899.bin
c:windows7bz6backdo59557.dll
c:windows7c05stealz995.dll
c:windows7c57downlz5der24289.ocx
c:windows7c6az9w5re2606.exe
c:windows7d3esparse259z.exe
c:windows7d589hrea5702z.bin
c:windows7d70thiez9005.exe
c:windows7e1b9pywa5e2z59.exe
c:windows7e535tea9325z.dll
c:windows7e69b5zkdoor2148.bin
c:windows7f38thzea524959.dll
c:windows7f5ezir29415.cpl
c:windows7f92zownloader15545.cpl
c:windows7fz5ste9l1365.ocx
c:windows7z49thi5f1122.exe
c:windows7z65steal19365.exe
c:windows7z99spy5d5.bin
c:windows7z9backdoor19075.ocx
c:windows8058not-a-virz97f4.exe
c:windows809zpamb5t4ec.ocx
c:windows8126zpam9o5709.exe
c:windows815znot9a-virus40c.bin
c:windows825ad9zare234.dll
c:windows83zbackdoor1459.dll
c:windows8406noz-a5virus779.dll
c:windows841spambotz59.bin
c:windows8456wormz5a9.cpl
c:windows856zot-a-virus19f.ocx
c:windows859viz1081.ocx
c:windows8795z9us47e.exe
c:windows8969s5y3z.exe
c:windows8974worz953.exe
c:windows899doznlo9der1509.ocx
c:windows899wzrm758.ocx
c:windows89abackzoo914415.cpl
c:windows90454zorm595.cpl
c:windows90930spyzd95.bin
c:windows90992zackto5l3a5.exe
c:windows9151trzj95.dll
c:windows9163sparse1495z.ocx
c:windows91994not-a-vizus252.dll
c:windows91c4downl5adzr770.cpl
c:windows9217z5irusb4.ocx
c:windows92494spyz1c5.exe
c:windows926095zt-a-virus5e3.bin
c:windows9366z5ief2652.cpl
c:windows93819notza-5irus47f.exe
c:windows941spyzd5.dll
c:windows9463s9y3z5.dll
c:windows95100trojz615.exe
c:windows95236wo5m25z.bin
c:windows95258troj245z.bin
c:windows9536zvirus695.exe
c:windows9556noz-9-virus7c5.cpl
c:windows9557v9rus35fz.bin
c:windows9559spy3z3.cpl
c:windows9560spazse1501.exe
c:windows956ethreat305z7.cpl
c:windows9570virus49az.bin
c:windows95e4steal2z11.dll
c:windows95zfaddware5008.exe
c:windows9683s9y503z.ocx
c:windows9695zwor56e9.ocx
c:windows96af5ackdooz1448.cpl
c:windows96c5thief1377z.ocx
c:windows9735zea9563.ocx
c:windows97500spyz59.dll
c:windows9791stzal2965.bin
c:windows97z8spyware528.cpl
c:windows97zaddw5re2112.exe
c:windows982viruz575.cpl
c:windows98505irus7z1.exe
c:windows9857wz5m59.exe
c:windows9886backzoor2395.ocx
c:windows98fz5ir2580.ocx
c:windows990dz9nloade5739.ocx
c:windows9969aczd5or3184.ocx
c:windows9985not-azvir5s3b8.cpl
c:windows9989spamz5t782.ocx
c:windows9993sp5191z.exe
c:windows999zrm4f5.ocx
c:windows9a2bsp5zare457.dll
c:windows9a2fthzeat1056.bin
c:windows9a5dtzreat29884.exe
c:windows9afba95door1z92.cpl
c:windows9c1asteal3z45.dll
c:windows9c1dtzr5at8759.exe
c:windows9czbthief3542.bin
c:windows9eb4s5eal326z.ocx
c:windows9edzh5ef1090.exe
c:windows9z045troj1575.bin
c:windows9z05hacktool90.bin
c:windows9z1659y60.bin
c:windows9z5t5ief947.ocx
c:windows9z9ethief2564.ocx
c:windowsa1fvir19z5.cpl
c:windowsa9fvir52z4.bin
c:windowsb4f9parze24035.cpl
c:windowsb89bazk95or1631.ocx
c:windowsbe5zdware9710.ocx
c:windowsc36dow9lzad5r2512.exe
c:windowsc55virz0669.bin
c:windowsc59th5eaz95959.cpl
c:windowsc5as9eaz3249.cpl
c:windowsc5fth9e5190z.bin
c:windowscd1ba5kdzor918.cpl
c:windowscdfth9efz9595.exe
c:windowsd95sp9rse58z4.dll
c:windowsde6back95or2z67.cpl
c:windowsdf9zpywa5e27299.bin
c:windowse90t5ief9719z.dll
c:windowsec9t5iez54.ocx
c:windowsff6ba5k9oor21z3.exe
c:windowsfz0s95rse2591.bin
c:windowssystem3210049hackzool553.cpl
c:windowssystem3210169not-a-vzrus6de5.bin
c:windowssystem3210212sza5bot419.ocx
c:windowssystem3210419n9t-a-vi5zs15e.exe
c:windowssystem3210703spa9bzt1b5.ocx
c:windowssystem3210811s5y99ez.ocx
c:windowssystem3210815hreat12z97.ocx
c:windowssystem3210874sp59bztc9.exe
c:windowssystem32109305zy294.exe
c:windowssystem32109athrz5t26976.cpl
c:windowssystem3210cdspa9sez2545.dll
c:windowssystem3210f7sp5zare295.cpl
c:windowssystem3210z9steal506.ocx
c:windowssystem321129sp5zb6.cpl
c:windowssystem3211380spz3935.exe
c:windowssystem3211495spazbot335.ocx
c:windowssystem3211580spz9fe.dll
c:windowssystem32115fsteaz799.bin
c:windowssystem3211729sp9z95.dll
c:windowssystem3211956hazkt9o526c.bin
c:windowssystem3211z28s9ambot4895.bin
c:windowssystem3211z78vir9s55d.dll
c:windowssystem32120z7spy3549.cpl
c:windowssystem321214ztr59368.cpl
c:windowssystem32122zspars914955.exe
c:windowssystem3212743worm95z.ocx
c:windowssystem32128spzwar51909.cpl
c:windowssystem321291not-a5v9rus592z.exe
c:windowssystem3212993zroj4ba5.dll
c:windowssystem32130bs5ywaze1299.dll
c:windowssystem32134699ir5szba.exe
c:windowssystem32134spzw5re693.bin
c:windowssystem3213525spazbot329.ocx
c:windowssystem321358z9roj696.cpl
c:windowssystem3213665hac5zo9l312.ocx
c:windowssystem32137285orz7d69.bin
c:windowssystem3213743hzc9tool21c5.exe
c:windowssystem3213848hack59oz46.bin
c:windowssystem321398notza-virus651.exe
c:windowssystem3213d4a5dwa9z1897.exe
c:windowssystem3214195hacktzol37a.cpl
c:windowssystem32141c5d9warez60.cpl
c:windowssystem32141z05pambot6c79.ocx
c:windowssystem3214297spamzot185.exe
c:windowssystem3214332not-59virus17dz.cpl
c:windowssystem32144z5sp559.ocx
c:windowssystem321460stea9509z.ocx
c:windowssystem32147925ot9a-virzs77a.bin
c:windowssystem32147z5viru97ef.ocx
c:windowssystem3214849zirus459.exe
c:windowssystem321499sz5al24229.dll
c:windowssystem3214fcback59orz579.bin
c:windowssystem321509hzckto9l40b5.dll
c:windowssystem32150aaddwzr92870.dll
c:windowssystem3215125tro9z5e.bin
c:windowssystem3215309pa5bot46z.dll
c:windowssystem321540z9ot-a-virus1d.exe
c:windowssystem32154359zojd55.dll
c:windowssystem3215450no9-a-virus5ze5.bin
c:windowssystem3215465hackt9ol2f0z.ocx
c:windowssystem321546add9are2782z.ocx
c:windowssystem3215499zacktool530.dll
c:windowssystem3215552virzs9ec.bin
c:windowssystem32155ebaczdo9r2573.cpl
c:windowssystem32155z15ir9s123.ocx
c:windowssystem3215640spy3z9.dll
c:windowssystem3215652not-a-vz9us8f.ocx
c:windowssystem32157035roj579z.dll
c:windowssystem32159199zcktool105.bin
c:windowssystem3215c59ddzare8745.cpl
c:windowssystem3215f0downl9azer1550.ocx
c:windowssystem3215z9spyware905.dll
c:windowssystem32164165ir9s5e8z.bin
c:windowssystem3216515zorm9515.exe
c:windowssystem3216619ha5ktooz596.dll
c:windowssystem3216895t5ojzc9.dll
c:windowssystem321694z5p97da.cpl
c:windowssystem3216z0threat95598.cpl
c:windowssystem321718t5ief9z9.cpl
c:windowssystem321735szeal8389.ocx
c:windowssystem321756bz5kdo9r314.bin
c:windowssystem32175969irzs9a.exe
c:windowssystem3217753zp59bot781.ocx
c:windowssystem3217797spazbot59e.cpl
c:windowssystem3217910vi9us36z5.dll
c:windowssystem32181489acktool19z5.dll
c:windowssystem3218244vz5us25c9.bin
c:windowssystem321841thze958741.exe
c:windowssystem3218486hackto9l549z.bin
c:windowssystem3218536zirus498.dll
c:windowssystem321855zvirus591.exe
c:windowssystem321891ztro551d9.cpl
c:windowssystem32189975ot-a-vizu966a.dll
c:windowssystem3218c65ackd9orz28.ocx
c:windowssystem3218z52not-a-9iru548.dll
c:windowssystem3219057worz72d.cpl
c:windowssystem3219136virusz859.bin
c:windowssystem3219141s5y290z.exe
c:windowssystem321923th5ef169z.dll
c:windowssystem3219405ot-a-vi9us5z5.cpl
c:windowssystem32194zsparse51399.ocx
c:windowssystem3219555wormz78.cpl
c:windowssystem32195espy5are400z.exe
c:windowssystem321965bacz5o9r511.bin
c:windowssystem3219905hac5tool9z5.cpl
c:windowssystem3219927wor5z2.dll
c:windowssystem3219f9zir2045.exe
c:windowssystem321a4dtzief4599.cpl
c:windowssystem321b5zaddwa9e480.bin
c:windowssystem321c129hiez3152.bin
c:windowssystem321c655iz1907.exe
c:windowssystem321c79addw5re1z50.exe
c:windowssystem321c7cth9efz7305.ocx
c:windowssystem321dc2thrzat70599.ocx
c:windowssystem321dc39ir5957z.bin
c:windowssystem321dz2spa9s51579.cpl
c:windowssystem321dz5th9ef492.dll
c:windowssystem321z235spambot9c85.exe
c:windowssystem321z399troj152.cpl
c:windowssystem321z41ha9ktoo55db.ocx
c:windowssystem321z614spam5ot36c9.bin
c:windowssystem321z773vir9s545.exe
c:windowssystem321z955spamb9t591.cpl
c:windowssystem3220010zot-a-viru950a5.dll
c:windowssystem32204459py56z.exe
c:windowssystem32207et9reat1554z.bin
c:windowssystem32209229zya5.exe
c:windowssystem3220z449p5268.bin
c:windowssystem3221052v5rus29z.ocx
c:windowssystem3221096no9-a-virz57d9.exe
c:windowssystem3221115s5amb9tz0b.cpl
c:windowssystem3221290tro95f8z.cpl
c:windowssystem32213z9vi95s2b1.exe
c:windowssystem3221828h9z5tool3cf.dll
c:windowssystem3221eds5az9e3175.ocx
c:windowssystem32220z7troj59e9.dll
c:windowssystem32221019zcktool52f5.dll
c:windowssystem3222292spamb5tzc.exe
c:windowssystem3222628sp59bcz.exe
c:windowssystem3222817vi5z94b9.dll
c:windowssystem3222952virus4fz.ocx
c:windowssystem3222f8downl9zde5957.cpl
c:windowssystem3222z95t9al507.dll
c:windowssystem3223799w5rm4z9.dll
c:windowssystem3223830vir9s3z5.ocx
c:windowssystem322395s5yware62z.bin
c:windowssystem32239ha5k9ozl7f2.dll
c:windowssystem32239n5t-a-vz9us4fd.cpl
c:windowssystem32239zspyware9885.ocx
c:windowssystem3224079spamb9z259.dll
c:windowssystem32244z6not-5-vir9s615.bin
c:windowssystem322459spyz5re2860.ocx
c:windowssystem3224797spambot556z.dll
c:windowssystem322492z5rus579.bin
c:windowssystem3224954szy115.cpl
c:windowssystem3224z12spy7995.exe
c:windowssystem32250dzp9rse1021.bin
c:windowssystem322512sp9rze1563.cpl
c:windowssystem3225189not-a-virus7d8z.bin
c:windowssystem3225509spy4b5z.ocx
c:windowssystem3225559ot-a-viruz5a6.exe
c:windowssystem3225599spy490z.ocx
c:windowssystem3225719not-a-vi9usz50.bin
c:windowssystem322585szeal3579.cpl
c:windowssystem322589szarse950.exe
c:windowssystem322594wor9z62.cpl
c:windowssystem3225952viruzf45.bin
c:windowssystem3225957not5a-virus29fz.dll
c:windowssystem3225999wzr55c9.exe
c:windowssystem3225dzbackd9or13875.cpl
c:windowssystem3225favz52959.cpl
c:windowssystem3225z19tr9j15.bin
c:windowssystem3225z9vir2689.dll
c:windowssystem3226139zywa5e978.bin
c:windowssystem322614dow95oadzr920.dll
c:windowssystem3226193zpam5ot9ec.bin
c:windowssystem322652s9arse3065z.dll
c:windowssystem3226758s5ambzt379.cpl
c:windowssystem3226950szyef.bin
c:windowssystem3227249zirus725.exe
c:windowssystem3227805spy9z35.ocx
c:windowssystem3227z65spy91.bin
c:windowssystem3227z95worm759.cpl
c:windowssystem3228006z5y9f.bin
c:windowssystem3228054h9c5zool5d7.exe
c:windowssystem3228125spambz948b.ocx
c:windowssystem32283z4n9t-a5virus285.bin
c:windowssystem3228435spyz9a.cpl
c:windowssystem322855zs5ambo939.exe
c:windowssystem3228570no9-a-virus31z.dll
c:windowssystem322862t5ief3981z.dll
c:windowssystem32289zvir35.bin
c:windowssystem3228z40vi95s4ab.ocx
c:windowssystem322905threat58z1.ocx
c:windowssystem3229285sz979d.ocx
c:windowssystem3229363vzru59.bin
c:windowssystem3229421z5rus593.ocx
c:windowssystem322942zs5y437.exe
c:windowssystem3229475not-a-virus563z.exe
c:windowssystem32294z99ackto5l28e.cpl
c:windowssystem3229555z9rm3d2.bin
c:windowssystem3229592hazktool753.cpl
c:windowssystem3229599trojzdd.cpl
c:windowssystem32297975py5z6.bin
c:windowssystem32298939pambot55z.bin
c:windowssystem3229ba59ief1160z.ocx
c:windowssystem3229c9thiz5939.dll
c:windowssystem3229z2vi51359.bin
c:windowssystem322a9zvir1354.bin
c:windowssystem322ae5s9ezl1639.ocx
c:windowssystem322b9bthreat2z095.cpl
c:windowssystem322bd6vir169z5.exe
c:windowssystem322bdcbac5doorz990.bin
c:windowssystem322c55ste5l29z5.cpl
c:windowssystem322c91steaz5208.exe
c:windowssystem322d0cs5arz91765.ocx
c:windowssystem322e0a9teaz5301.cpl
c:windowssystem322ecathr5a92654z.ocx
c:windowssystem322f5cspzw9re2206.cpl
c:windowssystem322f5evir95z9.dll
c:windowssystem322f91dowzlo5der2794.ocx
c:windowssystem322f92ba5kd9or148z.cpl
c:windowssystem322z1259pambot366.bin
c:windowssystem322z145h9ef908.bin
c:windowssystem322z5235ackt9ol45c.exe
c:windowssystem322z537virus5109.bin
c:windowssystem322z656virus199.exe
c:windowssystem322z749troj9815.bin
c:windowssystem322z758troj9d.ocx
c:windowssystem322z8ebackd5or9194.ocx
c:windowssystem322z90thie539.exe
c:windowssystem322z91vir9957.cpl
c:windowssystem3230289tzo565e.exe
c:windowssystem323029virus5az9.cpl
c:windowssystem32303859p57eaz.exe
c:windowssystem3230408z9oj7275.bin
c:windowssystem3230550hzcktool94e.cpl
c:windowssystem323076ztro915f.cpl
c:windowssystem3230ddzteal9582.bin
c:windowssystem3231005n9t-a-vizus5535.cpl
c:windowssystem323129thzef31859.bin
c:windowssystem3231567viru9z6c.bin
c:windowssystem3231584zorm9ac.exe
c:windowssystem32317ebz5k9oor1767.ocx
c:windowssystem32318z5ha9ktool245.bin
c:windowssystem3231z60t9oj27c5.bin
c:windowssystem323218backdoor53z89.cpl
c:windowssystem3232605zpy5149.exe
c:windowssystem32327baddzar9155.cpl
c:windowssystem3232912spamz5t1c1.ocx
c:windowssystem3232969not-a5vzrus2e.exe
c:windowssystem3232f35hreat29z769.exe
c:windowssystem3232z57s9y2d5.dll
c:windowssystem3233z5th9eat31358.bin
c:windowssystem323435sp9ware19z.bin
c:windowssystem3234685d9ware19z1.ocx
c:windowssystem32349bbackzoor951.exe
c:windowssystem323526addwa5e9284z.ocx
c:windowssystem32352f9hiez809.bin
c:windowssystem3235390nzt-a-viru9254.ocx
c:windowssystem32354bad5w9rez015.ocx
c:windowssystem323556spa9ze2154.bin
c:windowssystem32355s9ambot5f5z.cpl
c:windowssystem32355v9r3z61.ocx
c:windowssystem323590thief1z595.exe
c:windowssystem3235c9st9az483.bin
c:windowssystem32374cszars53993.dll
c:windowssystem323798n5t-a9zirus7f4.ocx
c:windowssystem323895irzs51.bin
c:windowssystem32msvcrt2.dll
c:windowssystem32tmp24.tmp
c:windowssystem32wmcache.nld
c:windowsTEMPtmp1.tmp
c:windowswiaserviv.log
c:windowsz041t9rea511021.dll
c:windowsz0522not-a5virus96c.dll
c:windowsz07ds9eal19775.exe
c:windowsz0ddownloader19215.ocx
c:windowsz15559rus194.bin
c:windowsz2ffdownloader9562.dll
c:windowsz3397no9-a-vi5us5a5.bin
c:windowsz352t9reat23018.exe
c:windowsz377sp96f05.ocx
c:windowsz394thr5at19728.dll
c:windowsz3978no5-a-vi9us412.dll
c:windowsz39thief1175.dll
c:windowsz421addw5re21209.exe
c:windowsz425spa9bot736.cpl
c:windowsz43dsteal39085.ocx
c:windowsz49fthr5at23956.ocx
c:windowsz4c65pyw9re785.dll
c:windowsz4e9dow9loader155.dll
c:windowsz5099tr9j72b.ocx
c:windowsz515s9eal114.cpl
c:windowsz519steal525.dll
c:windowsz52ath9ef2758.cpl
c:windowsz53f9ddw5re1918.exe
c:windowsz55spambo9e8.dll
c:windowsz56evir1399.ocx
c:windowsz59steal888.exe
c:windowsz5a5thief30189.dll
c:windowsz5davir2955.exe
c:windowsz61sp97d5.dll
c:windowsz6e9t9i5f363.bin
c:windowsz752spy9a.ocx
c:windowsz857spywar95865.ocx
c:windowsz888not-a-vir9s4e5.cpl
c:windowsz8955troj4fa9.bin
c:windowsz8c7addw5re591.dll
c:windowsz908backdoo5431.cpl
c:windowsz9320not-a-virus11f5.dll
c:windowsz959stea5955.ocx
c:windowsz95steal509.exe
c:windowsz9601hackt95l4f4.exe
c:windowsz999spa5se2223.ocx
c:windowsz9e69ackd5or275.cpl
c:windowsz9efs9eal1752.cpl
c:windowszf9downlo5d9r1590.ocx
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru19 августа, 2009 в 3:46 пп #25293.
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.2009-12-27 15:24 . 2009-12-27 15:24 13863 —-a-w- c:windowssystem324553spy9are2629z.exe
2009-12-23 18:38 . 2009-12-23 18:38 10531 —-a-w- c:windowssystem32z3958not-a-vir5s71f.bin
2009-12-19 12:04 . 2009-12-19 12:04 2955 —-a-w- c:windowssystem3256zaddware1692.dll
2009-12-18 02:13 . 2009-12-18 02:13 11200 —-a-w- c:windowssystem32518wo9m155z.exe
2009-12-14 20:02 . 2009-12-14 20:02 16261 —-a-w- c:windowssystem324007thizf1519.bin
2009-12-14 11:39 . 2009-12-14 11:39 16071 —-a-w- c:windowssystem32z6898t9oj35f.dll
2009-12-13 05:05 . 2009-12-13 05:05 7636 —-a-w- c:windowssystem3255979n9z-a-virus79.exe
2009-12-12 11:41 . 2009-12-12 11:41 4150 —-a-w- c:windowssystem32zcb7d5wnloader4379.bin
2009-12-12 05:37 . 2009-12-12 05:37 10189 —-a-w- c:windowssystem323e65ac9door65z.exe
2009-12-08 23:48 . 2009-12-08 23:48 8362 —-a-w- c:windowssystem325cd3s9arse5463z.bin
2009-12-03 16:24 . 2009-12-03 16:24 16378 —-a-w- c:windowssystem326149h5ef2z6.bin
2009-12-03 14:02 . 2009-12-03 14:02 3297 —-a-w- c:windowssystem3256fbspyware291z.exe
2009-12-03 07:53 . 2009-12-03 07:53 14004 —-a-w- c:windowssystem324b56downloade91121z.dll
2009-12-02 21:30 . 2009-12-02 21:30 13376 —-a-w- c:windowssystem32978eaddwar51z17.bin
2009-12-01 22:07 . 2009-12-01 22:07 11841 —-a-w- c:windowssystem325d59szarse359.dll
2009-12-01 00:28 . 2009-12-01 00:28 9489 —-a-w- c:windowssystem326485sparze5299.exe
2009-11-26 14:07 . 2009-11-26 14:07 4306 —-a-w- c:windowssystem324163sp9rz5234.bin
2009-11-26 07:30 . 2009-11-26 07:30 16072 —-a-w- c:windowssystem324e35szarse954.exe
2009-11-22 16:41 . 2009-11-22 16:41 13722 —-a-w- c:windowssystem326119st5alz177.exe
2009-11-17 17:59 . 2009-11-17 17:59 3157 —-a-w- c:windowssystem329d25addware1z50.dll
2009-11-16 08:10 . 2009-11-16 08:10 18229 —-a-w- c:windowssystem32968woz56d9.exe
2009-11-14 09:30 . 2009-11-14 09:30 11490 —-a-w- c:windowssystem3250e5addwar9739z.dll
2009-11-14 03:49 . 2009-11-14 03:49 13161 —-a-w- c:windowssystem323acabackdo9z22505.dll
2009-11-07 09:56 . 2009-11-07 09:56 17853 —-a-w- c:windowssystem32434ead5warez2569.exe
2009-10-28 20:53 . 2009-10-28 20:53 8282 —-a-w- c:windowssystem325912stza5878.exe
2009-10-25 23:41 . 2009-10-25 23:41 2553 —-a-w- c:windowssystem329fd35zreat16271.exe
2009-10-24 22:23 . 2009-10-24 22:23 3011 —-a-w- c:windowssystem326193vir53z9.bin
2009-10-21 11:46 . 2009-10-21 11:46 12911 —-a-w- c:windowssystem3256cdthre9t10019z.exe
2009-10-13 06:21 . 2009-10-13 06:21 9216 —-a-w- c:windowssystem32557dthreatz9750.bin
2009-10-12 02:29 . 2009-10-12 02:29 9182 —-a-w- c:windowssystem32z255hackto9l5ef.exe
2009-10-09 22:40 . 2009-10-09 22:40 10790 —-a-w- c:windowssystem324e8fsp5zse9482.bin
2009-10-09 13:53 . 2009-10-09 13:53 3682 —-a-w- c:windowssystem3259d7szarse755.exe
2009-10-05 22:54 . 2009-10-05 22:54 17112 —-a-w- c:windowssystem3275e9bac5door894z.bin
2009-10-03 04:43 . 2009-10-03 04:43 3053 —-a-w- c:windowssystem32z35s9ambot608.bin
2009-10-01 07:13 . 2009-10-01 07:13 15949 —-a-w- c:windowssystem3259thr5at26953z.bin
2009-09-11 20:51 . 2009-09-11 20:51 17953 —-a-w- c:windowssystem32z91th5ef2439.bin
2009-09-09 16:54 . 2009-09-09 16:54 14168 —-a-w- c:windowssystem32569spyware295z5.bin
2009-09-08 06:12 . 2009-09-08 06:12 3166 —-a-w- c:windowssystem32z3b5hi9f2318.bin
2009-09-03 19:46 . 2009-09-03 19:46 14617 —-a-w- c:windowssystem327a20a9dzare2305.dll
2009-08-25 17:04 . 2009-08-25 17:04 2683 —-a-w- c:windowssystem325a36v5r69z.exe
2009-08-17 13:36 . 2009-08-17 13:36
d
w- c:program filestrend micro
2009-08-17 13:36 . 2009-08-17 13:37
d
w- C:rsit
2009-08-17 12:25 . 2009-08-17 12:25 0 —-a-w- C:backup.reg
2009-08-17 12:12 . 2009-08-17 12:32 574 —-a-w- C:cleanup.bat
2009-08-17 12:12 . 2009-08-17 12:32 135168 —-a-w- C:zip.exe
2009-08-16 21:36 . 2009-08-16 21:36 2524 —-a-w- c:windowssystem32fb5h9eatz1268.bin
2009-08-16 21:36 . 2009-08-16 21:36 11054 —-a-w- c:windowssystem323dz9downloader1005.bin
2009-08-16 21:36 . 2009-08-16 21:36 8728 —-a-w- c:windowssystem3296152hacktzol476.dll
2009-08-16 21:36 . 2009-08-16 21:36 14999 —-a-w- c:windowssystem324189h9ckto5l31z.bin
2009-08-16 19:39 . 2009-08-16 19:39 36400 —-a-r- c:windowssystem32driversSymIM.sys
2009-08-16 19:39 . 2009-08-16 20:00
d
w- c:program filesCommon FilesSymantec Shared
2009-08-16 19:39 . 2009-08-16 19:39 60808 —-a-w- c:windowssystem32S32EVNT1.DLL
2009-08-16 19:39 . 2009-08-16 19:39 124464 —-a-w- c:windowssystem32driversSYMEVENT.SYS
2009-08-16 19:39 . 2009-08-16 19:39 136840 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonSyKnAppSpatch25.dll
2009-08-16 19:39 . 2009-08-16 19:39 1290592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonSyKnAppSSyKnAppS.dll
2009-08-16 19:39 . 2009-08-16 19:39 796016 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonCLTcltLMSx.dll
2009-08-16 19:39 . 2009-08-16 19:39
d
w- c:windowssystem32driversNAV
2009-08-16 19:38 . 2009-08-17 08:23
d
w- c:documents and settingsAll UsersApplication DataSymantec
2009-08-16 19:38 . 2009-08-16 19:39
d
w- c:program filesNorton AntiVirus
2009-08-16 19:38 . 2009-08-16 19:39
d
w- c:program filesWindows Sidebar
2009-08-16 19:38 . 2009-08-16 19:40
d
w- c:documents and settingsAll UsersApplication DataNorton
2009-08-16 16:59 . 2009-08-16 16:59
d
w- c:program filesInstallShield Installation Information
2009-08-16 16:14 . 2009-08-16 19:38
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2009-08-16 16:14 . 2009-08-16 16:14
d
w- c:program filesNortonInstaller
2009-08-16 10:26 . 2009-07-28 12:33 55656 —-a-w- c:windowssystem32driversavgntflt.sys
2009-08-16 10:26 . 2009-03-30 06:33 96104 —-a-w- c:windowssystem32driversavipbb.sys
2009-08-16 10:26 . 2009-02-13 08:29 22360 —-a-w- c:windowssystem32driversavgntmgr.sys
2009-08-16 10:26 . 2009-02-13 08:17 45416 —-a-w- c:windowssystem32driversavgntdd.sys
2009-08-16 10:26 . 2009-08-16 10:26
d
w- c:program filesAvira
2009-08-16 10:26 . 2009-08-16 10:26
d
w- c:documents and settingsAll UsersApplication DataAvira
2009-08-15 01:04 . 2009-08-15 01:04 5628 —-a-w- c:windowssystem323a565zwnloade91093.dll
2009-08-14 10:28 . 2009-08-14 10:28
d
w- c:program filesAlwil Software
2009-08-13 19:16 . 2009-08-13 19:16 4200 —-a-w- c:windowssystem32z829th9eat56923.exe
2009-08-13 18:56 . 2009-08-13 18:56 4851 —-a-w- c:windowssystem32z0390v9r5s4f9.bin
2009-08-13 09:54 . 2009-08-16 20:01
d
w- c:documents and settingsAdminApplication DataTranslateIt7.5
2009-08-13 09:54 . 2009-08-16 19:48
d
w- c:program filesTranslateIt!
2009-08-11 22:08 . 2009-08-11 22:08 11808 —-a-w- c:windowssystem326b2fsp9zare26505.dll
2009-08-05 15:33 . 2009-08-05 15:33 8185 —-a-w- c:windowssystem3241e5threat98576z.exe
2009-08-04 00:53 . 2009-08-04 00:53 4918 —-a-w- c:windowssystem325097za9ktool5f7.bin
2009-08-02 06:58 . 2009-08-02 06:58 7916 —-a-w- c:windowssystem323dcbt9zeat223945.exe
2009-07-31 19:17 . 2009-07-31 19:17
d-sh—w- c:documents and settingsLocalServiceIETldCache
2009-07-31 18:53 . 2009-07-31 18:53
d-sh—w- c:documents and settingsAdminPrivacIE
2009-07-31 18:51 . 2009-07-31 18:51
d-sh—w- c:documents and settingsAdminIETldCache
2009-07-31 18:49 . 2009-07-31 18:49
d
w- c:program filesYandex
2009-07-31 18:49 . 2009-07-31 18:49
d
w- c:documents and settingsAdminLocal SettingsApplication DataYandex
2009-07-31 18:49 . 2009-07-31 18:49
d
w- c:documents and settingsAdminApplication DataYandex
2009-07-31 18:49 . 2009-07-31 18:49
d—h—w- c:windowsmsdownld.tmp
2009-07-31 18:48 . 2009-07-31 18:49
d
w- c:windowssystem32ru-RU
2009-07-31 18:48 . 2009-07-31 18:48
dc-h—w- c:windowsie8
2009-07-26 17:46 . 2009-07-26 17:46
d
w- c:windowssystem32AGEIA
2009-07-26 17:46 . 2009-07-26 17:46
d
w- c:program filesAGEIA Technologies
2009-07-26 17:46 . 2009-07-26 17:46
d
w- c:program filesCommon FilesWise Installation Wizard
2009-07-26 11:04 . 2009-07-26 11:04 15082 —-a-w- c:windowssystem327ec8addwar5z592.dll
2009-07-25 06:42 . 2009-07-25 06:42
d
w- c:documents and settingsAdminLocal SettingsApplication DataPanda Security
2009-07-25 06:39 . 2009-08-16 17:00
d
w- c:documents and settingsAdminApplication DataPanda Security
2009-07-24 20:02 . 2009-07-24 20:02
d
w- c:documents and settingsLocalServiceРабочий стол
2009-07-24 05:32 . 2009-07-24 05:32 5930 —-a-w- c:windowssystem326513sparse194z.dll
2009-07-23 06:57 . 2009-07-23 06:57 12256 —-a-w- c:windowssystem3293z2threat24557.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 21:23 . 2009-01-11 14:03
d
w- c:documents and settingsAll UsersApplication DataPanda Security
2009-08-16 19:39 . 2009-08-16 19:39 805 —-a-w- c:windowssystem32driversSYMEVENT.INF
2009-08-16 19:39 . 2009-08-16 19:39 7386 —-a-w- c:windowssystem32driversSYMEVENT.CAT
2009-08-16 19:39 . 2009-08-17 09:02 371248 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022EECTRL.SYS
2009-08-16 19:39 . 2009-08-17 09:02 101936 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022ERASER.SYS
2009-08-16 19:39 . 2009-08-17 09:02 177520 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022NAVENG32.DLL
2009-08-16 19:39 . 2009-08-17 09:02 1181040 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022NAVEX32A.DLL
2009-08-16 19:39 . 2009-08-17 09:02 259368 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022ECMSVR32.DLL
2009-08-16 19:39 . 2009-08-17 09:02 2414128 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022CCERASER.DLL
2009-08-16 16:59 . 2007-01-29 09:53 65144 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-08-16 08:00 . 2009-08-17 09:02 87888 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022NAVENG.SYS
2009-08-16 08:00 . 2009-08-17 09:02 875728 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090816.022NAVEX15.SYS
2009-08-13 10:40 . 2008-08-15 16:40
d
w- c:program filesasd
2009-07-26 17:46 . 2007-02-23 13:21 413696 —-a-w- c:windowssystem32wrap_oal.dll
2009-07-26 17:46 . 2007-02-23 13:21
d
w- c:program filesOpenAL
2009-07-26 17:46 . 2007-02-23 13:21 110592 —-a-w- c:windowssystem32OpenAL32.dll
2009-07-25 07:56 . 2004-08-18 16:00 83306 —-a-w- c:windowssystem32perfc019.dat
2009-07-25 07:56 . 2004-08-18 16:00 481958 —-a-w- c:windowssystem32perfh019.dat
2009-07-25 06:36 . 2009-07-18 14:54
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-25 06:36 . 2007-12-06 12:14
d
w- c:program filesKaspersky Lab
2009-07-18 14:53 . 2008-10-12 15:21
d
w- c:program filesDrWeb
2009-07-18 13:45 . 2009-07-18 13:45
d
w- c:documents and settingsAdminApplication DataAvant Profiles
2009-07-18 11:24 . 2009-05-14 16:17
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-07-18 11:14 . 2009-07-18 11:14
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-07-13 14:25 . 2009-07-13 14:25 6106 —-a-w- c:windowssystem324fd9t5iefz919.exe
2009-07-11 19:34 . 2009-08-17 09:02 276344 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 276344 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSXpx86.sys
2009-07-11 19:34 . 2009-08-17 09:02 293424 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSvix86.sys
2009-07-11 19:34 . 2009-08-17 09:02 533880 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 533880 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubScxpx86.dll
2009-07-11 19:34 . 2009-08-17 09:02 451960 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSxpx86.dll
2009-07-11 19:34 . 2009-08-17 09:02 397360 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSviA64.sys
2009-07-11 19:34 . 2009-07-11 19:34 397360 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSviA64.sys
2009-07-09 15:54 . 2009-07-09 15:54 17209 —-a-w- c:windowssystem324a74steaz593.bin
2009-07-05 14:43 . 2009-07-05 14:43 11556 —-a-w- c:windowssystem32580zownlo9der2075.exe
2009-07-04 23:24 . 2009-07-04 23:24 15398 —-a-w- c:windowssystem326945ackzoolf1.dll
2009-07-04 07:07 . 2009-07-04 07:07 3684 —-a-w- c:windowssystem327709spzmb59765.bin
2009-07-02 18:48 . 2009-07-02 18:48 6559 —-a-w- c:windowssystem324f8c9oznloa5er2907.dll
2009-06-25 17:05 . 2009-06-25 17:05 5525 —-a-w- c:windowssystem3247935rzj8b.dll
2009-06-25 09:20 . 2009-06-25 09:20 4244 —-a-w- c:windowssystem32z91vir3535.bin
2009-06-23 20:48 . 2009-06-23 20:48 17401 —-a-w- c:windowssystem32e9caddz5re929.dll
2009-06-18 17:31 . 2009-06-18 17:31 9877 —-a-w- c:windowssystem3295855spyz2.exe
2009-06-18 11:42 . 2009-06-18 11:42 152512 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-06-17 16:48 . 2008-10-12 15:21 77824 —-atw- c:windowssystem32DRWEBSP.DLL
2009-06-15 07:04 . 2009-06-15 07:04 16539 —-a-w- c:windowssystem3239662w5rm24z.bin
2009-06-12 04:53 . 2009-06-12 04:53 15379 —-a-w- c:windowssystem32607zownloade5919.exe
2009-06-06 06:02 . 2009-06-06 06:02 14396 —-a-w- c:windowssystem32922dsteaz18695.exe
2009-06-05 06:19 . 2009-06-05 06:19 5985 —-a-w- c:windowssystem3252938zot-a-vir9s63a.exe
2009-06-04 08:47 . 2009-06-04 08:47 14258 —-a-w- c:windowssystem3256031notza-viru957b.dll
2009-05-27 14:51 . 2009-05-27 14:51 390664 —-a-w- c:documents and settingsAdminApplication DataRealRealPlayerUpdateRealPlayer11.exe
2009-05-25 16:16 . 2009-05-25 16:15 152521 —-a-w- c:windowshpoins14.dat
2007-06-04 11:16 . 2007-12-06 12:11 11454953 —-a-w- c:program filesav-i386-cumul.zip
.
Sigcheck
[-] 2006-04-08 13:42 360448 0F0EBDF4CE077111713D11CE5FAB877E c:windowssystem32driverstcpip.sys[-] 2006-04-14 18:17 1548288 EE700620B6CFE585350F64A603F6F3E3 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-24 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-24 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2004-11-24 880640]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadlibNMBgMonitor.exe» [2005-10-28 94208]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-01-11 39408]
«4bm8hfs5.exe»=»c:windowssystem324bm8hfs5.exe» [2009-08-16 326656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filespunto switcherps.exe» [2004-11-13 205824]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-03-03 335872]
«mouseElf»=»c:progra~1NAVIGA~1MouseElf.EXE» [2004-09-20 196608]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6Launch Application 2.exe» [2004-11-25 143360]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-11-08 128920]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«HP Software Update»=»c:program filesHewlett-PackardHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-03-27 593920]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-12-16 185896]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» [2009-05-14 68592]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-04-10 37888]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«CHotkey»=»mHotkey.exe» — c:windowsmHotkey.exe [2002-07-05 491008]
«SoundMan»=»SOUNDMAN.EXE» — c:windowssoundman.exe [2006-04-22 65024]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
hp psc 1000 series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-6 28672]
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2007-1-30 98304]
“бЄ®аҐл© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«ForceCopyACLWithFile»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
«ForceCopyACLWithFile»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymEFA.sys]
@=»FSFilter Activity Monitor»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\TotalCmd\TOTALCMD.EXE»=
«c:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe»=
«c:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [06.12.2005 19:11 35328]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNAV1005000.086SymEFA.sys [16.08.2009 23:39 310320]
R0 zmNTMon;zmNTMon;c:windowssystem32driversZmNTMon.sys [26.03.2007 23:23 5760]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversNAV1005000.086BHDrvx86.sys [16.08.2009 23:39 258608]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversNAV1005000.086cchpx86.sys [16.08.2009 23:39 482352]
R1 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSXpx86.sys [17.08.2009 13:02 276344]
R1 VD_FileDisk;VD_FileDisk;c:windowssystem32driversvd_filedisk.sys [16.04.2005 15:48 15232]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [16.08.2009 14:26 108289]
R2 Norton AntiVirus;Norton AntiVirus;c:program filesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe [16.08.2009 23:39 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [17.08.2009 0:10 101936]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:windowssystem32driversgflmouhid.sys [06.02.2007 15:31 6656]
S3 zlportio;zlportio;??c:игрыD-DAYD-DayDriver1zlportio.sys —> c:игрыD-DAYD-DayDriver1zlportio.sys [?]
S3 zmNTZip;zmNTZip;??c:program filesZipMagiczmNTZip.sys —> c:program filesZipMagiczmNTZip.sys [?]— Other Services/Drivers In Memory —
*NewlyCreated* — BITS
*NewlyCreated* — SRSERVICE
*Deregistered* — uphcleanhlp[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the ‘Scheduled Tasks’ folder2007-02-01 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8170355636.job
— c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-05 21:52]2007-02-01 c:windowsTasksWebReg 20070201214811.job
— c:program filesHewlett-PackardDigital ImagingBinhpqwrg.exe [2007-03-11 17:27]
.
— — — — ORPHANS REMOVED — — — —Toolbar-{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — (no file)
WebBrowser-{DFBEB35B-444D-4F25-8D7D-EB2683C206EC} — (no file)
HKCU-Run-SpybotSD TeaTimer — c:program filesSpybot — Search & DestroyTeaTimer.exe
HKLM-Run-d:ssclientssclientssClient.exe — d:ssclientssclientssClient.exe
HKLM-Run-d:internet explorerinstall_flash_player_10_active_x.exe — d:internet explorerinstall_flash_player_10_active_x.exe
HKLM-Run-DrWebScheduler — c:program filesDrWebDRWEBSCD.EXE
HKLM-Run-SpIDerNT — c:progra~1DrWebspiderui.exe
HKLM-Run-SpIDerMail — c:program filesDrWebspiderml.exe
HKLM-Run-oSecurity — c:program filesSmartfix2009osecurity.exe
HKLM-Explorer_Run-sysmgr — c:windowssystem32sysmgr.exe
SSODL-UpdateCheck-{FCFDF40A-03B2-41BB-B099-B7964DABC60C} — c:windowssystem32regjpi.dll
Notify-avldr — avldr.dll
SafeBoot-PskSvcRetail.
Supplementary Scan
.
uStart Page = hxxp://vdonsk.ru/
uInternet Connection Wizard,ShellNext = hxxp://hosting.conduit.com/Uninstall?toolbarid=&version=4.5.189.21&uid=
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {8AD3F6FA-5DCA-45DD-8BD4-5168DB8463EF} = 193.111.3.1,193.111.2.6
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 23:07
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
E:autorun.exe [1976] 0xFDBBFB50
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-823518204-1957994488-854245398-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,d8,7e,93,dd,91,a1,49,ac,7b,38,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,d8,7e,93,dd,91,a1,49,ac,7b,38,[HKEY_USERSS-1-5-21-823518204-1957994488-854245398-500SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(880)
c:windowsSYSTEM32Ati2evxx.dll
.
Completion time: 2009-08-17 23:11
ComboFix-quarantined-files.txt 2009-08-17 19:11Pre-Run: 12 765 179 904 байт свободно
Post-Run: 13 879 906 304 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /execute=optin /fastdetect /noguiboot /NOPAE1352
19 августа, 2009 в 6:41 пп #25294вот еще лог »Malwarebytes’ Anti- Malware’,может поможет
Malwarebytes’ Anti-Malware 1.40
Версия базы данных: 2657
Windows 5.1.2600 Service Pack 219.08.2009 22:29:45
mbam-log-2009-08-19 (22-29-45).txtТип проверки: Полная (C:|D:|E:|F:|)
Проверено объектов: 160035
Прошло времени: 52 minute(s), 52 second(s)Заражено процессов в памяти: 1
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 1
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 1Заражено процессов в памяти:
C:WINDOWSsystem324bm8hfs5.exe (Trojan.FakeAlert) -> Failed to unload process.Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
(Вредоносные программы не обнаружены)Заражено значений реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun4bm8hfs5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
C:WINDOWSsystem324bm8hfs5.exe (Trojan.FakeAlert) -> Delete on reboot.27 августа, 2009 в 4:57 пп #25295Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
RegLock::
[HKEY_USERSS-1-5-21-823518204-1957994488-854245398-500SoftwareMicrosoftInternet ExplorerUser Preferences]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
Так же сообщите как сейчас работает компьютер.28 августа, 2009 в 5:51 пп #25296ComboFix 09-08-27.A3 — Admin 28.08.2009 21:36.8.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.511.150 [GMT 4:00]
Running from: c:анти вирусыComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: R-Firewall *enabled* {5BD9A3DC-50A1-4B8B-9FFF-1BDFBD36831B}
.((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.2009-08-28 13:26 . 2009-08-25 08:00 1647984 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053NAVEX32A.DLL
2009-08-28 13:26 . 2009-08-26 08:00 371248 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053EECTRL.SYS
2009-08-28 13:26 . 2009-08-26 08:00 2747440 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053CCERASER.DLL
2009-08-28 13:26 . 2009-08-26 08:00 102448 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053ERASER.SYS
2009-08-28 13:26 . 2009-08-25 08:00 84912 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053NAVENG.SYS
2009-08-28 13:26 . 2009-08-25 08:00 259440 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053ECMSVR32.DLL
2009-08-28 13:26 . 2009-08-25 08:00 177520 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053NAVENG32.DLL
2009-08-28 13:26 . 2009-08-25 08:00 1323568 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsVirusDefs20090827.053NAVEX15.SYS
2009-08-19 17:32 . 2009-08-03 09:36 38160 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-08-19 17:32 . 2009-08-03 09:36 19096 —-a-w- c:windowssystem32driversmbam.sys
2009-08-19 17:32 . 2009-08-19 17:32
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-08-17 13:36 . 2009-08-26 18:51
d
w- c:program filestrend micro
2009-08-17 13:36 . 2009-08-17 13:37
d
w- C:rsit
2009-08-17 12:25 . 2009-08-17 12:25 0 —-a-w- C:backup.reg
2009-08-17 12:12 . 2009-08-17 12:32 574 —-a-w- C:cleanup.bat
2009-08-17 09:02 . 2009-07-11 19:34 276344 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSXpx86.sys
2009-08-17 09:02 . 2009-07-11 19:34 293424 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSvix86.sys
2009-08-17 09:02 . 2009-07-11 19:34 533880 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001Scxpx86.dll
2009-08-17 09:02 . 2009-07-11 19:34 451960 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSxpx86.dll
2009-08-17 09:02 . 2009-07-11 19:34 397360 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSviA64.sys
2009-08-16 19:39 . 2009-08-16 19:39 36400 —-a-r- c:windowssystem32driversSymIM.sys
2009-08-16 19:39 . 2009-08-16 20:00
d
w- c:program filesCommon FilesSymantec Shared
2009-08-16 19:39 . 2009-08-16 19:39 60808 —-a-w- c:windowssystem32S32EVNT1.DLL
2009-08-16 19:39 . 2009-08-16 19:39 124464 —-a-w- c:windowssystem32driversSYMEVENT.SYS
2009-08-16 19:39 . 2009-08-16 19:39 136840 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonSyKnAppSpatch25.dll
2009-08-16 19:39 . 2009-08-16 19:39 1290592 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonSyKnAppSSyKnAppS.dll
2009-08-16 19:39 . 2009-08-16 19:39 796016 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonCLTcltLMSx.dll
2009-08-16 19:39 . 2009-08-16 19:39
d
w- c:windowssystem32driversNAV
2009-08-16 19:38 . 2009-08-17 08:23
d
w- c:documents and settingsAll UsersApplication DataSymantec
2009-08-16 19:38 . 2009-08-16 19:39
d
w- c:program filesNorton AntiVirus
2009-08-16 19:38 . 2009-08-16 19:39
d
w- c:program filesWindows Sidebar
2009-08-16 19:38 . 2009-08-16 19:40
d
w- c:documents and settingsAll UsersApplication DataNorton
2009-08-16 16:59 . 2009-08-16 16:59
d
w- c:program filesInstallShield Installation Information
2009-08-16 16:14 . 2009-08-16 19:38
d
w- c:documents and settingsAll UsersApplication DataNortonInstaller
2009-08-16 16:14 . 2009-08-16 16:14
d
w- c:program filesNortonInstaller
2009-08-16 10:26 . 2009-07-28 12:33 55656 —-a-w- c:windowssystem32driversavgntflt.sys
2009-08-16 10:26 . 2009-03-30 06:33 96104 —-a-w- c:windowssystem32driversavipbb.sys
2009-08-16 10:26 . 2009-02-13 08:29 22360 —-a-w- c:windowssystem32driversavgntmgr.sys
2009-08-16 10:26 . 2009-02-13 08:17 45416 —-a-w- c:windowssystem32driversavgntdd.sys
2009-08-16 10:26 . 2009-08-16 10:26
d
w- c:program filesAvira
2009-08-16 10:26 . 2009-08-16 10:26
d
w- c:documents and settingsAll UsersApplication DataAvira
2009-08-13 09:54 . 2009-08-16 20:01
d
w- c:documents and settingsAdminApplication DataTranslateIt7.5
2009-08-13 09:54 . 2009-08-24 17:29
d
w- c:program filesTranslateIt!
2009-07-31 19:17 . 2009-07-31 19:17
d-sh—w- c:documents and settingsLocalServiceIETldCache
2009-07-31 18:53 . 2009-07-31 18:53
d-sh—w- c:documents and settingsAdminPrivacIE
2009-07-31 18:51 . 2009-07-31 18:51
d-sh—w- c:documents and settingsAdminIETldCache
2009-07-31 18:49 . 2009-07-31 18:49
d
w- c:program filesYandex
2009-07-31 18:49 . 2009-07-31 18:49
d
w- c:documents and settingsAdminLocal SettingsApplication DataYandex
2009-07-31 18:49 . 2009-07-31 18:49
d
w- c:documents and settingsAdminApplication DataYandex
2009-07-31 18:49 . 2009-07-31 18:49
d—h—w- c:windowsmsdownld.tmp
2009-07-31 18:48 . 2009-07-31 18:49
d
w- c:windowssystem32ru-RU
2009-07-31 18:48 . 2009-07-31 18:48
dc-h—w- c:windowsie8.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 15:22 . 2007-01-29 09:38 86327 —-a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2009-08-22 19:36 . 2009-07-18 11:14
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-08-16 21:23 . 2009-01-11 14:03
d
w- c:documents and settingsAll UsersApplication DataPanda Security
2009-08-16 19:39 . 2009-08-16 19:39 805 —-a-w- c:windowssystem32driversSYMEVENT.INF
2009-08-16 19:39 . 2009-08-16 19:39 7386 —-a-w- c:windowssystem32driversSYMEVENT.CAT
2009-08-16 17:00 . 2009-07-25 06:39
d
w- c:documents and settingsAdminApplication DataPanda Security
2009-08-16 16:59 . 2007-01-29 09:53 65144 —-a-w- c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-08-13 10:40 . 2008-08-15 16:40
d
w- c:program filesasd
2009-07-26 17:46 . 2009-07-26 17:46
d
w- c:program filesAGEIA Technologies
2009-07-26 17:46 . 2009-07-26 17:46
d
w- c:program filesCommon FilesWise Installation Wizard
2009-07-26 17:46 . 2007-02-23 13:21 413696 —-a-w- c:windowssystem32wrap_oal.dll
2009-07-26 17:46 . 2007-02-23 13:21
d
w- c:program filesOpenAL
2009-07-26 17:46 . 2007-02-23 13:21 110592 —-a-w- c:windowssystem32OpenAL32.dll
2009-07-25 07:56 . 2004-08-18 16:00 83306 —-a-w- c:windowssystem32perfc019.dat
2009-07-25 07:56 . 2004-08-18 16:00 481958 —-a-w- c:windowssystem32perfh019.dat
2009-07-25 06:36 . 2009-07-18 14:54
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-25 06:36 . 2007-12-06 12:14
d
w- c:program filesKaspersky Lab
2009-07-18 14:53 . 2008-10-12 15:21
d
w- c:program filesDrWeb
2009-07-18 13:45 . 2009-07-18 13:45
d
w- c:documents and settingsAdminApplication DataAvant Profiles
2009-07-18 11:24 . 2009-05-14 16:17
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-07-11 19:34 . 2009-07-11 19:34 276344 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubScxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 —-a-w- c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefsBinHubIDSviA64.sys
2009-07-03 12:02 . 2009-07-03 12:02 59992 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 2010 9.0.0.463Russiansetup.exe
2009-06-18 11:42 . 2009-06-18 11:42 152512 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-06-17 16:48 . 2008-10-12 15:21 77824 —-atw- c:windowssystem32DRWEBSP.DLL
2007-06-04 11:16 . 2007-12-06 12:11 11454953 —-a-w- c:program filesav-i386-cumul.zip
.
Sigcheck
[-] 2006-04-08 13:42 360448 0F0EBDF4CE077111713D11CE5FAB877E c:windowssystem32driverstcpip.sys[-] 2006-04-14 18:17 1548288 EE700620B6CFE585350F64A603F6F3E3 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-28_17.23.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 17:42 . 2009-08-28 17:42 53248 c:windowsTempcatchme.dll
— 2009-08-28 17:23 . 2009-08-28 17:23 53248 c:windowsTempcatchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-24 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-24 3697952][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«PcSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2004-11-24 880640]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadlibNMBgMonitor.exe» [2005-10-28 94208]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-01-11 39408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filespunto switcherps.exe» [2004-11-13 205824]
«VolumeControl»=»c:program filesVolumeControlvolume.exe» [2003-09-15 36864]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-03-03 335872]
«mouseElf»=»c:progra~1NAVIGA~1MouseElf.EXE» [2004-09-20 196608]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6Launch Application 2.exe» [2004-11-25 143360]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2005-11-08 128920]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«HP Software Update»=»c:program filesHewlett-PackardHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-03-27 593920]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-12-16 185896]
«Google Quick Search Box»=»c:program filesGoogleQuick Search BoxGoogleQuickSearchBox.exe» [2009-05-14 68592]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-04-10 37888]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«CHotkey»=»mHotkey.exe» — c:windowsmHotkey.exe [2002-07-05 491008]
«SoundMan»=»SOUNDMAN.EXE» — c:windowssoundman.exe [2006-04-22 65024]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
hp psc 1000 series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-6 28672]
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2007-1-30 98304]
“бЄ®аҐл© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«SynchronousMachineGroupPolicy»= 0 (0x0)
«SynchronousUserGroupPolicy»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)
«ForceCopyACLWithFile»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
«ForceCopyACLWithFile»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymEFA.sys]
@=»FSFilter Activity Monitor»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«Start»=dword:00000004[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\TotalCmd\TOTALCMD.EXE»=
«c:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe»=
«c:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe»=
«d:\Games\Counter-Strike 1.6 Melan\HL.EXE»=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [06.12.2005 19:11 35328]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNAV1005000.086SymEFA.sys [16.08.2009 23:39 310320]
R0 zmNTMon;zmNTMon;c:windowssystem32driversZmNTMon.sys [26.03.2007 23:23 5760]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversNAV1005000.086BHDrvx86.sys [16.08.2009 23:39 258608]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversNAV1005000.086cchpx86.sys [16.08.2009 23:39 482352]
R1 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20090810.001IDSXpx86.sys [17.08.2009 13:02 276344]
R1 VD_FileDisk;VD_FileDisk;c:windowssystem32driversvd_filedisk.sys [16.04.2005 15:48 15232]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [16.08.2009 14:26 108289]
R2 Norton AntiVirus;Norton AntiVirus;c:program filesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe [16.08.2009 23:39 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [26.08.2009 12:00 102448]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:windowssystem32driversgflmouhid.sys [06.02.2007 15:31 6656]
S3 zlportio;zlportio;??c:игрыD-DAYD-DayDriver1zlportio.sys —> c:игрыD-DAYD-DayDriver1zlportio.sys [?]
S3 zmNTZip;zmNTZip;??c:program filesZipMagiczmNTZip.sys —> c:program filesZipMagiczmNTZip.sys [?]— Other Services/Drivers In Memory —
*Deregistered* — uphcleanhlp
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the ‘Scheduled Tasks’ folder2007-02-01 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8170355636.job
— c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-05 21:52]2007-02-01 c:windowsTasksWebReg 20070201214811.job
— c:program filesHewlett-PackardDigital ImagingBinhpqwrg.exe [2007-03-11 17:27]
.
.
Supplementary Scan
.
uStart Page = hxxp://vdonsk.ru/
uInternet Connection Wizard,ShellNext = hxxp://hosting.conduit.com/Uninstall?toolbarid=&version=4.5.189.21&uid=
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
TCP: {8AD3F6FA-5DCA-45DD-8BD4-5168DB8463EF} = 193.111.3.1,193.111.2.6
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 21:42
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-823518204-1957994488-854245398-500SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(876)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(1040)
c:program filesTranslateIt!GetWordNT.dll
c:program filesVolumeControlwheel.dll
c:windowssystem32ieframe.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
.
Completion time: 2009-08-28 21:44
ComboFix-quarantined-files.txt 2009-08-28 17:44
ComboFix2.txt 2009-08-28 17:26
ComboFix3.txt 2009-08-26 18:11Pre-Run: 13 599 436 800 байт свободно
Post-Run: 13 582 884 864 байт свободно234
28 августа, 2009 в 5:58 пп #25297Компьютер работает вроде нормально,окна с предуприждениями уже не вылазят.Но внизу в углу экрана остался значек(оповещение системы безопасности Windows),который переодически меня предупреждает о «опасности»,и урать его не как не могу 🙁
30 августа, 2009 в 3:29 пп #25298Но внизу в углу экрана остался значек(оповещение системы безопасности Windows),который переодически меня предупреждает о «опасности»,
Что происходит если дважды кликнуть по этому значку.
31 августа, 2009 в 2:44 пп #25299окрывается окно («Центр обеспечения безопасности Windous»)
3 сентября, 2009 в 4:07 пп #25300О какой конкретно опасности ?
8 сентября, 2009 в 5:23 пп #25301все я закрыл этот значек,он меня постоянно просил обновить компоненты Windows.Спасибо за помощь,ваш ворум мне очень помог 😀
9 сентября, 2009 в 4:59 пп #25302Несколько завершающих действий.
1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и проверьте наличие обновлений для Windows.2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.
3. Подойдите к защите вашего компьютера более серьёзно.
У вас установлено два антивируса. Удалите один!Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую использовать только Оперу или Firefox.
4. Создайте новую точку восстановления.
Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.5. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
-
АвторСообщения
- Для ответа в этой теме необходимо авторизоваться.