Помогите не сил от троянов и вирусов

This topic has 28 ответов, 2 участника, and was last updated 16 years, 3 months назад by Admin.

Просмотр 15 сообщений - с 1 по 15 (из 29 всего)

1 2 →

Автор

Сообщения
12 апреля, 2009 в 9:48 дп #16578
Irit
Participant
- Темы:1
- Сообщений:15
Компьютер полон троянов и вирусов, сил нет,особенно Malware Deffender 2009.делала как здесь сказано http://www.spyware-ru.com/udalit-malware-defender-2009/ ничего не получилось ,Malware Deffender 2009 попрежнему вылазит, а Компьютер даже лог несмог выдать.
Прошу,помогите!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-12 12:33:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (35%) free of 20 GB
Total RAM: 511 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:36 PM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesBarak013Barak013_L2TPfts.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32wcenter.exe
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworksvchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMalware Defender 2009malwaredef.exe
C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Indexsvchos.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.il/
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vmule.com/2008home.htm
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:801;
R3 — URLSearchHook: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 — Hosts: 82.98.235.133 browser-security.microsoft.com
O1 — Hosts: 82.98.235.133 url.adtrgt.com
O1 — Hosts: 82.98.235.133 best-click-scanner.info
O1 — Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 — Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 — Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 — Hosts: 82.98.235.133 onlinenotifyq.net
O1 — Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 — Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: (no name) — {5401f76f-c658-4494-874f-2776064a814f} — (no file)
O2 — BHO: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {af69de43-7d58-4638-b6fa-ce66b5ad205d} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 — HKLM..Run: [USRpdA] C:WINDOWSSYSTEM32USRmlnkA.exe RunServices Device3cpipe-USRpdA
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [%FP%Barak013 L2TP fts.exe] «C:Program FilesBarak013Barak013_L2TPfts.exe»
O4 — HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 — HKLM..Run: [THOffice] C:Program FilesTHOfficeTHOffice.exe
O4 — HKLM..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKLM..Run: [malwaredef] C:Program FilesMalware Defender 2009malwaredef.exe
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKCU..Run: [loader] «C:Documents and SettingsAll UsersApplication DataMicrosoftNetworksvchost.exe» /n
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [begihedero] Rundll32.exe «C:WINDOWSsystem32tutepega.dll»,s (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1085153876706
O16 — DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) — http://download.divx.com/player/DivXBrowserPlugin.cab
O17 — HKLMSystemCCSServicesTcpip..{3944AA6F-F372-47E8-8E2A-D2ED4D61C062}: NameServer = 194.90.1.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: snuhrp.dll,C:WINDOWSsystem32gorumiba.dll
O21 — SSODL: DriversLoad — {AF120833-EBC2-4AB8-8E52-E7B95D1DBE20} — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia IndexDriverskzekwfccag.dll
O21 — SSODL: HardwareDrivers — {50D42344-0CE1-4A9F-9205-5187E767EBF4} — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia IndexDrivershdddriver.dll
O23 — Service: Automatic LiveUpdate Scheduler — Unknown owner — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: LiveUpdate — Unknown owner — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE (file missing)
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMIndexingService — Unknown owner — C:Program FilesCommon FilesNeroLibNMIndexingService.exe (file missing)
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe

—
End of file — 9053 bytes

======Scheduled tasks folder======

C:WINDOWStasksMP Scheduled Scan.job
C:WINDOWStaskssajeubch.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5401f76f-c658-4494-874f-2776064a814f}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-09-07 2403392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-25 737776]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{67aa0145-a051-4660-a910-22da3bab1fa5} — findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]
«NvMediaCenter»=C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«USRpdA»=C:WINDOWSSYSTEM32USRmlnkA.exe [2001-08-23 77891]
«NvCplDaemon»=C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]
«nwiz»=nwiz.exe /install []
«%FP%Barak013 L2TP fts.exe»=C:Program FilesBarak013Barak013_L2TPfts.exe [2004-01-07 77312]
«PinnacleDriverCheck»=C:WINDOWSsystem32PSDrvCheck.exe [2003-12-04 406016]
«THOffice»=C:Program FilesTHOfficeTHOffice.exe [2003-01-18 176128]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [2009-03-16 53248]
«malwaredef»=C:Program FilesMalware Defender 2009malwaredef.exe [2009-03-20 1012736]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [2009-03-16 53248]
«loader»=C:Documents and SettingsAll UsersApplication DataMicrosoftNetworksvchost.exe [2009-03-20 350720]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccApp]
C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]
C:Program FilesElaborate BytesCloneCDElbyCheck.exe /L ElbyCDFL []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPRONoMgr.exe]
C:Program FilesIntelNCSPROSetPRONoMgr.exe [2003-03-11 86016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampWinampa.exe [2008-01-16 37376]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»snuhrp.dll,C:WINDOWSsystem32gorumiba.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
DriversLoad — {AF120833-EBC2-4AB8-8E52-E7B95D1DBE20} — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia IndexDriverskzekwfccag.dll [2009-03-20 762368]
HardwareDrivers — {50D42344-0CE1-4A9F-9205-5187E767EBF4} — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia IndexDrivershdddriver.dll [2009-03-20 2352640]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WINDOW~4MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau
C:WINDOWSsystem32urqOIyaw
«notification packages»=cli
C:WINDOWSsystem32gorumiba.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1sxxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1xcxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2fjxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2jnxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3koxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4ptxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4txxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5ejxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5koxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6dixx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6jnxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7wbxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8aexx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8wcxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfj61.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1sxxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1xcxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2fjxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2jnxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3koxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4ptxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4txxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5ejxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5koxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6dixx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6jnxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7wbxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8aexx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8wcxx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfj61.sys]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32winlogon.exe»=»C:WINDOWSsystem32winlogon.exe:*:Enabled:winlogon»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-04-12 12:33:29 —-D—- C:rsit
2009-04-12 11:40:44 —-A—- C:WINDOWSsystem328404455741.dll
2009-04-04 22:36:04 —-D—- C:VundoFix Backups
2009-04-04 22:36:04 —-A—- C:VundoFix.txt
2009-03-30 21:10:06 —-D—- C:Program FilesWindows Defender
2009-03-28 14:57:23 —-D—- C:Documents and SettingsHebrewApplication DataMSN6
2009-03-28 14:57:23 —-D—- C:Documents and SettingsAll UsersApplication DataMSN6
2009-03-26 16:01:57 —-A—- C:WINDOWSsystem32snuhrp.bak
2009-03-25 15:53:10 —-ASH—- C:WINDOWSsystem32yqfqra.dll
2009-03-24 20:09:52 —-D—- C:Documents and SettingsHebrewApplication DataYandex
2009-03-24 20:08:48 —-D—- C:Program FilesMozilla Firefox
2009-03-24 18:49:21 —-ASH—- C:WINDOWSsystem32qrbbrt.dll
2009-03-23 20:44:38 —-ASH—- C:WINDOWSsystem32anrjsc.dll
2009-03-22 19:02:25 —-ASH—- C:WINDOWSsystem32xkutum.dll
2009-03-21 11:29:53 —-AH—- C:WINDOWSsystem32ouppvs.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32seipvj.dll
2009-03-20 13:41:41 —-A—- C:WINDOWSsystem32wcenter.exe
2009-03-20 13:41:40 —-D—- C:Program FilesMalware Defender 2009
2009-03-20 13:27:54 —-ASH—- C:WINDOWSsystem32jtqbis.dll
2009-03-19 20:06:22 —-ASH—- C:WINDOWSsystem32mqzeoh.dll
2009-03-19 08:06:04 —-ASH—- C:WINDOWSsystem32dgnjjl.dll
2009-03-18 14:31:40 —-ASH—- C:WINDOWSsystem32mufbhb.dll
2009-03-17 14:44:52 —-SH—- C:WINDOWSsystem32unadezuf.ini
2009-03-17 14:44:44 —-ASH—- C:WINDOWSsystem32agukws.dll
2009-03-16 19:05:22 —-SH—- C:WINDOWSsystem32idipunus.ini
2009-03-16 19:05:21 —-ASH—- C:WINDOWSsystem32cblmwb.dll
2009-03-16 16:08:47 —-A—- C:WINDOWSctfxmon.exe
2009-03-16 16:08:47 —-A—- C:WINDOWSctfxmon.dll
2009-03-15 17:59:47 —-A—- C:WINDOWSsystem32jefytqxo.dll
2009-03-15 17:58:29 —-A—- C:WINDOWSsystem32bhixzi.dll
2009-03-15 17:58:26 —-A—- C:WINDOWSsystem32mgscotpb.dll
2009-03-14 20:11:05 —-D—- C:Program FilesAntiSpyware Pro
2009-03-14 17:44:21 —-SH—- C:WINDOWSsystem32xgqejufi.ini
2009-03-14 17:44:17 —-A—- C:WINDOWSsystem32ptyipk.dll
2009-03-14 17:44:14 —-A—- C:WINDOWSsystem32rmictllv.dll

======List of files/folders modified in the last 1 months======

2009-04-12 12:25:47 —-D—- C:WINDOWSTemp
2009-04-12 11:43:24 —-SD—- C:WINDOWSTasks
2009-04-12 11:41:44 —-D—- C:WINDOWSPrefetch
2009-04-12 11:40:55 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-12 11:40:44 —-D—- C:WINDOWSsystem32
2009-04-10 10:06:51 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-10 09:59:08 —-D—- C:WINDOWS
2009-04-10 09:56:00 —-D—- C:WINDOWSsystem32Restore
2009-04-10 09:52:41 —-SHD—- C:System Volume Information
2009-03-31 20:26:47 —-D—- C:Program FilesSymantec AntiVirus
2009-03-31 20:22:43 —-D—- C:WINDOWSsystem32drivers
2009-03-31 19:54:06 —-D—- C:Program FilesSymantec
2009-03-30 21:10:15 —-SHD—- C:WINDOWSInstaller
2009-03-30 21:10:07 —-HD—- C:WINDOWSinf
2009-03-30 21:10:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-30 21:10:06 —-RD—- C:Program Files
2009-03-29 20:05:08 —-ASH—- C:WINDOWSsystem32sovowuyi.dll
2009-03-29 20:05:08 —-ASH—- C:WINDOWSsystem32fokivilo.exe
2009-03-28 21:41:16 —-ASH—- C:WINDOWSsystem32vekukedu.dll
2009-03-28 21:41:15 —-ASH—- C:WINDOWSsystem32busoguze.dll.vir
2009-03-28 21:41:14 —-ASH—- C:WINDOWSsystem32wesokaru.exe
2009-03-28 14:54:22 —-A—- C:WINDOWSNeroDigital.ini
2009-03-28 09:40:50 —-ASH—- C:WINDOWSsystem32nomajuzu.exe
2009-03-27 13:22:37 —-D—- C:WINDOWSHelp
2009-03-27 12:30:10 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32puyekebi.dll
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32daluwimo.exe
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32heruhozu.dll
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32filawuzo.dll
2009-03-25 21:06:03 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-25 15:53:09 —-ASH—- C:WINDOWSsystem32suwumuwo.dll
2009-03-24 21:02:00 —-D—- C:WINDOWSsystem
2009-03-24 20:53:34 —-D—- C:Program FilesCommon FilesACD Systems
2009-03-24 20:46:55 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-24 20:09:09 —-D—- C:Documents and SettingsHebrewApplication DataMozilla
2009-03-24 18:49:22 —-ASH—- C:WINDOWSsystem32seyayewi.dll
2009-03-24 18:49:20 —-ASH—- C:WINDOWSsystem32powirimu.dll
2009-03-23 20:44:38 —-ASH—- C:WINDOWSsystem32lilofati.dll
2009-03-22 20:43:32 —-D—- C:Program FilesWinamp
2009-03-22 19:02:31 —-ASH—- C:WINDOWSsystem32kozezupo.dll
2009-03-22 19:02:25 —-ASH—- C:WINDOWSsystem32kujonage.dll
2009-03-21 21:54:29 —-D—- C:Temp
2009-03-21 11:29:51 —-ASH—- C:WINDOWSsystem32rumerubo.dll
2009-03-21 11:29:50 —-ASH—- C:WINDOWSsystem32wonizaki.dll
2009-03-21 11:24:01 —-ASH—- C:WINDOWSsystem32jawepuwa.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32kohuhoro.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32fedozuta.dll
2009-03-20 20:57:20 —-D—- C:WINDOWSsystem32config
2009-03-20 14:03:29 —-D—- C:Documents and SettingsHebrewApplication DataSkype
2009-03-20 13:27:53 —-ASH—- C:WINDOWSsystem32yoletepu.dll
2009-03-19 20:06:21 —-ASH—- C:WINDOWSsystem32lebapide.dll
2009-03-19 20:06:19 —-ASH—- C:WINDOWSsystem32sofodowi.dll
2009-03-19 08:06:03 —-ASH—- C:WINDOWSsystem32zuyahoba.dll
2009-03-19 08:06:02 —-ASH—- C:WINDOWSsystem32jorukiyi.dll
2009-03-18 14:31:40 —-ASH—- C:WINDOWSsystem32satevowa.dll
2009-03-18 14:31:36 —-ASH—- C:WINDOWSsystem32zifutoro.dll
2009-03-17 14:44:44 —-ASH—- C:WINDOWSsystem32nifudoju.dll
2009-03-17 14:44:43 —-ASH—- C:WINDOWSsystem32lodivoyo.dll
2009-03-16 19:05:21 —-ASH—- C:WINDOWSsystem32nevigapi.dll
2009-03-16 19:05:19 —-ASH—- C:WINDOWSsystem32fujayagi.dll
2009-03-15 18:00:04 —-ASH—- C:WINDOWSsystem32wayIOqru.ini
2009-03-15 17:58:30 —-ASH—- C:WINDOWSsystem32wayIOqru.ini2
2009-03-15 17:58:22 —-A—- C:WINDOWSsystem32b3a7d999-.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2004-09-02 12928]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 IOSLINK;IOSLINK; ??C:WINDOWSsystem32driversIosLink.sys []
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-04 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 SetupNT;SetupNT; C:WINDOWSsystem32SetupNT.sys [2000-10-25 3000]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSSystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-03-24 1895648]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-08-03 9856]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S1 4656df52;4656df52; C:WINDOWSSystem32drivers4656df52.sys []
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S1 c10606f7;c10606f7; C:WINDOWSSystem32driversc10606f7.sys []
S1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
S1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
S2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys []
S2 npkcrypt;npkcrypt; ??C:Documents and SettingsHebrewDesktopmaple storynpkcrypt.sys []
S2 pjstrvst;pjstrvst; ??C:WINDOWSsystem32driverspjstrvst.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-10-04 401152]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-12-18 639836]
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSSystem32DRIVERSarp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys [2004-08-04 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinxsxx.sys [2004-08-04 63488]
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2003-03-04 145408]
S3 ElbyCDFL;ElbyCDFL; C:WINDOWSSystem32DriversElbyCDFL.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:WINDOWSsystem32driverses1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HCF_MSFT;HCF_MSFT; C:WINDOWSSystem32DRIVERSHCF_MSFT.sys [2001-08-17 907456]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSSystem32DRIVERSmsdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003naveng.sys []
S3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSSystem32DRIVERSnic1394.sys [2004-08-04 61824]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2004-09-03 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:WINDOWSSystem32DRIVERSsisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:WINDOWSsystem32DRIVERSsscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:WINDOWSsystem32DRIVERSsscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:WINDOWSsystem32DRIVERSsscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:WINDOWSsystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:WINDOWSsystem32DRIVERSUSRpdA.sys [2001-08-17 113762]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 XDva028;XDva028; ??C:WINDOWSsystem32XDva028.sys []
S3 XDva039;XDva039; ??C:WINDOWSsystem32XDva039.sys []
S3 XDva041;XDva041; ??C:WINDOWSsystem32XDva041.sys []
S3 XDva042;XDva042; ??C:WINDOWSsystem32XDva042.sys []
S3 XDva120;XDva120; ??C:WINDOWSsystem32XDva120.sys []
S3 XDva170;XDva170; ??C:WINDOWSsystem32XDva170.sys []
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSSystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S4 sr;System Restore Filter Driver; C:WINDOWSC:WINDOWSsystem32DRIVERSsr.sys []
S4 ws2ifsl;????? ????? ?? ??? ????? Windows Socket 2.0 Non-IFS; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2008-11-01 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSSystem32nvsvc32.exe [2004-03-24 110659]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-09-07 138168]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-11-01 14336]

EOF
13 апреля, 2009 в 4:12 пп #23429
Admin
Keymaster
- Темы:40
- Сообщений:5676
Здравствуйте, добро пожаловать на Spyware-ru форум.

Запустите HijackThis, для этого кликните Пуск, Выполнить, введите
```
C:Program FilesTrend MicroHijackThisHebrew.exe
```
и нажмите Enter.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:
```
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:801;

O1 - Hosts: 82.98.235.133 browser-security.microsoft.com

O1 - Hosts: 82.98.235.133 url.adtrgt.com

O1 - Hosts: 82.98.235.133 best-click-scanner.info

O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com

O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com

O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com

O1 - Hosts: 82.98.235.133 onlinenotifyq.net

O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com

O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
```
Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.

Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
```
:Processes

explorer.exe



:services

4656df52

c10606f7

pjstrvst

XDva028

XDva039

XDva041

XDva042

XDva120

XDva170

usprserv



:reg

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5401f76f-c658-4494-874f-2776064a814f}]



[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]

"malwaredef"=-

"ctfxmon.exe"=-



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

"ctfxmon.exe"=-

"loader"=-



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"AppInit_DLLS"=""



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]

"DriversLoad"=-

"HardwareDrivers"=-



[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]

"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00



[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1sxxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1xcxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2fjxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2jnxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3koxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4ptxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4txxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5ejxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5koxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6dixx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6jnxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7wbxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8aexx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8wcxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfj61.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1sxxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1xcxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2fjxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2jnxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3koxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4ptxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4txxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5ejxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5koxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6dixx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6jnxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7wbxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8aexx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8wcxx.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfj61.sys]



:files

C:WINDOWSsystem32snuhrp.bak

C:WINDOWSsystem32yqfqra.dll

C:WINDOWSsystem32qrbbrt.dll

C:WINDOWSsystem32anrjsc.dll

C:WINDOWSsystem32xkutum.dll

C:WINDOWSsystem32ouppvs.dll

C:WINDOWSsystem32seipvj.dll

C:WINDOWSsystem32wcenter.exe

C:Program FilesMalware Defender 2009

C:WINDOWSsystem32jtqbis.dll

C:WINDOWSsystem32mqzeoh.dll

C:WINDOWSsystem32dgnjjl.dll

C:WINDOWSsystem32mufbhb.dll

C:WINDOWSsystem32unadezuf.ini

C:WINDOWSsystem32agukws.dll

C:WINDOWSsystem32idipunus.ini

C:WINDOWSsystem32cblmwb.dll

C:WINDOWSctfxmon.exe

C:WINDOWSctfxmon.dll

C:WINDOWSsystem32jefytqxo.dll

C:WINDOWSsystem32bhixzi.dll

C:WINDOWSsystem32mgscotpb.dll

C:Program FilesAntiSpyware Pro

C:WINDOWSsystem32xgqejufi.ini

C:WINDOWSsystem32ptyipk.dll

C:WINDOWSsystem32rmictllv.dll

C:Documents and SettingsAll UsersApplication DataMicrosoftNetworksvchost.exe



:Commands

[emptytemp]

[start explorer]

[Reboot]
```
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
14 апреля, 2009 в 9:25 дп #23430
Irit
Participant
- Темы:1
- Сообщений:15
Сделала как было написано в точности, комп попросил перезагрузку но Malware Defender 2009, как бы не давал, я перезагрузила вручную,получила Лог,
хотела вставить , а Explorer,Mozilla не подымаются, как быть, теперь я и без интернета, пишу от подруги.
15 апреля, 2009 в 11:09 дп #23431
Irit
Participant
- Темы:1
- Сообщений:15
Кстати программа EMule у меня как нестранно работает, я проверяла ,а вот Mozilla показывает Проски — сервер отказывается принимать соединения,
прошу помогите, у меня все работы в универститете через интернет,подруга меня уже видить не может ей тоже заниматься надо.
Заранее благодарим.
17 апреля, 2009 в 3:03 пп #23432
Admin
Keymaster
- Темы:40
- Сообщений:5676
Удалив троян, мы и удалили сам прокси сервер.
Вам нужно запустить Файрефокс.
Кликните Инструменты, в выпадающем меню выберите Настройки.
Выберите пункт Дополнительно.
Выберите вкладку Сеть и кликните по кнопке Настроить.
Выберите пункт Не использовать настройки…
Кликните по кнопке OK.
19 апреля, 2009 в 4:29 пп #23433
Irit
Participant
- Темы:1
- Сообщений:15
Mozilla — заработала!!!!!!!!!
Спосибо.
А теперь о деле,вот лог.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

ServiceDriver 4656df52 deleted successfully.

ServiceDriver c10606f7 deleted successfully.

ServiceDriver pjstrvst deleted successfully.

ServiceDriver XDva028 deleted successfully.

ServiceDriver XDva039 deleted successfully.

ServiceDriver XDva041 deleted successfully.

ServiceDriver XDva042 deleted successfully.

ServiceDriver XDva120 deleted successfully.

ServiceDriver XDva170 deleted successfully.

ServiceDriver usprserv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5401f76f-c658-4494-874f-2776064a814f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\malwaredef deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\loader deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\»AppInit_DLLS»|»» /E : value set successfully!
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\DriversLoad deleted successfully.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\HardwareDrivers deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa\»Notification Packages»|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1sxxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1xcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2fjxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4ptxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4txxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5ejxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6dixx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7wbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8aexx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8wcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfj61.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1sxxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1xcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2fjxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4ptxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4txxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5ejxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6dixx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7wbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8aexx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8wcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfj61.sys\ deleted successfully.
========== FILES ==========
C:WINDOWSsystem32snuhrp.bak moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32yqfqra.dll
C:WINDOWSsystem32yqfqra.dll NOT unregistered.
C:WINDOWSsystem32yqfqra.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32qrbbrt.dll
C:WINDOWSsystem32qrbbrt.dll NOT unregistered.
C:WINDOWSsystem32qrbbrt.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32anrjsc.dll
C:WINDOWSsystem32anrjsc.dll NOT unregistered.
C:WINDOWSsystem32anrjsc.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32xkutum.dll
C:WINDOWSsystem32xkutum.dll NOT unregistered.
C:WINDOWSsystem32xkutum.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32ouppvs.dll
C:WINDOWSsystem32ouppvs.dll NOT unregistered.
C:WINDOWSsystem32ouppvs.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32seipvj.dll
C:WINDOWSsystem32seipvj.dll NOT unregistered.
C:WINDOWSsystem32seipvj.dll moved successfully.
C:WINDOWSsystem32wcenter.exe moved successfully.
C:Program FilesMalware Defender 2009quarantine moved successfully.
C:Program FilesMalware Defender 2009 moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32jtqbis.dll
C:WINDOWSsystem32jtqbis.dll NOT unregistered.
C:WINDOWSsystem32jtqbis.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32mqzeoh.dll
C:WINDOWSsystem32mqzeoh.dll NOT unregistered.
C:WINDOWSsystem32mqzeoh.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32dgnjjl.dll
C:WINDOWSsystem32dgnjjl.dll NOT unregistered.
C:WINDOWSsystem32dgnjjl.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32mufbhb.dll
C:WINDOWSsystem32mufbhb.dll NOT unregistered.
C:WINDOWSsystem32mufbhb.dll moved successfully.
C:WINDOWSsystem32unadezuf.ini moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32agukws.dll
C:WINDOWSsystem32agukws.dll NOT unregistered.
C:WINDOWSsystem32agukws.dll moved successfully.
C:WINDOWSsystem32idipunus.ini moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32cblmwb.dll
C:WINDOWSsystem32cblmwb.dll NOT unregistered.
C:WINDOWSsystem32cblmwb.dll moved successfully.
File move failed. C:WINDOWSctfxmon.exe scheduled to be moved on reboot.
LoadLibrary failed for C:WINDOWSctfxmon.dll
C:WINDOWSctfxmon.dll NOT unregistered.
File move failed. C:WINDOWSctfxmon.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:WINDOWSsystem32jefytqxo.dll
C:WINDOWSsystem32jefytqxo.dll NOT unregistered.
C:WINDOWSsystem32jefytqxo.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32bhixzi.dll
C:WINDOWSsystem32bhixzi.dll NOT unregistered.
C:WINDOWSsystem32bhixzi.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32mgscotpb.dll
C:WINDOWSsystem32mgscotpb.dll NOT unregistered.
C:WINDOWSsystem32mgscotpb.dll moved successfully.
Folder move failed. C:Program FilesAntiSpyware Pro scheduled to be moved on reboot.
C:WINDOWSsystem32xgqejufi.ini moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32ptyipk.dll
C:WINDOWSsystem32ptyipk.dll NOT unregistered.
C:WINDOWSsystem32ptyipk.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32rmictllv.dll
C:WINDOWSsystem32rmictllv.dll NOT unregistered.
C:WINDOWSsystem32rmictllv.dll moved successfully.
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworksvchost.exe moved successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04142009_113922

Files moved on Reboot…
File C:Program FilesMalware Defender 2009quarantine not found!
File C:Program FilesMalware Defender 2009 not found!
File C:DOCUME~1HebrewLOCALS~1Temp~DF7B5B.tmp not found!
File C:DOCUME~1HebrewLOCALS~1Temp~DF8926.tmp not found!

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-19 19:29:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (34%) free of 20 GB
Total RAM: 511 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:38 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesBarak013Barak013_L2TPfts.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32rundll32.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.il/
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vmule.com/2008home.htm
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:801;
R3 — URLSearchHook: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {af69de43-7d58-4638-b6fa-ce66b5ad205d} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 — HKLM..Run: [USRpdA] C:WINDOWSSYSTEM32USRmlnkA.exe RunServices Device3cpipe-USRpdA
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [%FP%Barak013 L2TP fts.exe] «C:Program FilesBarak013Barak013_L2TPfts.exe»
O4 — HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 — HKLM..Run: [THOffice] C:Program FilesTHOfficeTHOffice.exe
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKLM..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [begihedero] Rundll32.exe «C:WINDOWSsystem32tutepega.dll»,s (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1085153876706
O16 — DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} — http://download.divx.com/player/DivXBrowserPlugin.cab
O17 — HKLMSystemCCSServicesTcpip..{3944AA6F-F372-47E8-8E2A-D2ED4D61C062}: NameServer = 194.90.1.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Automatic LiveUpdate Scheduler — Unknown owner — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: LiveUpdate — Unknown owner — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE (file missing)
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMIndexingService — Unknown owner — C:Program FilesCommon FilesNeroLibNMIndexingService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe

—
End of file — 7729 bytes

======Scheduled tasks folder======

C:WINDOWStasksMP Scheduled Scan.job
C:WINDOWStaskssajeubch.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-09-07 2403392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-25 737776]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{67aa0145-a051-4660-a910-22da3bab1fa5} — findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]
«NvMediaCenter»=C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«USRpdA»=C:WINDOWSSYSTEM32USRmlnkA.exe [2001-08-23 77891]
«NvCplDaemon»=C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]
«nwiz»=nwiz.exe /install []
«%FP%Barak013 L2TP fts.exe»=C:Program FilesBarak013Barak013_L2TPfts.exe [2004-01-07 77312]
«PinnacleDriverCheck»=C:WINDOWSsystem32PSDrvCheck.exe [2003-12-04 406016]
«THOffice»=C:Program FilesTHOfficeTHOffice.exe [2003-01-18 176128]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [2009-03-16 53248]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [2009-03-16 53248]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccApp]
C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]
C:Program FilesElaborate BytesCloneCDElbyCheck.exe /L ElbyCDFL []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPRONoMgr.exe]
C:Program FilesIntelNCSPROSetPRONoMgr.exe [2003-03-11 86016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampWinampa.exe []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WINDOW~4MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau
C:WINDOWSsystem32urqOIyaw

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32winlogon.exe»=»C:WINDOWSsystem32winlogon.exe:*:Enabled:winlogon»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-04-19 18:46:47 —-A—- C:WINDOWSsystem3215464723541.dll
2009-04-17 19:58:14 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-04-17 19:57:57 —-D—- C:Program FilesCDBurnerXP
2009-04-14 11:39:22 —-D—- C:_OTMoveIt
2009-04-12 12:33:29 —-D—- C:rsit
2009-04-04 22:36:04 —-D—- C:VundoFix Backups
2009-04-04 22:36:04 —-A—- C:VundoFix.txt
2009-03-30 21:10:06 —-D—- C:Program FilesWindows Defender
2009-03-28 14:57:23 —-D—- C:Documents and SettingsHebrewApplication DataMSN6
2009-03-28 14:57:23 —-D—- C:Documents and SettingsAll UsersApplication DataMSN6
2009-03-24 20:09:52 —-D—- C:Documents and SettingsHebrewApplication DataYandex
2009-03-24 20:08:48 —-D—- C:Program FilesMozilla Firefox

======List of files/folders modified in the last 1 months======

2009-04-19 19:12:52 —-D—- C:WINDOWS
2009-04-19 19:12:52 —-A—- C:WINDOWSNeroDigital.ini
2009-04-19 19:09:53 —-D—- C:WINDOWSTemp
2009-04-19 18:57:24 —-RD—- C:Program Files
2009-04-19 18:57:18 —-D—- C:WINDOWSPrefetch
2009-04-19 18:56:43 —-D—- C:Program FilesCyberLink
2009-04-19 18:56:41 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-19 18:56:03 —-D—- C:WINDOWSsystem32
2009-04-19 18:55:31 —-D—- C:Program FilesDivX
2009-04-19 18:49:28 —-SD—- C:WINDOWSTasks
2009-04-19 18:47:05 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-18 22:26:35 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-15 18:16:11 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-15 18:16:01 —-D—- C:WINDOWSsystem32drivers
2009-04-15 18:08:26 —-D—- C:WINDOWSHelp
2009-04-10 09:56:00 —-D—- C:WINDOWSsystem32Restore
2009-04-10 09:52:41 —-SHD—- C:System Volume Information
2009-03-31 20:26:47 —-D—- C:Program FilesSymantec AntiVirus
2009-03-31 19:54:06 —-D—- C:Program FilesSymantec
2009-03-30 21:10:15 —-SHD—- C:WINDOWSInstaller
2009-03-30 21:10:07 —-HD—- C:WINDOWSinf
2009-03-30 21:10:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-29 20:05:08 —-ASH—- C:WINDOWSsystem32sovowuyi.dll
2009-03-29 20:05:08 —-ASH—- C:WINDOWSsystem32fokivilo.exe
2009-03-28 21:41:16 —-ASH—- C:WINDOWSsystem32vekukedu.dll
2009-03-28 21:41:15 —-ASH—- C:WINDOWSsystem32busoguze.dll.vir
2009-03-28 21:41:14 —-ASH—- C:WINDOWSsystem32wesokaru.exe
2009-03-28 09:40:50 —-ASH—- C:WINDOWSsystem32nomajuzu.exe
2009-03-27 12:30:10 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32puyekebi.dll
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32daluwimo.exe
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32heruhozu.dll
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32filawuzo.dll
2009-03-25 21:06:03 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-25 15:53:09 —-ASH—- C:WINDOWSsystem32suwumuwo.dll
2009-03-24 21:02:00 —-D—- C:WINDOWSsystem
2009-03-24 20:53:34 —-D—- C:Program FilesCommon FilesACD Systems
2009-03-24 20:46:55 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-24 20:09:09 —-D—- C:Documents and SettingsHebrewApplication DataMozilla
2009-03-24 18:49:22 —-ASH—- C:WINDOWSsystem32seyayewi.dll
2009-03-24 18:49:20 —-ASH—- C:WINDOWSsystem32powirimu.dll
2009-03-23 20:44:38 —-ASH—- C:WINDOWSsystem32lilofati.dll
2009-03-22 19:02:31 —-ASH—- C:WINDOWSsystem32kozezupo.dll
2009-03-22 19:02:25 —-ASH—- C:WINDOWSsystem32kujonage.dll
2009-03-21 21:54:29 —-D—- C:Temp
2009-03-21 11:29:51 —-ASH—- C:WINDOWSsystem32rumerubo.dll
2009-03-21 11:29:50 —-ASH—- C:WINDOWSsystem32wonizaki.dll
2009-03-21 11:24:01 —-ASH—- C:WINDOWSsystem32jawepuwa.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32kohuhoro.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32fedozuta.dll
2009-03-20 22:21:04 —-D—- C:Program FilesAntiSpyware Pro
2009-03-20 20:57:20 —-D—- C:WINDOWSsystem32config
2009-03-20 14:03:29 —-D—- C:Documents and SettingsHebrewApplication DataSkype
2009-03-20 13:27:53 —-ASH—- C:WINDOWSsystem32yoletepu.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2004-09-02 12928]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 IOSLINK;IOSLINK; ??C:WINDOWSsystem32driversIosLink.sys []
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-04 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 SetupNT;SetupNT; C:WINDOWSsystem32SetupNT.sys [2000-10-25 3000]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSSystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-03-24 1895648]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-08-03 9856]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
S1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
S2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys []
S2 npkcrypt;npkcrypt; ??C:Documents and SettingsHebrewDesktopmaple storynpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-10-04 401152]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-12-18 639836]
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSSystem32DRIVERSarp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys [2004-08-04 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinxsxx.sys [2004-08-04 63488]
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2003-03-04 145408]
S3 ElbyCDFL;ElbyCDFL; C:WINDOWSSystem32DriversElbyCDFL.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:WINDOWSsystem32driverses1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HCF_MSFT;HCF_MSFT; C:WINDOWSSystem32DRIVERSHCF_MSFT.sys [2001-08-17 907456]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSSystem32DRIVERSmsdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003naveng.sys []
S3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSSystem32DRIVERSnic1394.sys [2004-08-04 61824]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2004-09-03 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:WINDOWSSystem32DRIVERSsisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:WINDOWSsystem32DRIVERSsscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:WINDOWSsystem32DRIVERSsscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:WINDOWSsystem32DRIVERSsscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:WINDOWSsystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:WINDOWSsystem32DRIVERSUSRpdA.sys [2001-08-17 113762]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSSystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S4 sr;System Restore Filter Driver; C:WINDOWSC:WINDOWSsystem32DRIVERSsr.sys []
S4 ws2ifsl;????? ????? ?? ??? ????? Windows Socket 2.0 Non-IFS; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2008-11-01 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSSystem32nvsvc32.exe [2004-03-24 110659]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-09-07 138168]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]

EOF
21 апреля, 2009 в 4:26 пп #23434
Admin
Keymaster
- Темы:40
- Сообщений:5676
Запустите редактор реестра, для этого кликните Пуск, затем Выполнить, введите regedit и нажмите Enter.
В левой панели открывайте по очереде следующие ключи реестра:
```
HKEY_LOCAL_MACHINE

SYSTEM

CurrentControlSet

Control

Lsa
```
В правой панели найдите параметр authentication packages, и кликните по нему дважды.
Откроется окно, отредактируйте текст, чтобы было
```
msv1_0

nwprovau
```
Кликните OK и закройте редактор реестра.

Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
```
:Processes

explorer.exe



:reg

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]

"ctfxmon.exe"=-



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

"ctfxmon.exe"=-



:files

C:WINDOWStaskssajeubch.job

C:WINDOWSsystem32sovowuyi.dll

C:WINDOWSsystem32fokivilo.exe

C:WINDOWSsystem32vekukedu.dll

C:WINDOWSsystem32busoguze.dll.vir

C:WINDOWSsystem32wesokaru.exe

C:WINDOWSsystem32nomajuzu.exe

C:WINDOWSsystem32sovowuyi.dll

C:WINDOWSsystem32fokivilo.exe

C:WINDOWSsystem32vekukedu.dll

C:WINDOWSsystem32busoguze.dll.vir

C:WINDOWSsystem32wesokaru.exe

C:WINDOWSsystem32nomajuzu.exe

C:WINDOWSsystem32suwumuwo.dll

C:WINDOWSsystem32seyayewi.dll

C:WINDOWSsystem32powirimu.dll

C:WINDOWSsystem32lilofati.dll

C:WINDOWSsystem32kozezupo.dll

C:WINDOWSsystem32kujonage.dll

C:WINDOWSsystem32rumerubo.dll

C:WINDOWSsystem32wonizaki.dll

C:WINDOWSsystem32jawepuwa.dll

C:WINDOWSsystem32kohuhoro.dll

C:WINDOWSsystem32fedozuta.dll

C:Program FilesAntiSpyware Pro

C:WINDOWSsystem32yoletepu.dll

C:WINDOWSctfxmon.exe



:Commands

[emptytemp]

[start explorer]

[Reboot]
```
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
21 апреля, 2009 в 5:40 пп #23435
Irit
Participant
- Темы:1
- Сообщений:15
Тяжко, но всё сделала как ты просил.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
========== FILES ==========
C:WINDOWStaskssajeubch.job moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32sovowuyi.dll
C:WINDOWSsystem32sovowuyi.dll NOT unregistered.
C:WINDOWSsystem32sovowuyi.dll moved successfully.
C:WINDOWSsystem32fokivilo.exe moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32vekukedu.dll
C:WINDOWSsystem32vekukedu.dll NOT unregistered.
C:WINDOWSsystem32vekukedu.dll moved successfully.
C:WINDOWSsystem32busoguze.dll.vir moved successfully.
C:WINDOWSsystem32wesokaru.exe moved successfully.
C:WINDOWSsystem32nomajuzu.exe moved successfully.
File/Folder C:WINDOWSsystem32sovowuyi.dll not found.
File/Folder C:WINDOWSsystem32fokivilo.exe not found.
File/Folder C:WINDOWSsystem32vekukedu.dll not found.
File/Folder C:WINDOWSsystem32busoguze.dll.vir not found.
File/Folder C:WINDOWSsystem32wesokaru.exe not found.
File/Folder C:WINDOWSsystem32nomajuzu.exe not found.
DllUnregisterServer procedure not found in C:WINDOWSsystem32suwumuwo.dll
C:WINDOWSsystem32suwumuwo.dll NOT unregistered.
C:WINDOWSsystem32suwumuwo.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32seyayewi.dll
C:WINDOWSsystem32seyayewi.dll NOT unregistered.
C:WINDOWSsystem32seyayewi.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32powirimu.dll
C:WINDOWSsystem32powirimu.dll NOT unregistered.
C:WINDOWSsystem32powirimu.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32lilofati.dll
C:WINDOWSsystem32lilofati.dll NOT unregistered.
C:WINDOWSsystem32lilofati.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32kujonage.dll
C:WINDOWSsystem32kujonage.dll NOT unregistered.
C:WINDOWSsystem32kujonage.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32rumerubo.dll
C:WINDOWSsystem32rumerubo.dll NOT unregistered.
C:WINDOWSsystem32rumerubo.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32jawepuwa.dll
C:WINDOWSsystem32jawepuwa.dll NOT unregistered.
C:WINDOWSsystem32jawepuwa.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32kohuhoro.dll
C:WINDOWSsystem32kohuhoro.dll NOT unregistered.
C:WINDOWSsystem32kohuhoro.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32fedozuta.dll
C:WINDOWSsystem32fedozuta.dll NOT unregistered.
C:WINDOWSsystem32fedozuta.dll moved successfully.
C:Program FilesAntiSpyware Pro moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32yoletepu.dll
C:WINDOWSsystem32yoletepu.dll NOT unregistered.
C:WINDOWSsystem32yoletepu.dll moved successfully.
File move failed. C:WINDOWSctfxmon.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:DOCUME~1HebrewLOCALS~1Tempetilqs_conMNxfjaOM3Dfx9sgXm scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04212009_203004

Files moved on Reboot…
C:WINDOWSctfxmon.exe moved successfully.
File C:DOCUME~1HebrewLOCALS~1Tempetilqs_conMNxfjaOM3Dfx9sgXm not found!
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_001_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_002_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_003_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_MAP_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaulturlclassifier3.sqlite moved successfully.
Кстати у меня звук на колонках исчез, может подскажешь как востановить.
23 апреля, 2009 в 4:15 пп #23436
Admin
Keymaster
- Темы:40
- Сообщений:5676
Пришлите свежий RSIT лог.

А когда звук пропал ?
23 апреля, 2009 в 5:48 пп #23437
Irit
Participant
- Темы:1
- Сообщений:15
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-23 20:37:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (34%) free of 20 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:59 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesBarak013Barak013_L2TPfts.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSymantec AntiVirusDoScan.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.il/
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vmule.com/2008home.htm
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:801;
R3 — URLSearchHook: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {af69de43-7d58-4638-b6fa-ce66b5ad205d} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 — HKLM..Run: [USRpdA] C:WINDOWSSYSTEM32USRmlnkA.exe RunServices Device3cpipe-USRpdA
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [%FP%Barak013 L2TP fts.exe] «C:Program FilesBarak013Barak013_L2TPfts.exe»
O4 — HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 — HKLM..Run: [THOffice] C:Program FilesTHOfficeTHOffice.exe
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKLM..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKLM..Run: [CPMbbb72e7b] Rundll32.exe «C:WINDOWSsystem32kohuhoro.dll»,a
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [begihedero] Rundll32.exe «C:WINDOWSsystem32tutepega.dll»,s (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1085153876706
O16 — DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} — http://download.divx.com/player/DivXBrowserPlugin.cab
O17 — HKLMSystemCCSServicesTcpip..{3944AA6F-F372-47E8-8E2A-D2ED4D61C062}: NameServer = 194.90.1.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: c:windowssystem32seyayewi.dll c:windowssystem32kohuhoro.dll
O21 — SSODL: SSODL — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll (file missing)
O22 — SharedTaskScheduler: STS — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll (file missing)
O23 — Service: Automatic LiveUpdate Scheduler — Unknown owner — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: LiveUpdate — Unknown owner — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE (file missing)
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMIndexingService — Unknown owner — C:Program FilesCommon FilesNeroLibNMIndexingService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe

—
End of file — 8101 bytes

======Scheduled tasks folder======

C:WINDOWStasksMP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-09-07 2403392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-25 737776]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{67aa0145-a051-4660-a910-22da3bab1fa5} — findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]
«NvMediaCenter»=C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«USRpdA»=C:WINDOWSSYSTEM32USRmlnkA.exe [2001-08-23 77891]
«NvCplDaemon»=C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]
«nwiz»=nwiz.exe /install []
«%FP%Barak013 L2TP fts.exe»=C:Program FilesBarak013Barak013_L2TPfts.exe [2004-01-07 77312]
«PinnacleDriverCheck»=C:WINDOWSsystem32PSDrvCheck.exe [2003-12-04 406016]
«THOffice»=C:Program FilesTHOfficeTHOffice.exe [2003-01-18 176128]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe []
«CPMbbb72e7b»=C:WINDOWSsystem32kohuhoro.dll,a []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccApp]
C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]
C:Program FilesElaborate BytesCloneCDElbyCheck.exe /L ElbyCDFL []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPRONoMgr.exe]
C:Program FilesIntelNCSPROSetPRONoMgr.exe [2003-03-11 86016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampWinampa.exe []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»c:windowssystem32seyayewi.dll c:windowssystem32kohuhoro.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
SSODL — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerSharedTaskScheduler]
STS — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WINDOW~4MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32winlogon.exe»=»C:WINDOWSsystem32winlogon.exe:*:Enabled:winlogon»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-04-21 19:56:53 —-A—- C:WINDOWSsystem3216565329141.dll
2009-04-19 21:27:29 —-D—- C:Program FilesMPC HomeCinema
2009-04-19 21:15:07 —-D—- C:Program FilesThe KMPlayer
2009-04-19 20:55:48 —-A—- C:WINDOWSsystem32unrar.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSsystem32dpl100.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSsystem32divx.dll
2009-04-19 20:55:42 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-04-19 20:55:42 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-04-19 20:55:41 —-D—- C:Program FilesK-Lite Codec Pack
2009-04-19 20:55:41 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-04-17 19:58:14 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-04-17 19:57:57 —-D—- C:Program FilesCDBurnerXP
2009-04-14 11:39:22 —-D—- C:_OTMoveIt
2009-04-12 12:33:29 —-D—- C:rsit
2009-04-04 22:36:04 —-D—- C:VundoFix Backups
2009-04-04 22:36:04 —-A—- C:VundoFix.txt
2009-03-30 21:10:06 —-D—- C:Program FilesWindows Defender
2009-03-28 14:57:23 —-D—- C:Documents and SettingsHebrewApplication DataMSN6
2009-03-28 14:57:23 —-D—- C:Documents and SettingsAll UsersApplication DataMSN6
2009-03-24 20:09:52 —-D—- C:Documents and SettingsHebrewApplication DataYandex
2009-03-24 20:08:48 —-D—- C:Program FilesMozilla Firefox

======List of files/folders modified in the last 1 months======

2009-04-23 20:37:23 —-D—- C:WINDOWSTemp
2009-04-22 21:39:19 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-22 19:22:45 —-D—- C:WINDOWSPrefetch
2009-04-22 15:12:47 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-22 15:12:45 —-SD—- C:WINDOWSTasks
2009-04-21 20:33:46 —-D—- C:WINDOWS
2009-04-21 20:30:07 —-RD—- C:Program Files
2009-04-21 20:30:07 —-D—- C:WINDOWSsystem32
2009-04-19 21:29:44 —-A—- C:WINDOWSNeroDigital.ini
2009-04-19 18:56:43 —-D—- C:Program FilesCyberLink
2009-04-19 18:56:41 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-19 18:55:31 —-D—- C:Program FilesDivX
2009-04-15 18:16:11 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-15 18:16:01 —-D—- C:WINDOWSsystem32drivers
2009-04-15 18:08:26 —-D—- C:WINDOWSHelp
2009-04-10 09:56:00 —-D—- C:WINDOWSsystem32Restore
2009-04-10 09:52:41 —-SHD—- C:System Volume Information
2009-03-31 20:26:47 —-D—- C:Program FilesSymantec AntiVirus
2009-03-31 19:54:06 —-D—- C:Program FilesSymantec
2009-03-30 21:10:15 —-SHD—- C:WINDOWSInstaller
2009-03-30 21:10:07 —-HD—- C:WINDOWSinf
2009-03-30 21:10:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-27 12:30:10 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32puyekebi.dll
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32daluwimo.exe
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32heruhozu.dll
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32filawuzo.dll
2009-03-25 21:06:03 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-24 21:02:00 —-D—- C:WINDOWSsystem
2009-03-24 20:53:34 —-D—- C:Program FilesCommon FilesACD Systems
2009-03-24 20:46:55 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-24 20:09:09 —-D—- C:Documents and SettingsHebrewApplication DataMozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2004-09-02 12928]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 IOSLINK;IOSLINK; ??C:WINDOWSsystem32driversIosLink.sys []
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-04 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 SetupNT;SetupNT; C:WINDOWSsystem32SetupNT.sys [2000-10-25 3000]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSSystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-03-24 1895648]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-08-03 9856]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
S1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
S2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys []
S2 npkcrypt;npkcrypt; ??C:Documents and SettingsHebrewDesktopmaple storynpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-10-04 401152]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-12-18 639836]
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSSystem32DRIVERSarp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys [2004-08-04 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinxsxx.sys [2004-08-04 63488]
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2003-03-04 145408]
S3 ElbyCDFL;ElbyCDFL; C:WINDOWSSystem32DriversElbyCDFL.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:WINDOWSsystem32driverses1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HCF_MSFT;HCF_MSFT; C:WINDOWSSystem32DRIVERSHCF_MSFT.sys [2001-08-17 907456]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSSystem32DRIVERSmsdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003naveng.sys []
S3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSSystem32DRIVERSnic1394.sys [2004-08-04 61824]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2004-09-03 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:WINDOWSSystem32DRIVERSsisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:WINDOWSsystem32DRIVERSsscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:WINDOWSsystem32DRIVERSsscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:WINDOWSsystem32DRIVERSsscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:WINDOWSsystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:WINDOWSsystem32DRIVERSUSRpdA.sys [2001-08-17 113762]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSSystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S4 sr;System Restore Filter Driver; C:WINDOWSC:WINDOWSsystem32DRIVERSsr.sys []
S4 ws2ifsl;????? ????? ?? ??? ????? Windows Socket 2.0 Non-IFS; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2008-11-01 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSSystem32nvsvc32.exe [2004-03-24 110659]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-09-07 138168]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]

EOF

Насчёт звука я не помню в какой момент он исчез, так же антивирус Semantek antivirus не включается,может его стоит удалить,он мне честно надоел,и поставить другой?
25 апреля, 2009 в 4:03 пп #23438
Admin
Keymaster
- Темы:40
- Сообщений:5676
Symantec AV это в общём то не плохой антивирус, но если он вас не устраивает, то всегда существует возможность сменить программу.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
25 апреля, 2009 в 7:34 пп #23439
Irit
Participant
- Темы:1
- Сообщений:15
ComboFix 09-04-25.A1 — Hebrew 04/25/2009 22:19.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.511.279 [GMT 3:00]
Running from: c:documents and settingsHebrewDesktopComboFix.exe
Command switches used :: c:documents and settingsHebrewDesktopWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDrivers
c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDriversc.cgm
c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDrivershdddriver.dll
c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDriverskzekwfccag.dll
c:windowssystem3216565329141.dll
c:windowssystem32aeagxgxc.ini
c:windowssystem32ajtajoll.ini
c:windowssystem32aovrmhjl.ini
c:windowssystem32aqjatfct.ini
c:windowssystem32aqxidjqa.ini
c:windowssystem32auaxbnkv.ini
c:windowssystem32aujoofjm.ini
c:windowssystem32aunbmkeh.ini
c:windowssystem32auruxhcw.ini
c:windowssystem32avmsefnt.ini
c:windowssystem32awbuodiu.ini
c:windowssystem32aygitece.ini
c:windowssystem32bckfqbke.ini
c:windowssystem32bddweqwr.ini
c:windowssystem32bfspoxfj.ini
c:windowssystem32bhlopyuk.ini
c:windowssystem32bitxvcva.ini
c:windowssystem32bjdgwkmc.ini
c:windowssystem32bklrfdeo.ini
c:windowssystem32blihfoab.ini
c:windowssystem32bmquvjpv.ini
c:windowssystem32boelrvhw.ini
c:windowssystem32bpbkvocu.ini
c:windowssystem32bplkbutb.ini
c:windowssystem32brurrptd.ini
c:windowssystem32bucggxey.ini
c:windowssystem32bvimawtf.ini
c:windowssystem32bybiyjbe.ini
c:windowssystem32byikylah.ini
c:windowssystem32bywcbscu.ini
c:windowssystem32catertwd.ini
c:windowssystem32ceowwsqb.ini
c:windowssystem32chcyadkq.ini
c:windowssystem32cnbuhnta.ini
c:windowssystem32coolrhcn.ini
c:windowssystem32cqueqckh.ini
c:windowssystem32csgjchpf.ini
c:windowssystem32cusstojw.ini
c:windowssystem32cviumwgo.ini
c:windowssystem32cwioplni.ini
c:windowssystem32cwxajlyr.ini
c:windowssystem32daluwimo.exe
c:windowssystem32daxqsybo.ini
c:windowssystem32dbtbsprs.ini
c:windowssystem32dcnguqmg.ini
c:windowssystem32ddmitggk.ini
c:windowssystem32decerhtv.ini
c:windowssystem32dejkaome.ini
c:windowssystem32deoikpoi.ini
c:windowssystem32dktixkbg.ini
c:windowssystem32dliorlyf.ini
c:windowssystem32dqqolell.ini
c:windowssystem32drysrasq.ini
c:windowssystem32dtgyaqnf.ini
c:windowssystem32dvlrflor.ini
c:windowssystem32dxmrbbru.ini
c:windowssystem32ebtfeqfl.ini
c:windowssystem32efvnoray.ini
c:windowssystem32efysievj.ini
c:windowssystem32eidkwthl.ini
c:windowssystem32ejpsagtr.ini
c:windowssystem32ejucegry.ini
c:windowssystem32enpfstpc.ini
c:windowssystem32erbmqdbp.ini
c:windowssystem32fanwomfy.ini
c:windowssystem32fbhfdbxx.ini
c:windowssystem32fbkjiqge.ini
c:windowssystem32fdjftnjh.ini
c:windowssystem32fdpdsphg.ini
c:windowssystem32fdshwrqw.ini
c:windowssystem32feylabhm.ini
c:windowssystem32fhmbtsqh.ini
c:windowssystem32filawuzo.dll
c:windowssystem32fiogurbw.ini
c:windowssystem32fiuirdgb.ini
c:windowssystem32fjvyhdao.ini
c:windowssystem32fmituigw.ini
c:windowssystem32foogvlxo.ini
c:windowssystem32fqusnjmi.ini
c:windowssystem32frjogokg.ini
c:windowssystem32fujayagi.dll
c:windowssystem32fwbipnje.ini
c:windowssystem32fxxyosbp.ini
c:windowssystem32fyeagedu.ini
c:windowssystem32gadjxiln.ini
c:windowssystem32glcjlvcr.ini
c:windowssystem32gldqjsrl.ini
c:windowssystem32gmciirxm.ini
c:windowssystem32gndovajb.ini
c:windowssystem32goocecqe.ini
c:windowssystem32graiattk.ini
c:windowssystem32gtmraspu.ini
c:windowssystem32gudlbbhh.ini
c:windowssystem32guxkelps.ini
c:windowssystem32gvwnddng.ini
c:windowssystem32gydptggs.ini
c:windowssystem32hcndxsad.ini
c:windowssystem32hcxqugrh.ini
c:windowssystem32hdsxjgqv.ini
c:windowssystem32heruhozu.dll
c:windowssystem32hgjksfwv.ini
c:windowssystem32hjtysatn.ini
c:windowssystem32homjjklr.ini
c:windowssystem32hsdmqthm.ini
c:windowssystem32hsyhnlfa.ini
c:windowssystem32iegennlq.ini
c:windowssystem32ieprrpux.ini
c:windowssystem32ihtjsukm.ini
c:windowssystem32iixvwnoc.ini
c:windowssystem32imbhoyuw.ini
c:windowssystem32imjawtlx.ini
c:windowssystem32imyssaxg.ini
c:windowssystem32iqaoxjro.ini
c:windowssystem32iuwgudxm.ini
c:windowssystem32ivwmbigx.ini
c:windowssystem32iwbixwdp.ini
c:windowssystem32iwpssvkw.ini
c:windowssystem32iytqyypn.ini
c:windowssystem32jahrxnci.ini
c:windowssystem32jbkokmxo.ini
c:windowssystem32jblsnita.ini
c:windowssystem32jbysvgbd.ini
c:windowssystem32jchxtrst.ini
c:windowssystem32jcynujbv.ini
c:windowssystem32jewwwort.ini
c:windowssystem32jfdrfhsh.ini
c:windowssystem32jhfvhwjt.ini
c:windowssystem32jojynpud.ini
c:windowssystem32jolgokrf.ini
c:windowssystem32jorukiyi.dll
c:windowssystem32jqlhjirx.ini
c:windowssystem32jrfdgwmw.ini
c:windowssystem32jsthcvka.ini
c:windowssystem32jtmxeppk.ini
c:windowssystem32jvjfjspa.ini
c:windowssystem32jvliwagu.ini
c:windowssystem32jxbdkbfk.ini
c:windowssystem32jxcesrbi.ini
c:windowssystem32jyrgqykp.ini
c:windowssystem32kbcocyau.ini
c:windowssystem32kbjjccrx.ini
c:windowssystem32khyqhffo.ini
c:windowssystem32kkixdiri.ini
c:windowssystem32kkvpjbtw.ini
c:windowssystem32klctyatb.ini
c:windowssystem32kozezupo.dll
c:windowssystem32kqrwnhkj.ini
c:windowssystem32kvkcyhiv.ini
c:windowssystem32kvmdjroi.ini
c:windowssystem32lbsabelf.ini
c:windowssystem32lcdhyybv.ini
c:windowssystem32lcrjimdw.ini
c:windowssystem32lcwxrlgq.ini
c:windowssystem32lddvjsve.ini
c:windowssystem32ldplwvme.ini
c:windowssystem32lebapide.dll
c:windowssystem32lecaiqkr.ini
c:windowssystem32lejnshxn.ini
c:windowssystem32ljbdftxv.ini
c:windowssystem32ljgpclhp.ini
c:windowssystem32lnddfojy.ini
c:windowssystem32lnxcmepy.ini
c:windowssystem32lodivoyo.dll
c:windowssystem32lomqidjl.ini
c:windowssystem32lqmwdroc.ini
c:windowssystem32lqudamrd.ini
c:windowssystem32lrnpjxap.ini
c:windowssystem32lucwntph.ini
c:windowssystem32lywkejpu.ini
c:windowssystem32mbevrbql.ini
c:windowssystem32mdocoxhk.ini
c:windowssystem32meatekan.ini
c:windowssystem32mfdatkqq.ini
c:windowssystem32midnoiiq.ini
c:windowssystem32mjhcvvqw.ini
c:windowssystem32mjuqwyto.ini
c:windowssystem32mkpdnclm.ini
c:windowssystem32mmemhxut.ini
c:windowssystem32mniqowei.ini
c:windowssystem32mooeiksn.ini
c:windowssystem32mvlyhsib.ini
c:windowssystem32mvnqggmg.ini
c:windowssystem32narnuoba.ini
c:windowssystem32ncppoabs.ini
c:windowssystem32nevigapi.dll
c:windowssystem32nfdqfysi.ini
c:windowssystem32ngwglsbm.ini
c:windowssystem32nifudoju.dll
c:windowssystem32niwurosy.ini
c:windowssystem32njnmbsvn.ini
c:windowssystem32nourctfv.ini
c:windowssystem32nqocmdwp.ini
c:windowssystem32nqrtbfbg.ini
c:windowssystem32nrtjpybf.ini
c:windowssystem32nsosdswv.ini
c:windowssystem32nvfttrtc.ini
c:windowssystem32nvxdsbhw.ini
c:windowssystem32nwsookfo.ini
c:windowssystem32ocbjwxtq.ini
c:windowssystem32ocdcjgls.ini
c:windowssystem32oeuflsco.ini
c:windowssystem32ojnukuny.ini
c:windowssystem32ojtbpkqj.ini
c:windowssystem32omnjwetn.ini
c:windowssystem32onmcomce.ini
c:windowssystem32ontkuyoj.ini
c:windowssystem32opauywei.ini
c:windowssystem32oqsakmbm.ini
c:windowssystem32oracvcyy.ini
c:windowssystem32osyiqecv.ini
c:windowssystem32ovohbthb.ini
c:windowssystem32owbdveoo.ini
c:windowssystem32pajngetg.ini
c:windowssystem32pbmuisqo.ini
c:windowssystem32pbqkdryv.ini
c:windowssystem32pbuxdtsc.ini
c:windowssystem32pdssmctg.ini
c:windowssystem32pdsuhlsk.ini
c:windowssystem32perqoouo.ini
c:windowssystem32pferrjpq.ini
c:windowssystem32phhpwamv.ini
c:windowssystem32plrrhdet.ini
c:windowssystem32pmeoebtm.ini
c:windowssystem32pmyumadg.ini
c:windowssystem32pnvdbhrm.ini
c:windowssystem32ppvnwphd.ini
c:windowssystem32prsifcen.ini
c:windowssystem32psiplpjv.ini
c:windowssystem32psobrehx.ini
c:windowssystem32ptgopcdl.ini
c:windowssystem32pthreadGC2.dll
c:windowssystem32pupvdtyu.ini
c:windowssystem32puqhirdl.ini
c:windowssystem32puyekebi.dll
c:windowssystem32qdyhlfnf.ini
c:windowssystem32qgokckuj.ini
c:windowssystem32qgspnqgj.ini
c:windowssystem32qguwidhi.ini
c:windowssystem32qiaggojy.ini
c:windowssystem32qjrfvwyy.ini
c:windowssystem32qmyjpjxu.ini
c:windowssystem32qsloxkjs.ini
c:windowssystem32rencbnsg.ini
c:windowssystem32reokmfli.ini
c:windowssystem32rfookurp.ini
c:windowssystem32rfpkibfp.ini
c:windowssystem32rjisvlir.ini
c:windowssystem32rllugkwd.ini
c:windowssystem32rloaqpfg.ini
c:windowssystem32rootgjmg.ini
c:windowssystem32roxfsgxh.ini
c:windowssystem32rrkorwaa.ini
c:windowssystem32rsaodeut.ini
c:windowssystem32rsjsimvd.ini
c:windowssystem32rsljhdex.ini
c:windowssystem32rssayctv.ini
c:windowssystem32rtbxegvs.ini
c:windowssystem32ruvtbpmg.ini
c:windowssystem32rvhhavkn.ini
c:windowssystem32rydoaobp.ini
c:windowssystem32samadehi.dll
c:windowssystem32sanxumja.ini
c:windowssystem32satevowa.dll
c:windowssystem32sawjbngu.ini
c:windowssystem32saxcqelu.ini
c:windowssystem32sbapafiq.ini
c:windowssystem32sgedwuxb.ini
c:windowssystem32sgvssrrt.ini
c:windowssystem32skurqstg.ini
c:windowssystem32slmqpsgc.ini
c:windowssystem32smqwnmdc.ini
c:windowssystem32sofodowi.dll
c:windowssystem32styftxuq.ini
c:windowssystem32svjucuhp.ini
c:windowssystem32teoxxoky.ini
c:windowssystem32tggkjdvb.ini
c:windowssystem32tijgsknk.ini
c:windowssystem32tjsshqdl.ini
c:windowssystem32ttobwebi.ini
c:windowssystem32turoglrx.ini
c:windowssystem32txqrhajh.ini
c:windowssystem32ublbckex.ini
c:windowssystem32ucaidstm.ini
c:windowssystem32udkvctcl.ini
c:windowssystem32ugccqcdq.ini
c:windowssystem32ukoovisd.ini
c:windowssystem32ukqouned.ini
c:windowssystem32umpvjtor.ini
c:windowssystem32uniqamkh.ini
c:windowssystem32upcjaniy.ini
c:windowssystem32uplpeuwo.ini
c:windowssystem32uthiglvu.ini
c:windowssystem32uyignwbl.ini
c:windowssystem32vdgwfcio.ini
c:windowssystem32vflednuy.ini
c:windowssystem32vgdenxct.ini
c:windowssystem32vhkyhhtm.ini
c:windowssystem32vibgixtx.ini
c:windowssystem32vmokdcbo.ini
c:windowssystem32vopjmqfr.ini
c:windowssystem32vvojmtla.ini
c:windowssystem32vvovapwt.ini
c:windowssystem32vwyiyaie.ini
c:windowssystem32wacpjwms.ini
c:windowssystem32wayIOqru.ini
c:windowssystem32wayIOqru.ini2
c:windowssystem32wcbtspan.ini
c:windowssystem32wcfpaudp.ini
c:windowssystem32wcludyax.ini
c:windowssystem32wkewhaqe.ini
c:windowssystem32wmaiiqem.ini
c:windowssystem32woivmnfp.ini
c:windowssystem32wonizaki.dll
c:windowssystem32wqruykmv.ini
c:windowssystem32wqveglng.ini
c:windowssystem32wspcrsdy.ini
c:windowssystem32wsvikpbj.ini
c:windowssystem32wvvtform.ini
c:windowssystem32xdksntfb.ini
c:windowssystem32xgbofwgd.ini
c:windowssystem32xhajouru.ini
c:windowssystem32xmuyhtof.ini
c:windowssystem32xqquxssv.ini
c:windowssystem32xrwixpqp.ini
c:windowssystem32xsopjcfm.ini
c:windowssystem32xtafewxw.ini
c:windowssystem32xtutovgu.ini
c:windowssystem32xuwafdoo.ini
c:windowssystem32ygkvaqfw.ini
c:windowssystem32yhbecwxk.ini
c:windowssystem32ymedmiuf.ini
c:windowssystem32ymhtrpdk.ini
c:windowssystem32yndonbfb.ini
c:windowssystem32ynqlhiwx.ini
c:windowssystem32yobijowu.dll
c:windowssystem32ythoqtdp.ini
c:windowssystem32yuxdaexf.ini
c:windowssystem32ywiqjxww.ini
c:windowssystem32ywllqewv.ini
c:windowssystem32yxxltsnj.ini
c:windowssystem32yyefurkr.ini
c:windowssystem32zifutoro.dll
c:windowssystem32zuyahoba.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_ASC3550P

Legacy_fci

Legacy_ICF

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-19 18:27 . 2009-04-19 18:27

d

w c:program filesMPC HomeCinema
2009-04-19 18:15 . 2009-04-19 18:18

d

w c:program filesThe KMPlayer
2009-04-19 16:12 . 2009-04-19 16:12 7680 —sha-w c:windowsThumbs.db
2009-04-17 16:58 . 2009-04-17 16:58

d

w c:documents and settingsHebrewApplication DataCanneverbe_Limited
2009-04-17 16:57 . 2009-04-17 16:57

d

w c:program filesCDBurnerXP
2009-04-14 08:39 . 2009-04-14 08:39

d

w C:_OTMoveIt
2009-04-12 09:33 . 2009-04-12 09:33

d

w C:rsit
2009-04-04 19:36 . 2009-04-04 19:36

d

w C:VundoFix Backups
2009-04-02 09:26 . 2009-04-02 09:26

d

w c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth
2009-03-30 18:10 . 2009-03-30 18:10

d

w c:program filesWindows Defender
2009-03-28 11:57 . 2009-03-28 11:59

d

w c:documents and settingsHebrewApplication DataMSN6
2009-03-28 11:57 . 2009-03-28 11:57

d

w c:documents and settingsAll UsersApplication DataMSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 17:33 . 2007-07-11 01:09 79832 —-a-w c:documents and settingsHebrewLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-19 17:55 . 2009-04-19 17:55

d

w c:program filesK-Lite Codec Pack
2009-04-19 15:56 . 2004-08-02 22:56

d

w c:program filesCyberLink
2009-04-19 15:56 . 2004-08-02 22:56

d—h—w c:program filesInstallShield Installation Information
2009-04-19 15:55 . 2004-08-02 22:46

d

w c:program filesDivX
2009-04-04 19:54 . 2009-04-04 19:36 272 —-a-w C:VundoFix.txt
2009-03-31 17:26 . 2007-07-10 07:06

d

w c:program filesSymantec AntiVirus
2009-03-31 16:54 . 2004-08-02 22:01

d

w c:program filesSymantec
2009-03-25 18:06 . 2008-11-01 12:04

d

w c:program filesMalwarebytes’ Anti-Malware
2009-03-24 17:53 . 2004-08-02 22:35

d

w c:program filesCommon FilesACD Systems
2009-03-24 17:46 . 2007-08-08 20:19

d

w c:documents and settingsHebrewApplication DatauTorrent
2009-03-24 17:09 . 2009-03-24 17:09

d

w c:documents and settingsHebrewApplication DataYandex
2009-03-21 20:05 . 2009-03-21 20:05 157130 —-a-w C:dwshield.log
2009-03-20 19:19 . 2009-03-20 19:15 441

w C:Win32.Worm.Downladup.Gen.log
2009-03-20 11:03 . 2007-11-10 11:17

d

w c:documents and settingsHebrewApplication DataSkype
2009-03-16 13:08 . 2009-03-16 13:08 245760 —-a-w c:windowsctfxmon.dll
2009-03-02 18:10 . 2009-04-19 17:55 67584 —-a-w c:windowssystem32ff_vfw.dll
2007-09-13 12:12 . 2007-09-13 12:12 129 —-a-w c:documents and settingsHebrewLocal SettingsApplication Datafusioncache.dat
2007-08-08 15:07 . 2007-08-08 15:07 68872 —-a-w c:documents and settingsEnglish.COMPUTERLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2007-08-08 15:01 . 2007-08-08 15:01 68872 —-a-w c:documents and settingsRussian.COMPUTERLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2007-07-11 01:12 . 2007-07-11 01:12 68872 —-a-w c:documents and settingsRussianLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2004-10-28 12:42 . 2004-10-28 12:42 69256 —-a-w c:documents and settingsEnglishLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
2008-05-12 06:18 1470488 —-a-w c:program filesfindercoiltbfin1.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{67aa0145-a051-4660-a910-22da3bab1fa5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488]

[HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{67AA0145-A051-4660-A910-22DA3BAB1FA5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488]

[HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-10-13 1694208]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-03 165784]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowsSystem32NvMcTray.dll» [2004-03-24 46080]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2006-09-27 125168]
«USRpdA»=»c:windowsSYSTEM32USRmlnkA.exe» [2001-08-23 77891]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-03-24 3309568]
«%FP%Barak013 L2TP fts.exe»=»c:program filesBarak013Barak013_L2TPfts.exe» [2004-01-07 77312]
«PinnacleDriverCheck»=»c:windowssystem32PSDrvCheck.exe» [2003-12-04 406016]
«THOffice»=»c:program filesTHOfficeTHOffice.exe» [2003-01-18 176128]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-12-18 64512]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-24 782336]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-13 39264]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=

R0 ati6jnxx;ati6jnxx; [x]
R3 SavRoam;SavRoam;c:program filesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
R3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:windowssystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S2 NwSapAgent;SAP Agent;c:windowssystem32svchost.exe [2008-11-01 14336]
S2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S3 EraserUtilDrvI7;EraserUtilDrvI7;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys [2008-09-17 99376]

.
Contents of the ‘Scheduled Tasks’ folder

2009-04-25 c:windowsTasksMP Scheduled Scan.job
— c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 16:20]
.
— — — — ORPHANS REMOVED — — — —

WebBrowser-{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} — (no file)
HKCU-Run-ctfxmon.exe — c:windowsctfxmon.exe
HKLM-Run-ctfxmon.exe — c:windowsctfxmon.exe
HKLM-Run-CPMbbb72e7b — c:windowssystem32kohuhoro.dll
HKU-Default-Run-ALUAlert — c:program filesSymantecLiveUpdateALUNotify.exe
HKU-Default-Run-ctfxmon.exe — c:windowsctfxmon.exe

.

Supplementary Scan

.
uStart Page = hxxp://www.google.co.il/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://www.vmule.com/2008home.htm
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:801;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
Trusted Zone: aol.comfree
TCP: {3944AA6F-F372-47E8-8E2A-D2ED4D61C062} = 194.90.1.5
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
FF — ProfilePath — c:documents and settingsHebrewApplication DataMozillaFirefoxProfiles997di54e.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=47185
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=41139&yasoft=barff&text=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 22:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
THOffice = c:program filesTHOfficeTHOffice.exe??nRun???u

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareMicrosoft M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*Recent File List]
«File1″=»c:\WINDOWS\system32\devmgmt.msc»
«File2″=»c:\WINDOWS\system32\compmgmt.msc»

[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:c4,ae,7d,61,d4,85,6a,d5,98,e0,81,1c,24,c8,72,e6,0b,3a,f3,08,f9,fe,54,
50,37,3a,a7,c2,05,05,2b,78,37,23,e1,8b,80,d6,8d,89,c1,7a,6d,a8,b0,1a,16,dd,
«??»=hex:59,bc,6f,2e,1e,b7,df,fe,88,24,d3,ad,1e,bf,2d,63

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«cd042efbbd7f7af1647644e76e06692b»=hex:c8,28,51,af,b0,29,a3,98,f2,aa,67,c8,16,
7c,94,e0,2e,e8,e1,00,eb,16,2b,de,65,87,e9,0c,1b,b9,c8,7d,e2,63,26,f1,3f,c8,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«bca643cdc5c2726b20d2ecedcc62c59b»=hex:46,47,15,b0,92,4b,c7,ef,0c,7a,d7,8a,08,
2e,9f,29,46,47,15,b0,92,4b,c7,ef,00,3c,19,aa,91,d3,31,b8,6a,9c,d6,61,af,45,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{684373FB-9CD8-4e47-B990-5A4466C16034}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2c81e34222e8052573023a60d06dd016″=hex:25,da,ec,7e,55,20,c9,26,14,3a,84,95,d3,
85,50,2f,7a,45,05,fd,91,e8,6f,31,69,dc,9d,5d,55,64,98,98,ff,7c,85,e0,43,d4,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2582ae41fb52324423be06337561aa48″=hex:86,8c,21,01,be,91,eb,e7,d1,09,1d,75,3a,
f1,98,21,6b,65,49,6a,7e,99,74,f7,37,61,61,27,48,51,58,6c,86,8c,21,01,be,91,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«caaeda5fd7a9ed7697d9686d4b818472″=hex:cd,44,cd,b9,a6,33,6c,cd,04,06,06,d8,64,
cf,90,c6,e9,02,6c,fa,fb,1d,47,57,ed,e3,ff,d0,fc,09,8f,d9,f5,1d,4d,73,a8,13,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«a4a1bcf2cc2b8bc3716b74b2b4522f5d»=hex:b0,18,ed,a7,3f,8d,37,a4,9e,8e,d5,17,d0,
a0,15,f7,50,93,e5,ab,ec,6a,4e,ab,9f,cc,52,be,e3,ba,38,0c,df,20,58,62,78,6b,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«4d370831d2c43cd13623e232fed27b7b»=hex:97,20,4e,9a,c7,f1,35,ee,2c,35,ae,61,24,
84,13,9f,97,20,4e,9a,c7,f1,35,ee,a2,de,8c,18,30,c5,2d,24,fb,a7,78,e6,12,2f,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1d68fe701cdea33e477eb204b76f993d»=hex:01,3a,48,fc,e8,04,4a,f1,06,51,3b,0d,bc,
35,9a,79,aa,52,c6,00,84,3c,26,64,95,13,d2,d8,f0,19,1f,3c,01,3a,48,fc,e8,04,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1fac81b91d8e3c5aa4b0a51804d844a3″=hex:f6,0f,4e,58,98,5b,89,c9,c3,28,47,20,b4,
7a,9f,11,b2,46,9a,e2,1b,fe,1b,94,8e,fc,cc,49,e4,e8,24,62,f6,0f,4e,58,98,5b,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«f5f62a6129303efb32fbe080bb27835b»=hex:b1,cd,45,5a,a8,c4,f8,b9,de,08,bd,66,99,
ed,98,b2,37,a4,aa,c3,a6,15,56,0a,ea,31,57,ae,92,3d,88,43,3d,ce,ea,26,2d,45,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«fd4e2e1a3940b94dceb5a6a021f2e3c6″=hex:f8,31,0f,a9,5f,a0,ec,fb,95,70,a3,e6,70,
0a,50,68,f8,31,0f,a9,5f,a0,ec,fb,9c,8c,b6,a8,ea,ed,ff,a3,2a,b7,cc,b5,b9,7f,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«8a8aec57dd6508a385616fbc86791ec2″=hex:fa,ea,66,7f,d4,3b,6b,70,d4,e8,79,dc,5a,
ad,3b,b4,05,73,21,dd,54,d8,4a,c5,20,98,80,19,dc,63,21,93,6c,43,2d,1e,aa,22,
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘explorer.exe'(3992)
c:windowssystem32msi.dll
c:windowsIMESPGRMR.DLL
c:program filesCommon FilesMicrosoft SharedINKSKCHUI.DLL
.

Other Running Processes

.
c:program filesCommon FilesSymantec SharedccSetMgr.exe
c:program filesCommon FilesSymantec SharedccEvtMgr.exe
c:program filesSymantec AntiVirusDefWatch.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesCDBurnerXPNMSAccessU.exe
c:windowssystem32nvsvc32.exe
c:program filesSymantec AntiVirusRtvscan.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32wscntfy.exe
c:program filesSymantec AntiVirusDoScan.exe
.
**************************************************************************
.
Completion time: 2009-04-25 22:28 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-25 19:28

Pre-Run: 6,864,474,112 bytes free
Post-Run: 7,187,795,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /fastdetect /NoExecute=OptIn

594
28 апреля, 2009 в 3:51 пп #23440
Admin
Keymaster
- Темы:40
- Сообщений:5676
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
```
Driver::

ati6jnxx

NwSapAgent
```
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
29 апреля, 2009 в 7:40 дп #23441
Irit
Participant
- Темы:1
- Сообщений:15
ComboFix 09-04-28.02 — Hebrew 04/29/2009 10:29.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.511.224 [GMT 3:00]
Running from: c:documents and settingsHebrewDesktopComboFix.exe
Command switches used :: c:documents and settingsHebrewDesktopCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_NWSAPAGENT

Service_ati6jnxx

Service_NwSapAgent

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-19 18:27 . 2009-04-19 18:27

d

w c:program filesMPC HomeCinema
2009-04-19 18:15 . 2009-04-19 18:18

d

w c:program filesThe KMPlayer
2009-04-19 17:55 . 2008-09-16 19:23 168448 —-a-w c:windowssystem32unrar.dll
2009-04-19 17:55 . 2004-01-25 16:18 217088 —-a-w c:windowssystem32yv12vfw.dll
2009-04-19 17:55 . 2008-12-07 18:08 795648 —-a-w c:windowssystem32xvidcore.dll
2009-04-19 17:55 . 2008-12-07 18:08 130048 —-a-w c:windowssystem32xvidvfw.dll
2009-04-19 17:55 . 2008-12-11 00:33 86016 —-a-w c:windowssystem32dpl100.dll
2009-04-19 17:55 . 2008-11-06 16:37 3596288 —-a-w c:windowssystem32qt-dx331.dll
2009-04-19 17:55 . 2008-11-06 16:33 684032 —-a-w c:windowssystem32divx.dll
2009-04-19 17:55 . 2009-03-02 18:10 67584 —-a-w c:windowssystem32ff_vfw.dll
2009-04-19 17:55 . 2009-04-19 17:55

d

w c:program filesK-Lite Codec Pack
2009-04-17 16:58 . 2009-04-17 16:58

d

w c:documents and settingsHebrewApplication DataCanneverbe_Limited
2009-04-17 16:57 . 2009-04-17 16:57

d

w c:program filesCDBurnerXP
2009-04-14 08:39 . 2009-04-14 08:39

d

w C:_OTMoveIt
2009-04-12 09:33 . 2009-04-12 09:33

d

w C:rsit
2009-04-04 19:36 . 2009-04-04 19:36

d

w C:VundoFix Backups
2009-04-02 09:26 . 2009-04-02 09:26

d

w c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth
2009-03-30 18:10 . 2009-03-30 18:10

d

w c:program filesWindows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 17:33 . 2007-07-11 01:09 79832 —-a-w c:documents and settingsHebrewLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-19 15:56 . 2004-08-02 22:56

d

w c:program filesCyberLink
2009-04-19 15:56 . 2004-08-02 22:56

d—h—w c:program filesInstallShield Installation Information
2009-04-19 15:55 . 2004-08-02 22:46

d

w c:program filesDivX
2009-03-31 17:26 . 2007-07-10 07:06

d

w c:program filesSymantec AntiVirus
2009-03-31 16:54 . 2004-08-02 22:01

d

w c:program filesSymantec
2009-03-25 18:06 . 2008-11-01 12:04

d

w c:program filesMalwarebytes’ Anti-Malware
2009-03-24 17:53 . 2004-08-02 22:35

d

w c:program filesCommon FilesACD Systems
2009-03-16 13:08 . 2009-03-16 13:08 245760 —-a-w c:windowsctfxmon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
2008-05-12 06:18 1470488 —-a-w c:program filesfindercoiltbfin1.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{67aa0145-a051-4660-a910-22da3bab1fa5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488]

[HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{67AA0145-A051-4660-A910-22DA3BAB1FA5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488]

[HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-10-13 1694208]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-03 165784]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowsSystem32NvMcTray.dll» [2004-03-24 46080]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2006-09-27 125168]
«USRpdA»=»c:windowsSYSTEM32USRmlnkA.exe» [2001-08-23 77891]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-03-24 3309568]
«%FP%Barak013 L2TP fts.exe»=»c:program filesBarak013Barak013_L2TPfts.exe» [2004-01-07 77312]
«PinnacleDriverCheck»=»c:windowssystem32PSDrvCheck.exe» [2003-12-04 406016]
«THOffice»=»c:program filesTHOfficeTHOffice.exe» [2003-01-18 176128]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-12-18 64512]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-24 782336]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-13 39264]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=

R3 SavRoam;SavRoam;c:program filesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
R3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:windowssystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S3 EraserUtilDrvI7;EraserUtilDrvI7;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys [2008-09-17 99376]

.
Contents of the ‘Scheduled Tasks’ folder

2009-04-29 c:windowsTasksMP Scheduled Scan.job
— c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 16:20]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.co.il/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://www.vmule.com/2008home.htm
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:801;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
Trusted Zone: aol.comfree
TCP: {3944AA6F-F372-47E8-8E2A-D2ED4D61C062} = 194.90.1.5
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
FF — ProfilePath — c:documents and settingsHebrewApplication DataMozillaFirefoxProfiles997di54e.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=47185
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=41139&yasoft=barff&text=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
THOffice = c:program filesTHOfficeTHOffice.exe??nRun???u

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareMicrosoft M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*Recent File List]
«File1″=»c:\WINDOWS\system32\devmgmt.msc»
«File2″=»c:\WINDOWS\system32\compmgmt.msc»

[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:c4,ae,7d,61,d4,85,6a,d5,98,e0,81,1c,24,c8,72,e6,0b,3a,f3,08,f9,fe,54,
50,37,3a,a7,c2,05,05,2b,78,37,23,e1,8b,80,d6,8d,89,c1,7a,6d,a8,b0,1a,16,dd,
«??»=hex:59,bc,6f,2e,1e,b7,df,fe,88,24,d3,ad,1e,bf,2d,63

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«cd042efbbd7f7af1647644e76e06692b»=hex:c8,28,51,af,b0,29,a3,98,f2,aa,67,c8,16,
7c,94,e0,2e,e8,e1,00,eb,16,2b,de,65,87,e9,0c,1b,b9,c8,7d,e2,63,26,f1,3f,c8,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«bca643cdc5c2726b20d2ecedcc62c59b»=hex:46,47,15,b0,92,4b,c7,ef,0c,7a,d7,8a,08,
2e,9f,29,46,47,15,b0,92,4b,c7,ef,00,3c,19,aa,91,d3,31,b8,6a,9c,d6,61,af,45,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{684373FB-9CD8-4e47-B990-5A4466C16034}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2c81e34222e8052573023a60d06dd016″=hex:25,da,ec,7e,55,20,c9,26,14,3a,84,95,d3,
85,50,2f,7a,45,05,fd,91,e8,6f,31,69,dc,9d,5d,55,64,98,98,ff,7c,85,e0,43,d4,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2582ae41fb52324423be06337561aa48″=hex:86,8c,21,01,be,91,eb,e7,d1,09,1d,75,3a,
f1,98,21,6b,65,49,6a,7e,99,74,f7,37,61,61,27,48,51,58,6c,86,8c,21,01,be,91,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«caaeda5fd7a9ed7697d9686d4b818472″=hex:cd,44,cd,b9,a6,33,6c,cd,04,06,06,d8,64,
cf,90,c6,e9,02,6c,fa,fb,1d,47,57,ed,e3,ff,d0,fc,09,8f,d9,f5,1d,4d,73,a8,13,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«a4a1bcf2cc2b8bc3716b74b2b4522f5d»=hex:b0,18,ed,a7,3f,8d,37,a4,9e,8e,d5,17,d0,
a0,15,f7,50,93,e5,ab,ec,6a,4e,ab,9f,cc,52,be,e3,ba,38,0c,df,20,58,62,78,6b,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«4d370831d2c43cd13623e232fed27b7b»=hex:97,20,4e,9a,c7,f1,35,ee,2c,35,ae,61,24,
84,13,9f,97,20,4e,9a,c7,f1,35,ee,a2,de,8c,18,30,c5,2d,24,fb,a7,78,e6,12,2f,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1d68fe701cdea33e477eb204b76f993d»=hex:01,3a,48,fc,e8,04,4a,f1,06,51,3b,0d,bc,
35,9a,79,aa,52,c6,00,84,3c,26,64,95,13,d2,d8,f0,19,1f,3c,01,3a,48,fc,e8,04,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1fac81b91d8e3c5aa4b0a51804d844a3″=hex:f6,0f,4e,58,98,5b,89,c9,c3,28,47,20,b4,
7a,9f,11,b2,46,9a,e2,1b,fe,1b,94,8e,fc,cc,49,e4,e8,24,62,f6,0f,4e,58,98,5b,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«f5f62a6129303efb32fbe080bb27835b»=hex:b1,cd,45,5a,a8,c4,f8,b9,de,08,bd,66,99,
ed,98,b2,37,a4,aa,c3,a6,15,56,0a,ea,31,57,ae,92,3d,88,43,3d,ce,ea,26,2d,45,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«fd4e2e1a3940b94dceb5a6a021f2e3c6″=hex:f8,31,0f,a9,5f,a0,ec,fb,95,70,a3,e6,70,
0a,50,68,f8,31,0f,a9,5f,a0,ec,fb,9c,8c,b6,a8,ea,ed,ff,a3,2a,b7,cc,b5,b9,7f,

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«8a8aec57dd6508a385616fbc86791ec2″=hex:fa,ea,66,7f,d4,3b,6b,70,d4,e8,79,dc,5a,
ad,3b,b4,05,73,21,dd,54,d8,4a,c5,20,98,80,19,dc,63,21,93,6c,43,2d,1e,aa,22,
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘explorer.exe'(2292)
c:windowssystem32msi.dll
c:windowsIMESPGRMR.DLL
c:program filesCommon FilesMicrosoft SharedINKSKCHUI.DLL
.

Other Running Processes

.
c:program filesCommon FilesSymantec SharedccSetMgr.exe
c:program filesCommon FilesSymantec SharedccEvtMgr.exe
c:program filesSymantec AntiVirusDefWatch.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesCDBurnerXPNMSAccessU.exe
c:windowssystem32nvsvc32.exe
c:program filesSymantec AntiVirusRtvscan.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32wscntfy.exe
c:program filesSymantec AntiVirusDoScan.exe
.
**************************************************************************
.
Completion time: 2009-04-29 10:37 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 07:37
ComboFix2.txt 2009-04-25 19:28

Pre-Run: 7,064,961,024 bytes free
Post-Run: 7,058,321,408 bytes free

224
30 апреля, 2009 в 12:52 пп #23442
Admin
Keymaster
- Темы:40
- Сообщений:5676
Лог выглядит нормально.
Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.
Автор

Сообщения