• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Помогите удалить Internet Antivirus Pro
Adguard
 

Помогите удалить Internet Antivirus Pro

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Помогите удалить Internet Antivirus Pro

  • This topic has 13 ответов, 2 участника, and was last updated 16 years, 3 months назад by Nadejda.
Просмотр 14 сообщений - с 1 по 14 (из 14 всего)
  • Автор
    Сообщения
  • 11 мая, 2009 в 3:18 пп #16657
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Здравствуйте! Сегодня установился и теперь постоянно выдает сообщение о вирусах, опасности, просит регистрацию за некую сумму и т.п. Очень прошу Вас о помощи удалить этого паразита!!! Также очень буду Вам благодарна за советы в целом как подлечить и почистить мой комп, т.к. ему 3 года и за это время ни разу не лечился. В «пуске» куча программ, многими из которых не пользуюсь и не знаю для чего они нужны и можно ли их безболезненно удалить. 🙄
    Вот мои данные:

    info.txt logfile of random’s system information tool 1.06 2009-05-11 18:22:59

    ======Uninstall list======

    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
    Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
    Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 9 ActiveX—>C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
    Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Media Player—>msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
    Adobe Media Player—>MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
    Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    APC PowerChute Personal Edition—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5A0C892E-FD1C-4203-941E-0956AED20A6A}Setup.exe» -l0x19
    Apple Software Update—>MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
    ASUS Enhanced Display Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}setup.exe» -l0x19 -removeonly
    ASUS nVIDIA Driver—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1049
    EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{67EDD823-135A-4D59-87BD-950616D6E857}SETUP.EXE» -l0x19 -UnInstall
    EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}SETUP.EXE» -l0x19 UNINST
    EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E86BC406-944E-41F6-ADE6-2C136734C96B}Setup.exe» -l0x19 UNINST
    EPSON Image Clip Palette—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{314F6D08-A8B7-11D8-8446-0050BA1D384D}Setup.exe» -l0x19 -u
    EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
    EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
    EPSON Scan—>C:Program Filesepsonescndvsetupsetup.exe /r
    EPSON Web-To-Page—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE» -l0x19 -anything
    ESCX4700_4100 Руководство пользователя—>C:Program FilesEPSONTPMANUALESCX4700_4100_RUSUSE_GDOCUNINS.EXE
    ESET Smart Security—>MsiExec.exe /I{373EDBBD-6399-4B26-B403-D704814245ED}
    Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
    High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
    HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
    Hotfix for Windows XP (KB915865)—>»C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe»
    Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
    ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
    ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
    Internet Security (1.1.2.0)—>»c:program filesInternet Antivirus Prounins000.exe»
    K-Lite Codec Pack 4.7.0 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
    Mail.Ru Агент 5.4 (сборка 2647, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
    Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
    Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
    Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
    Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
    MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MultiLex 3.0 (English-Russian)—>C:WINDOWSISUN0419.EXE -f»C:Program FilesMediaLinguaMultiLex3.0erUninst.isu» -c»C:Program FilesMediaLinguaMultiLex3.0erMLUnSup.dll»
    My Web Search (Popular Screensavers)—>rundll32 C:PROGRA~1MYWEBS~1bar1.binmwsbar.dll,O
    NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
    PIF DESIGNER—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B90450DF-E781-46FD-B1F1-0C86DA40E443}SETUP.EXE» -l0x19 anything
    Printbook.ru Photobook Editor—>»C:Program FilesPrintbook.ru Photobook Editorunins000.exe»
    QuickTime—>MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
    REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
    SAMSUNG Mobile Modem Driver Set—>C:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
    Samsung Mobile phone USB driver Software—>C:WINDOWSsystem32Samsung_USB_Drivers5SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software—>C:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
    Samsung PC Studio 3—>»C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -runfromtemp -l0x0009 -removeonly
    Samsung Samples Installer—>»C:Program FilesInstallShield Installation Information{7AC15160-A49B-4A89-B181-D4619C025FFF}setup.exe» -runfromtemp -l0x0009 -removeonly
    SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
    USB CASIO Digital Camera Device Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}Setup.exe» -uninst
    uTorrent [tfile.ru edition]—>C:Program FilesuTorrent [tfile.ru]uninstall.exe
    Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
    Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
    Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
    Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
    WinRAR archiver—>C:Program FilesWinRARuninstall.exe
    Исправление для Windows XP (KB914440)—>»C:WINDOWS$NtUninstallKB914440$spuninstspuninst.exe»
    Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
    Исправление для проигрывателя Windows Media 11 — (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
    Обновление безопасности для Windows XP — (KB923689)—>»C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
    Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB890046)—>»C:WINDOWS$NtUninstallKB890046$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB893756)—>»C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB896358)—>»C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB896423)—>»C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB896424)—>»C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB896428)—>»C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB899587)—>»C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB899589)—>»C:WINDOWS$NtUninstallKB899589$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB899591)—>»C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB900725)—>»C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB901017)—>»C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB901214)—>»C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB902400)—>»C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB904706)—>»C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB905414)—>»C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB905749)—>»C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB908519)—>»C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB911562)—>»C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB911567)—>»C:WINDOWS$NtUninstallKB911567$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB911927)—>»C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB912919)—>»C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB913580)—>»C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB914388)—>»C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB914389)—>»C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB917344)—>»C:WINDOWS$NtUninstallKB917344$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB917422)—>»C:WINDOWS$NtUninstallKB917422$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB917953)—>»C:WINDOWS$NtUninstallKB917953$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB918118)—>»C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB918439)—>»C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB918899)—>»C:WINDOWS$NtUninstallKB918899$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB919007)—>»C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB920213)—>»C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB920214)—>»C:WINDOWS$NtUninstallKB920214$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB920670)—>»C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB920683)—>»C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB920685)—>»C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB921398)—>»C:WINDOWS$NtUninstallKB921398$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB921503)—>»C:WINDOWS$NtUninstallKB921503$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB921883)—>»C:WINDOWS$NtUninstallKB921883$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB922616)—>»C:WINDOWS$NtUninstallKB922616$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB922760)—>»C:WINDOWS$NtUninstallKB922760$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB922819)—>»C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB923191)—>»C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB923414)—>»C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB923694)—>»C:WINDOWS$NtUninstallKB923694$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
    Обновление безопасности для Windows XP (KB923980)—>»C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB924191)—>»C:WINDOWS$NtUninstallKB924191$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB924270)—>»C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB924496)—>»C:WINDOWS$NtUninstallKB924496$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB924667)—>»C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB925454)—>»C:WINDOWS$NtUninstallKB925454$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB925486)—>»C:WINDOWS$NtUninstallKB925486$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB925902)—>»C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB926255)—>»C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB926436)—>»C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB927779)—>»C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB927802)—>»C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB928090)—>»C:WINDOWS$NtUninstallKB928090$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB928255)—>»C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB928843)—>»C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB929123)—>»C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB929969)—>»C:WINDOWS$NtUninstallKB929969$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB930178)—>»C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB931261)—>»C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB931768)—>»C:WINDOWS$NtUninstallKB931768$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB931784)—>»C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB932168)—>»C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB933566)—>»C:WINDOWS$NtUninstallKB933566$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB933729)—>»C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB935839)—>»C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB935840)—>»C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB936021)—>»C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB937143)—>»C:WINDOWS$NtUninstallKB937143$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB937894)—>»C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB938127)—>»C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB938829)—>»C:WINDOWS$NtUninstallKB938829$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB939653)—>»C:WINDOWS$NtUninstallKB939653$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB941202)—>»C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB941568)—>»C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB941644)—>»C:WINDOWS$NtUninstallKB941644$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB941693)—>»C:WINDOWS$NtUninstallKB941693$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB942615)—>»C:WINDOWS$NtUninstallKB942615$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB943055)—>»C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB943460)—>»C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB943485)—>»C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB944338)—>»C:WINDOWS$NtUninstallKB944338$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB944533)—>»C:WINDOWS$NtUninstallKB944533$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB944653)—>»C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB945553)—>»C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB946026)—>»C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB947864)—>»C:WINDOWS$NtUninstallKB947864$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB948590)—>»C:WINDOWS$NtUninstallKB948590$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB948881)—>»C:WINDOWS$NtUninstallKB948881$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950749)—>»C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950759)—>»C:WINDOWS$NtUninstallKB950759$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB953838)—>»C:WINDOWS$NtUninstallKB953838$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956390)—>»C:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media — (KB911564)—>»C:WINDOWS$NtUninstallKB911564$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media 11 — (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media 6.4 — (KB925398)—>»C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media 9 — (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP9$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media 9 — (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP9$spuninstspuninst.exe»
    Обновление для Windows XP (KB894391)—>»C:WINDOWS$NtUninstallKB894391$spuninstspuninst.exe»
    Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
    Обновление для Windows XP (KB900485)—>»C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe»
    Обновление для Windows XP (KB904942)—>»C:WINDOWS$NtUninstallKB904942$spuninstspuninst.exe»
    Обновление для Windows XP (KB908531)—>»C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe»
    Обновление для Windows XP (KB910437)—>»C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe»
    Обновление для Windows XP (KB911280)—>»C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe»
    Обновление для Windows XP (KB916595)—>»C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe»
    Обновление для Windows XP (KB920872)—>»C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe»
    Обновление для Windows XP (KB922582)—>»C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe»
    Обновление для Windows XP (KB927891)—>»C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe»
    Обновление для Windows XP (KB929338)—>»C:WINDOWS$NtUninstallKB929338$spuninstspuninst.exe»
    Обновление для Windows XP (KB930916)—>»C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe»
    Обновление для Windows XP (KB931836)—>»C:WINDOWS$NtUninstallKB931836$spuninstspuninst.exe»
    Обновление для Windows XP (KB933360)—>»C:WINDOWS$NtUninstallKB933360$spuninstspuninst.exe»
    Обновление для Windows XP (KB936357)—>»C:WINDOWS$NtUninstallKB936357$spuninstspuninst.exe»
    Обновление для Windows XP (KB938828)—>»C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe»
    Обновление для Windows XP (KB942763)—>»C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe»
    Обновление для Windows XP (KB942840)—>»C:WINDOWS$NtUninstallKB942840$spuninstspuninst.exe»
    Обновление для Windows XP (KB946627)—>»C:WINDOWS$NtUninstallKB946627$spuninstspuninst.exe»
    Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
    Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
    Пакет исправлений для Windows XP — KB873339—>C:WINDOWS$NtUninstallKB873339$spuninstspuninst.exe
    Пакет исправлений для Windows XP — KB885835—>C:WINDOWS$NtUninstallKB885835$spuninstspuninst.exe
    Пакет исправлений для Windows XP — KB885836—>C:WINDOWS$NtUninstallKB885836$spuninstspuninst.exe
    Пакет исправлений для Windows XP — KB886185—>C:WINDOWS$NtUninstallKB886185$spuninstspuninst.exe
    Пакет исправлений для Windows XP — KB887472—>C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exe
    Пакет исправлений для Windows XP — KB888302—>C:WINDOWS$NtUninstallKB888302$spuninstspuninst.exe
    Пакет исправлений для Windows XP — KB890859—>»C:WINDOWS$NtUninstallKB890859$spuninstspuninst.exe»
    Пакет исправлений для Windows XP — KB891781—>C:WINDOWS$NtUninstallKB891781$spuninstspuninst.exe
    Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall

    ======Security center information======

    AV: ESET Smart Security 3.0 (outdated)
    FW: Персональный файервол ESET

    ======System event log======

    Computer Name: COMPUTER
    Event Code: 11
    Message: Драйвер обнаружил ошибку контроллера DeviceHarddisk1D.

    Record Number: 23347
    Source Name: Disk
    Time Written: 20090315101934.000000+180
    Event Type: ошибка
    User:

    Computer Name: COMPUTER
    Event Code: 11
    Message: Драйвер обнаружил ошибку контроллера DeviceHarddisk1D.

    Record Number: 23346
    Source Name: Disk
    Time Written: 20090315101933.000000+180
    Event Type: ошибка
    User:

    Computer Name: COMPUTER
    Event Code: 11
    Message: Драйвер обнаружил ошибку контроллера DeviceHarddisk1D.

    Record Number: 23345
    Source Name: Disk
    Time Written: 20090315101932.000000+180
    Event Type: ошибка
    User:

    Computer Name: COMPUTER
    Event Code: 11
    Message: Драйвер обнаружил ошибку контроллера DeviceHarddisk1D.

    Record Number: 23344
    Source Name: Disk
    Time Written: 20090315101931.000000+180
    Event Type: ошибка
    User:

    Computer Name: COMPUTER
    Event Code: 11
    Message: Драйвер обнаружил ошибку контроллера DeviceHarddisk1D.

    Record Number: 23343
    Source Name: Disk
    Time Written: 20090315101930.000000+180
    Event Type: ошибка
    User:

    =====Application event log=====

    Computer Name: COMPUTER
    Event Code: 1000
    Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
    Данные записи содержат новые значение индекса,
    назначенного этой службе.

    Record Number: 5
    Source Name: LoadPerf
    Time Written: 20061017161918.000000+240
    Event Type: информация
    User:

    Computer Name: COMPUTER
    Event Code: 1000
    Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
    Данные записи содержат новые значение индекса,
    назначенного этой службе.

    Record Number: 4
    Source Name: LoadPerf
    Time Written: 20061017161916.000000+240
    Event Type: информация
    User:

    Computer Name: COMPUTER
    Event Code: 1000
    Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
    Данные записи содержат новые значение индекса,
    назначенного этой службе.

    Record Number: 3
    Source Name: LoadPerf
    Time Written: 20061017161816.000000+240
    Event Type: информация
    User:

    Computer Name: COMPUTER
    Event Code: 1000
    Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
    Данные записи содержат новые значение индекса,
    назначенного этой службе.

    Record Number: 2
    Source Name: LoadPerf
    Time Written: 20061017161751.000000+240
    Event Type: информация
    User:

    Computer Name: COMPUTER
    Event Code: 1000
    Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
    Данные записи содержат новые значение индекса,
    назначенного этой службе.

    Record Number: 1
    Source Name: LoadPerf
    Time Written: 20061017161750.000000+240
    Event Type: информация
    User:

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAdobeAGL;%PIXIEHOME%bin;C:Program FilesSamsungSamsung PC Studio 3;C:Program FilesQuickTimeQTSystem
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=6
    «PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    «PROCESSOR_REVISION»=0f06
    «NUMBER_OF_PROCESSORS»=2
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP
    «SHADERS»=%PIXIEHOME%shaders
    «CLASSPATH»=.;C:Program FilesQuickTimeQTSystemQTJava.zip
    «QTJAVA»=C:Program FilesQuickTimeQTSystemQTJava.zip

    EOF


    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by User at 2009-05-11 18:22:42
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 39 GB (77%) free of 50 GB
    Total RAM: 1023 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:22:58, on 11.05.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesAnalog DevicesCoresmax4pnp.exe
    C:Program FilesAnalog DevicesSoundMAXSmax4.exe
    C:WINDOWSsystem32RUNDLL32.EXE
    C:Program FilesMail.RuAgentMAgent.exe
    C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE
    C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    C:Program FilesQuickTimeqttask.exe
    C:Program FilesESETESET Smart Securityegui.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesICQ6.5ICQ.exe
    C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe
    C:program filesInternet Antivirus ProIAPro.exe
    C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
    C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
    C:WINDOWSATKKBService.exe
    C:Program FilesESETESET Smart Securityekrn.exe
    C:Program FilesICQ6ToolbarICQ Service.exe
    C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSsystem32nvsvc32.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesInternet ExplorerIEXPLORE.EXE
    C:WINDOWSsystem32wuauclt.exe
    C:Documents and SettingsUserРабочий столRSIT.exe
    C:Program Filestrend microUser.exe

    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.15.127.55:8080
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
    R3 — URLSearchHook: (no name) — {00A6FAF6-072E-44cf-8957-5838F569A31D} — C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    R3 — URLSearchHook: (no name) — — (no file)
    O2 — BHO: MyWebSearch Search Assistant BHO — {00A6FAF1-072E-44cf-8957-5838F569A31D} — C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
    O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:PROGRA~1ICQTOO~1toolbaru.dll
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
    O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
    O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
    O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
    O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
    O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
    O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [EPSON Stylus CX4700 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE /P26 «EPSON Stylus CX4700 Series» /O6 «USB001» /M «Stylus CX4700»
    O4 — HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [Tok-Cirrhatus-1398] «C:Documents and SettingsUserLocal SettingsApplication Databr3819on.exe»
    O4 — HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
    O4 — HKCU..Run: [Microsoft Windows logon process] C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe
    O4 — HKCU..Run: [Internet Antivirus Pro] «C:program filesInternet Antivirus ProIAPro.exe» /s
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O4 — Global Startup: APC UPS Status.lnk = ?
    O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
    O8 — Extra context menu item: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm707YYRU
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O16 — DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=67633
    O16 — DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} — http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
    O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O17 — HKLMSystemCCSServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O17 — HKLMSystemCS1ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O17 — HKLMSystemCS2ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
    O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
    O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINDOWSATKKBService.exe
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Guard Service (ITGrdEngine) — Unknown owner — C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: System Scheduler — Unknown owner — C:WINDOWSOffline Web Pagessvchost.exe (file missing)
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

    —
    End of file — 10405 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00A6FAF1-072E-44cf-8957-5838F569A31D}]
    MyWebSearch Search Assistant BHO — C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL [2007-12-24 57344]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
    XTTBPos00 Class — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
    «SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-03-09 7561216]
    «NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-03-09 86016]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
    «EPSON Stylus CX4700 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE [2005-02-02 98304]
    «MyWebSearch Email Plugin»=C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe [2007-12-24 28672]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
    «QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-04-27 282624]
    «egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-06-10 1447168]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
    «Tok-Cirrhatus-1398″=C:Documents and SettingsUserLocal SettingsApplication Databr3819on.exe []
    «Tok-Cirrhatus»= []
    «MyWebSearch Email Plugin»=C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe [2007-12-24 28672]
    «ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]
    «Microsoft Windows logon process»=C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe [2009-05-11 28672]
    «Internet Antivirus Pro»=C:program filesInternet Antivirus ProIAPro.exe [2009-05-11 1583104]

    C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
    APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exe

    C:Documents and SettingsUserГлавное менюПрограммыАвтозагрузка
    Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «DisableRegistryTools»=1
    «DisableCMD»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145
    «NoFolderOptions»=1

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
    «C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
    «C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
    «C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d02a56f1-a0e4-11dd-92e1-001731823e02}]
    shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fe9c3a02-fe6e-11dc-9291-001731823e02}]
    shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe

    ======List of files/folders created in the last 1 months======

    2009-05-11 18:22:42 —-D—- C:rsit
    2009-05-11 18:22:42 —-D—- C:Program Filestrend micro
    2009-05-11 17:58:35 —-D—- C:Avenger
    2009-05-11 17:58:35 —-A—- C:avenger.txt
    2009-05-11 11:38:16 —-A—- C:WINDOWSsystem32log.txt
    2009-05-11 11:38:09 —-D—- C:Documents and SettingsUserApplication DataInternet Antivirus Pro
    2009-05-11 11:38:07 —-D—- C:Program FilesInternet Antivirus Pro
    2009-05-11 08:42:10 —-A—- C:Program FilesCommon FilesInternetAntivirusPro.exe
    2009-05-11 08:42:01 —-A—- C:Program FilesCommon Filesfile.exe

    ======List of files/folders modified in the last 1 months======

    2009-05-11 18:22:42 —-RD—- C:Program Files
    2009-05-11 18:22:42 —-D—- C:WINDOWSTemp
    2009-05-11 17:58:35 —-D—- C:WINDOWSsystem32drivers
    2009-05-11 17:57:23 —-A—- C:WINDOWSSchedLgU.Txt
    2009-05-11 17:32:58 —-SHD—- C:WINDOWSInstaller
    2009-05-11 17:27:38 —-D—- C:Program FilesCASIO
    2009-05-11 17:27:09 —-HD—- C:Program FilesInstallShield Installation Information
    2009-05-11 17:26:48 —-D—- C:WINDOWSPrefetch
    2009-05-11 17:18:23 —-D—- C:WINDOWS
    2009-05-11 17:09:44 —-D—- C:WINDOWSsystem32
    2009-05-11 17:07:19 —-D—- C:Program FilesЭнциклопедия пиратства
    2009-05-11 11:37:55 —-D—- C:Program FilesCommon Files
    2009-05-07 16:38:43 —-D—- C:Documents and SettingsUserApplication DatauTorrent

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-06-10 53256]
    R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-06-10 54280]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
    R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
    R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-06-10 39944]
    R2 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
    R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-06-10 71688]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
    R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
    R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-06-10 30728]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
    R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
    R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-03-09 3650368]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-04-06 81664]
    R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
    R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
    R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-18 26496]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
    S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWSsystem32DRIVERSHidBatt.sys [2001-08-17 19200]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
    S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
    S3 QV2KUX;Casio цифровая камера; C:WINDOWSsystem32DRIVERSqv2kux.sys [2001-08-17 3328]
    S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023k.sys [2002-08-12 11136]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
    S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
    R2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWSATKKBService.exe [2005-10-18 241152]
    R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-06-10 468224]
    R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
    R2 ITGrdEngine;Guard Service; C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe [2009-05-11 193536]
    R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-03-09 143436]
    S2 System Scheduler;System Scheduler; C:WINDOWSOffline Web Pagessvchost.exe []
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-12-27 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-06-10 19200]
    S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-03-18 138168]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]

    EOF

    13 мая, 2009 в 4:04 пп #23849
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
    Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.

    Жду от вас MBAM лог + свежий RSIT лог (только log.txt).

    13 мая, 2009 в 4:47 пп #23850
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Огромное спасибо за быстрый ответ! Проделала всё что Вы просили.

    Malwarebytes’ Anti-Malware 1.36
    Версия базы данных: 2124
    Windows 5.1.2600 Service Pack 2

    13.05.2009 20:35:21
    mbam-log-2009-05-13 (20-35-21).txt
    Тип проверки: Полная (C:|D:|E:|F:|)
    Проверено объектов: 161867
    Прошло времени: 19 minute(s), 59 second(s)

    Заражено процессов в памяти: 3
    Заражено модулей в памяти: 1
    Заражено ключей реестра: 154
    Заражено значений реестра: 13
    Заражено параметров реестра: 5
    Заражено папок: 23
    Заражено файлов: 104

    Заражено процессов в памяти:
    C:program filesInternet Antivirus ProIAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.
    C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe (Trojan.Agent) -> Unloaded process successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Заражено модулей в памяти:
    C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (Adware.MyWeb) -> Delete on reboot.

    Заражено ключей реестра:
    HKEY_CLASSES_ROOTCLSID{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTfunwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTmywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTscreensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTscreensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTInterface{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypeLib{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypelib{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypelib{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypelib{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypelib{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTTypelib{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesITGrdEngine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternet antivirus pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesitgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESYSTEMControlSet002Servicesitgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTMIMEDatabaseContent Typeapplication/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftMultimediaWMPlayerSchemesf3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsMyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeWordAddinsMyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREFun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREFocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREFun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOTCLSID{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

    Заражено значений реестра:
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarShellBrowser{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRuninternet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmicrosoft windows logon process (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMenuExt&Search (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows MediaWMSDKSourcesf3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost PlatformFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunTok-Cirrhatus (Worm.Brontok) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionservicesdel (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRuntok-cirrhatus-1398 (Worm.Brontok) -> Quarantined and deleted successfully.

    Заражено параметров реестра:
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Заражено папок:
    C:Documents and SettingsUserApplication DataInternet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus Prodb (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Prodb (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProLanguages (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
    C:Program FilesMyWebSearchbar (Adware.MyWebSearch) -> Delete on reboot.
    C:Program FilesMyWebSearchbar1.bin (Adware.MyWebSearch) -> Delete on reboot.
    C:Program FilesMyWebSearchbarAvatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarGame (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarHistory (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbaricons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarMessage (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchSrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchSrchAstt1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsScreenSaverImages (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsShared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsSharedCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Заражено файлов:
    C:Program FilesMyWebSearchbar1.binMWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
    C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE (Adware.MyWeb) -> Delete on reboot.
    C:Program FilesMyWebSearchbar1.binF3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesCommon FilesInternetAntivirusPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3IDLE.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3IMPIPE.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3SKPLAY.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3SLSRCH.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:System Volume Information_restore{4FC7A551-9B78-4BD4-BDBC-1455C28A732D}RP457A0060132.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus Prosettings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus Prouill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus Prounins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus ProUninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus Proupdateloadlist.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus Prodbconfig.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus ProdbTimeout.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataInternet Antivirus ProdbUrls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Proactivate.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProExplorer.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProIAPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Prounins000.dat (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Prouninstall.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Proworking.log (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProdbDBInfo.ver (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Prodbia080614.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus Prodbia080618x.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProLanguagesIAEs.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProLanguagesIAFr.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProLanguagesIAGer.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesInternet Antivirus ProLanguagesIAIt.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:Program FilesMyWebSearchbar1.binF3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binF3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbar1.binM3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarAvatarCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache06138DA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache0613AAF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache0613C07.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache0613D6E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache0F56D48 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache3C1C8BC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache7CC24B2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache7CC2713.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache7CC2945.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCache7CC2B78.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarCachefiles.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarGameCHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarGameCHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarGameREVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarHistorysearch2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbariconsCM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbariconsMFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbariconsPSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbariconsSMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbariconsWB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbariconsZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarMessageCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierDOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierFISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierKUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierLIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierMAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierMAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierOPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierSEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarNotifierSURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarSettingsprevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarSettingssetting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarSettingssettings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesMyWebSearchbarSettingss_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsScreenSaverImages7CC0831.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsSharedCacheCursorManiaBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsSharedCacheCursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsSharedCacheSmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Program FilesFunWebProductsSharedCacheSmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataMicrosoftInternet ExplorerQuick LaunchInternet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowspguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Documents and SettingsAll UsersРабочий столInternet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:Program FilesCommon Filesfile.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
    C:Program FilesICQToolbartoolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

    13 мая, 2009 в 4:48 пп #23851
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by User at 2009-05-13 20:39:51
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 38 GB (77%) free of 50 GB
    Total RAM: 1023 MB (66% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:39:53, on 13.05.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesAnalog DevicesCoresmax4pnp.exe
    C:Program FilesAnalog DevicesSoundMAXSmax4.exe
    C:WINDOWSsystem32RUNDLL32.EXE
    C:Program FilesMail.RuAgentMAgent.exe
    C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE
    C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    C:Program FilesQuickTimeqttask.exe
    C:Program FilesESETESET Smart Securityegui.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesICQ6.5ICQ.exe
    C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
    C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
    C:WINDOWSATKKBService.exe
    C:Program FilesESETESET Smart Securityekrn.exe
    C:Program FilesICQ6ToolbarICQ Service.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSsystem32nvsvc32.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSsystem32NOTEPAD.EXE
    C:WINDOWSsystem32wuauclt.exe
    C:Documents and SettingsUserРабочий столRSIT.exe
    C:WINDOWSsystem32wuauclt.exe
    C:Program Filestrend microUser.exe

    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.15.127.55:8080
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    R3 — URLSearchHook: (no name) — — (no file)
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
    O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
    O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
    O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
    O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
    O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
    O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [EPSON Stylus CX4700 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE /P26 «EPSON Stylus CX4700 Series» /O6 «USB001» /M «Stylus CX4700»
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O4 — Global Startup: APC UPS Status.lnk = ?
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O16 — DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=67633
    O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O17 — HKLMSystemCCSServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O17 — HKLMSystemCS1ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O17 — HKLMSystemCS2ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
    O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
    O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINDOWSATKKBService.exe
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: System Scheduler — Unknown owner — C:WINDOWSOffline Web Pagessvchost.exe (file missing)
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

    —
    End of file — 8785 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
    «SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-03-09 7561216]
    «NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-03-09 86016]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
    «EPSON Stylus CX4700 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE [2005-02-02 98304]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
    «QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-04-27 282624]
    «egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-06-10 1447168]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
    «ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]

    C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
    APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exe

    C:Documents and SettingsUserГлавное менюПрограммыАвтозагрузка
    Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «DisableCMD»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145
    «NoFolderOptions»=0

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
    «C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
    «C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
    «C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d02a56f1-a0e4-11dd-92e1-001731823e02}]
    shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fe9c3a02-fe6e-11dc-9291-001731823e02}]
    shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe

    ======List of files/folders created in the last 1 months======

    2009-05-13 20:12:35 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
    2009-05-13 20:12:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2009-05-13 20:12:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
    2009-05-11 18:22:42 —-D—- C:rsit
    2009-05-11 18:22:42 —-D—- C:Program Filestrend micro
    2009-05-11 11:38:16 —-A—- C:WINDOWSsystem32log.txt

    ======List of files/folders modified in the last 1 months======

    2009-05-13 20:39:38 —-D—- C:WINDOWSTemp
    2009-05-13 20:38:17 —-RD—- C:Program Files
    2009-05-13 20:38:17 —-D—- C:WINDOWSsystem32drivers
    2009-05-13 20:36:06 —-A—- C:WINDOWSSchedLgU.Txt
    2009-05-13 20:35:55 —-D—- C:WINDOWSPrefetch
    2009-05-13 20:35:21 —-D—- C:WINDOWSsystem32
    2009-05-11 17:32:58 —-SHD—- C:WINDOWSInstaller
    2009-05-11 17:27:38 —-D—- C:Program FilesCASIO
    2009-05-11 17:27:09 —-HD—- C:Program FilesInstallShield Installation Information
    2009-05-11 17:18:23 —-D—- C:WINDOWS
    2009-05-11 17:07:19 —-D—- C:Program FilesЭнциклопедия пиратства
    2009-05-11 11:37:55 —-D—- C:Program FilesCommon Files
    2009-05-07 16:38:43 —-D—- C:Documents and SettingsUserApplication DatauTorrent

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-06-10 53256]
    R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-06-10 54280]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
    R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
    R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-06-10 39944]
    R2 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
    R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-06-10 71688]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
    R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
    R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-06-10 30728]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
    R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
    R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-03-09 3650368]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-04-06 81664]
    R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
    R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
    R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-18 26496]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
    S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWSsystem32DRIVERSHidBatt.sys [2001-08-17 19200]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
    S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
    S3 QV2KUX;Casio цифровая камера; C:WINDOWSsystem32DRIVERSqv2kux.sys [2001-08-17 3328]
    S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023k.sys [2002-08-12 11136]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
    S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
    R2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWSATKKBService.exe [2005-10-18 241152]
    R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-06-10 468224]
    R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
    R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-03-09 143436]
    S2 System Scheduler;System Scheduler; C:WINDOWSOffline Web Pagessvchost.exe []
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-12-27 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-06-10 19200]
    S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-03-18 138168]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]

    EOF

    15 мая, 2009 в 2:24 пп #23852
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    RSIT лог выглядит гораздо лучше.
    Судя по нему ваш компьютер ещё заражён autorun.inf трояном.
    Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

    * Отключите ваш антивирус.
    * Скачайте и запустите Flash_Disinfector.
    * По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

    Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

    Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
    Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

    :Processes
    
explorer.exe
    

    
:services
    
System Scheduler
    

    
:reg
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d02a56f1-a0e4-11dd-92e1-001731823e02}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fe9c3a02-fe6e-11dc-9291-001731823e02}]
    

    
:files
    
C:WINDOWSOffline Web Pagessvchost.exe
    
c:recycledsys.exe
    

    
:Commands
    
[emptytemp]
    
[start explorer]
    
[Reboot]

    Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
    По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

    Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSITлог.

    18 мая, 2009 в 1:10 пп #23853
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Лог OTMoveIt3

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========

    ServiceDriver System Scheduler deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d02a56f1-a0e4-11dd-92e1-001731823e02}\ deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fe9c3a02-fe6e-11dc-9291-001731823e02}\ deleted successfully.
    ========== FILES ==========
    File/Folder C:WINDOWSOffline Web Pagessvchost.exe not found.
    File/Folder c:recycledsys.exe not found.
    ========== COMMANDS ==========
    File delete failed. C:DOCUME~1UserLOCALS~1TempJET639C.tmp scheduled to be deleted on reboot.
    File delete failed. C:DOCUME~1UserLOCALS~1Temp~DFEC89.tmp scheduled to be deleted on reboot.
    User’s Temp folder emptied.
    User’s Internet Explorer cache folder emptied.
    File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5YH2FCZSVviewtopic[1].php scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    User’s Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    Network Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05182009_165758

    18 мая, 2009 в 1:11 пп #23854
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by User at 2009-05-18 17:10:16
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 39 GB (78%) free of 50 GB
    Total RAM: 1023 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:10:18, on 18.05.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesAnalog DevicesCoresmax4pnp.exe
    C:Program FilesAnalog DevicesSoundMAXSmax4.exe
    C:WINDOWSsystem32RUNDLL32.EXE
    C:Program FilesMail.RuAgentMAgent.exe
    C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE
    C:Program FilesQuickTimeqttask.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesICQ6.5ICQ.exe
    C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
    C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
    C:WINDOWSATKKBService.exe
    C:Program FilesICQ6ToolbarICQ Service.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSsystem32nvsvc32.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesInternet ExplorerIEXPLORE.EXE
    C:WINDOWSsystem32wuauclt.exe
    C:WINDOWSexplorer.exe
    C:Documents and SettingsUserРабочий столRSIT.exe
    C:Program Filestrend microUser.exe

    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.15.127.55:8080
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    R3 — URLSearchHook: (no name) — — (no file)
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
    O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
    O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
    O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
    O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
    O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
    O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [EPSON Stylus CX4700 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE /P26 «EPSON Stylus CX4700 Series» /O6 «USB001» /M «Stylus CX4700»
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
    O4 — HKLM..RunOnce: [OTMoveIt] C:Documents and SettingsUserРабочий столOTMoveIt3.exe
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O4 — Global Startup: APC UPS Status.lnk = ?
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O16 — DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=67633
    O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
    O17 — HKLMSystemCCSServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O17 — HKLMSystemCS1ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O17 — HKLMSystemCS2ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
    O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
    O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
    O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINDOWSATKKBService.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

    —
    End of file — 8291 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
    «SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-03-09 7561216]
    «NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-03-09 86016]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
    «EPSON Stylus CX4700 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE [2005-02-02 98304]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
    «QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-04-27 282624]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
    «OTMoveIt»=C:Documents and SettingsUserРабочий столOTMoveIt3.exe [2009-05-18 389632]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
    «ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]

    C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
    APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exe

    C:Documents and SettingsUserГлавное менюПрограммыАвтозагрузка
    Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «DisableCMD»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=36
    «NoDriveAutoRun»=FFFFFFFF

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
    «C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
    «C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
    «C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    ======List of files/folders created in the last 1 months======

    2009-05-18 16:57:58 —-D—- C:_OTMoveIt
    2009-05-18 16:48:43 —-RASHD—- C:autorun.inf
    2009-05-13 20:12:35 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
    2009-05-13 20:12:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2009-05-13 20:12:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
    2009-05-11 18:22:42 —-D—- C:rsit
    2009-05-11 18:22:42 —-D—- C:Program Filestrend micro
    2009-05-11 11:38:16 —-A—- C:WINDOWSsystem32log.txt

    ======List of files/folders modified in the last 1 months======

    2009-05-18 17:00:15 —-D—- C:WINDOWSTemp
    2009-05-18 16:57:09 —-D—- C:WINDOWSPrefetch
    2009-05-18 16:55:56 —-D—- C:WINDOWS
    2009-05-18 16:53:25 —-A—- C:WINDOWSSchedLgU.Txt
    2009-05-18 11:08:28 —-D—- C:WINDOWSsystem32
    2009-05-13 21:07:53 —-RD—- C:Program Files
    2009-05-13 21:05:11 —-SHD—- C:WINDOWSInstaller
    2009-05-13 21:04:56 —-HD—- C:WINDOWSinf
    2009-05-13 21:04:56 —-D—- C:WINDOWSsystem32drivers
    2009-05-13 21:04:52 —-D—- C:WINDOWSsystem32CatRoot2
    2009-05-11 17:27:38 —-D—- C:Program FilesCASIO
    2009-05-11 17:27:09 —-HD—- C:Program FilesInstallShield Installation Information
    2009-05-11 11:37:55 —-D—- C:Program FilesCommon Files
    2009-05-07 16:38:43 —-D—- C:Documents and SettingsUserApplication DatauTorrent

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
    R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
    R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
    R2 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
    R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
    R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
    R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-03-09 3650368]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-04-06 81664]
    R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
    R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
    R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-18 26496]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
    S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWSsystem32DRIVERSHidBatt.sys [2001-08-17 19200]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
    S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
    S3 QV2KUX;Casio цифровая камера; C:WINDOWSsystem32DRIVERSqv2kux.sys [2001-08-17 3328]
    S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023k.sys [2002-08-12 11136]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
    S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
    R2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWSATKKBService.exe [2005-10-18 241152]
    R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
    R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-03-09 143436]
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-12-27 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
    S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-03-18 138168]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]

    EOF

    18 мая, 2009 в 1:16 пп #23855
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Компьютер почему то бывает с первого раза не перегружается, только со второго.
    И ещё раньше когда было 2 пользователя, то при переключении пользователей вообще экран становился полностью черным и ни на что не реагировал((( Приходилось грубо перезагружать. В итоге оставили одного пользователя, второго снесли(((. Но работать с одним не очень удобно.
    Не подскажете что это может быть?

    20 мая, 2009 в 2:39 пп #23856
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Проверим ещё одной программой.
    Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
    После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

    Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

    20 мая, 2009 в 3:18 пп #23857
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    ComboFix 09-05-19.08 — User 20.05.2009 19:01.1 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1023.635 [GMT 4:00]
    Running from: c:documents and settingsUserРабочий столComboFix.exe
    Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:program filesInternet Explorermsimg32.dll
    c:windowsIE4 Error Log.txt

    .
    ((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
    .

    2009-05-19 11:04 . 2009-05-19 11:04

    d-s—w c:documents and settingsUserUserData
    2009-05-18 12:57 . 2009-05-18 12:57

    d

    w C:_OTMoveIt
    2009-05-13 16:12 . 2009-05-13 16:12

    d

    w c:documents and settingsUserApplication DataMalwarebytes
    2009-05-13 16:12 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
    2009-05-13 16:12 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
    2009-05-13 16:12 . 2009-05-13 16:12

    d

    w c:documents and settingsAll UsersApplication DataMalwarebytes
    2009-05-13 16:12 . 2009-05-13 16:12

    d

    w c:program filesMalwarebytes’ Anti-Malware
    2009-05-11 14:31 . 2009-05-11 14:31

    d

    w c:documents and settingsUserLocal SettingsApplication DataWMTools Downloaded Files
    2009-05-11 14:22 . 2009-05-18 15:21

    d

    w c:program filestrend micro
    2009-05-11 14:22 . 2009-05-11 14:22

    d

    w C:rsit
    2009-05-11 13:56 . 2009-05-11 13:56 0 —-a-w C:backup.reg

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-11 13:27 . 2006-11-24 08:38

    d

    w c:program filesCASIO
    2009-05-11 13:27 . 2006-10-17 12:34

    d—h—w c:program filesInstallShield Installation Information
    2009-03-31 07:58 . 2004-08-18 12:00 65818 —-a-w c:windowssystem32perfc019.dat
    2009-03-31 07:58 . 2004-08-18 12:00 424538 —-a-w c:windowssystem32perfh019.dat
    2009-03-27 09:44 . 2009-03-27 09:44

    d

    w c:program filesK-Lite Codec Pack
    2009-03-25 08:43 . 2009-03-25 08:41

    d

    w c:program filesICQ6.5
    2009-03-25 08:42 . 2009-03-25 08:42

    d

    w c:program filesICQ6Toolbar
    2009-03-25 08:42 . 2008-02-13 10:07

    d

    w c:program filesICQ6
    2009-03-14 16:52 . 2009-03-14 16:52 127 —-a-w c:documents and settingsUserLocal SettingsApplication Datafusioncache.dat
    2004-08-18 12:00 . 2004-08-18 12:00 1392671 —sh—r c:windowssystem32msvbvm60.dll
    2006-10-17 12:34 . 2006-10-17 12:34 10 —sh—r c:windowssystem32sistem.sys
    .

    Sigcheck


    [-] 2008-04-14 16:11 509440 B3B5D5855127E240C88451030AAEE76E c:windowsSoftwareDistributionDownloadf0863ff04d4c2c949d9b79bc2578502bwinlogon.exe
    [-] 2006-10-17 08:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
    «ICQ»=»c:program filesICQ6.5ICQ.exe» [2009-03-01 172792]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
    «NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-03-09 7561216]
    «NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-03-09 86016]
    «MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-03-31 6210744]
    «EPSON Stylus CX4700 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_FATIADP.EXE» [2005-02-02 98304]
    «Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
    «QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2007-04-27 282624]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]

    c:documents and settingsUserѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
    Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664]

    c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
    APC UPS Status.lnk — c:program filesAPCAPC PowerChute Personal EditionDisplay.exe [2006-11-12 221247]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    «AntiVirusOverride»=dword:00000001
    «FirewallOverride»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «c:\Program Files\Mail.Ru\Agent\Magent.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=

    R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [25.03.2009 12:42 222456]
    S3 zdcdcdrv;ZyXEL USB modem Driver;c:windowssystem32driverszdcdcdrv.sys [10.11.2006 1:49 17664]
    .
    Contents of the ‘Scheduled Tasks’ folder

    2009-04-29 c:windowsTasksAppleSoftwareUpdate.job
    — c:program filesApple Software UpdateSoftwareUpdate.exe [2007-01-10 11:42]
    .
    — — — — ORPHANS REMOVED — — — —

    Notify-WgaLogon — (no file)

    .

    Supplementary Scan

    .
    uStart Page = hxxp://www.yandex.ru/
    uInternet Settings,ProxyServer = 212.15.127.55:8080
    IE: &Search
    IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
    IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
    TCP: {78A1CBD7-148F-4AD8-9E0E-16E35EEE372C} = 212.15.127.1,212.15.122.253
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-20 19:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    Completion time: 2009-05-20 19:02
    ComboFix-quarantined-files.txt 2009-05-20 15:02

    Pre-Run: 40 738 443 264 байт свободно
    Post-Run: 40 862 400 512 байт свободно

    WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
    [operating systems]
    c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect

    113 — E O F — 2009-03-31 07:54

    20 мая, 2009 в 3:25 пп #23858
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Лог выглядит нормально.

    Компьютер почему то бывает с первого раза не перегружается, только со второго.

    То есть выбираете перезагрузку компьютера, а ничего не происходит ?

    20 мая, 2009 в 3:48 пп #23859
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Нет, он вначале начинает перезагружать, т.е. завершает работу windows, экран гаснет, а потом не может загрузиться((( Белый экран, написано asus. Так опять было после сканирования ComboFix. Сейчас попыталась снова перезагрузить, всё нормально 🙄
    Валерий, а то что я загрузила нужно оставить на компьютере? (RSIT, Flash_Disinfector, OTMoveIt3, ComboFix, Malwarebytes’ Anti-Malware). И WindowsXP-KB310994-SP2-Pro-BootDisk-RUS оставлять? В дальнейшем как часто Вы советуете проверять и лечить компьютер и какой программой?

    22 мая, 2009 в 3:17 пп #23860
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Несколько завершающих действий.

    1. Обновите ваши программы.
    Зайдите на сайт update.microsoft.com и обновите Windows.

    2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.

    Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.

    Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
    Удалите Avenger, RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.

    Оставьте программу Malwarebytes Anti-malware. Обновляйте эту программу время от времени, и выполняйте полное сканирование компьютера раз в неделю.

    3. Подойдите к защите вашего компьютера более серьёзно.

    Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ.

    Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую использовать только Оперу или Firefox.

    4. Создайте новую точку восстановления и удалите все старые.

    Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.

    После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.

    Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.

    5. И несколько дополнительных советов.

    Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.

    Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус (обновите обязательно, судя по RSIT логу это необходимо).

    Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.

    Всего доброго!

    25 мая, 2009 в 6:42 дп #23861
    Nadejda
    Participant
    • Темы:1
    • Сообщений:9
    • ☆

    Валерий, огромное Вам спасибо за помощь и советы! Очень рада что нашла ваш форум 🙂

  • Автор
    Сообщения
Просмотр 14 сообщений - с 1 по 14 (из 14 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 10 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 11 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    6 years, 1 month назад
  • Замучила реклама опубликовано Данила Беспятов
    6 years, 1 month назад
  • Замучила реклама опубликовано Марк
    5 years, 11 months назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years, 4 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    6 years, 1 month назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 5 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)