Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир.

[klimst]

Здравствуйте. Помогите пожалуйста. Видимо какой-то вирус. Все заблокировал. И диспетчер задач, и изменение реестра, антивирус NOD, KIS, AVZ, когда запускаю RSIT.exe пишет «Файл занят другой программой». Смог вылезти в диспетчер задач с помощью программы TuneUp Utilities.

[klimst]

Скачал снова RSIT Он запустился. Прикрепляю логи.

[klimst]

Просканировал GMER:

GMER 1.0.14.14536 — http://www.gmer.net
Rootkit scan 2009-02-21 15:49:11
Windows 5.1.2600 Service Pack 2

—- System — GMER 1.0.14 —-

SSDT SystemRootsystem32driversfwdrv.sys ZwCreateFile [0xF4C7E780]
SSDT spfl.sys ZwCreateKey [0xF77520E0]
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateProcess [0xF4C7F2E0]
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateProcessEx [0xF4C7F210]
SSDT SystemRootsystem32driversfwdrv.sys ZwCreateThread [0xF4C7F540]
SSDT spfl.sys ZwEnumerateKey [0xF776FCA2]
SSDT spfl.sys ZwEnumerateValueKey [0xF7770030]
SSDT spfl.sys ZwOpenKey [0xF77520C0]
SSDT spfl.sys ZwQueryKey [0xF7770108]
SSDT spfl.sys ZwQueryValueKey [0xF776FF88]
SSDT SystemRootsystem32driversfwdrv.sys ZwResumeThread [0xF4C7F590]
SSDT spfl.sys ZwSetValueKey [0xF777019A]

INT 0x62 ? 8538CBF8
INT 0x73 ? 85222BF8
INT 0x73 ? 85222BF8
INT 0x73 ? 85222BF8
INT 0x73 ? 85222BF8

—- Kernel code sections — GMER 1.0.14 —-

? spfl.sys Не удается найти указанный файл. !
PAGENDSM NDIS.sys!NdisMIndicateStatus F75B5A5F 6 Bytes JMP F4C7AE90 SystemRootsystem32driversfwdrv.sys
.text USBPORT.SYS!DllUnload F744762C 5 Bytes JMP 852221D8
? C:WINDOWSsystem32driverslllqni.sys Не удается найти указанный файл. !

—- Kernel IAT/EAT — GMER 1.0.14 —-

IAT WINDOWSSystem32DriversSCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 853912D8
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7753040] spfl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775313C] spfl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F77530BE] spfl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F77537FC] spfl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F77536D2] spfl.sys
IAT SystemRootsystem32DRIVERSUSBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 852222D8
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F4C7ADA0] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisDeregisterProtocol] [F4C7ADA0] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F4C7ADA0] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys

—- Devices — GMER 1.0.14 —-

Device FileSystemNtfs Ntfs 8538A1F8
Device FileSystemFastfat FatCdrom 84F86500

AttachedDevice DriverTcpip DeviceIp fwdrv.sys
AttachedDevice DriverTcpip DeviceIp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)

Device Driverusbohci DeviceUSBPDO-0 852211F8
Device Driverdmio DeviceDmControlDmIoDaemon 8538D1F8
Device Driverdmio DeviceDmControlDmConfig 8538D1F8
Device Driverdmio DeviceDmControlDmPnP 8538D1F8
Device Driverdmio DeviceDmControlDmInfo 8538D1F8
Device Driverusbohci DeviceUSBPDO-1 852211F8
Device Driverusbehci DeviceUSBPDO-2 8520A1F8

AttachedDevice DriverTcpip DeviceTcp fwdrv.sys
AttachedDevice DriverTcpip DeviceTcp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)

Device DriverNetBT DeviceNetBT_Tcpip_{01C01F3C-AF9D-49E3-9D90-2993EF3D3D6E} 8501C500
Device DriverFtdisk DeviceHarddiskVolume1 8538E1F8
Device DriverCdrom DeviceCdRom0 851FE500
Device Driveratapi DeviceIdeIdePort0 8538C1F8
Device Driveratapi DeviceIdeIdeDeviceP0T0L0-4 8538C1F8
Device Driveratapi DeviceIdeIdePort1 8538C1F8
Device Driveratapi DeviceIdeIdeDeviceP0T1L0-c 8538C1F8
Device DriverUSBSTOR Device0000068 84F78500
Device DriverUSBSTOR Device0000069 84F78500
Device DriverNetBT DeviceNetBt_Wins_Export 8501C500
Device DriverNetBT DeviceNetbiosSmb 8501C500

AttachedDevice DriverTcpip DeviceUdp fwdrv.sys
AttachedDevice DriverTcpip DeviceUdp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)
AttachedDevice DriverTcpip DeviceRawIp fwdrv.sys
AttachedDevice DriverTcpip DeviceRawIp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)

Device Driverusbohci DeviceUSBFDO-0 852211F8
Device Driverusbohci DeviceUSBFDO-1 852211F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 85197500
Device Driverusbehci DeviceUSBFDO-2 8520A1F8
Device FileSystemMRxSmb DeviceLanmanRedirector 85197500
Device DriverFtdisk DeviceFtControl 8538E1F8
Device FileSystemFastfat Fat 84F86500
Device FileSystemCdfs Cdfs 84F94500

—- Registry — GMER 1.0.14 —-

Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@304324-?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetServiceslanmanserverShares@374@484=4B0454@4 CSCFlags=0?MaxUses=4294967295?Path=????????? ? OneNote 2007,LocalsplOnly?Permissions=0?Remark=????????? ? OneNote 2007?Type=1?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@304324-?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ServiceslanmanserverShares@374@484=4B0454@4 CSCFlags=0?MaxUses=4294967295?Path=????????? ? OneNote 2007,LocalsplOnly?Permissions=0?Remark=????????? ? OneNote 2007?Type=1?
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@DeviceNotSelectedTimeout 15
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@GDIProcessHandleQuota 10000
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@Spooler yes
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@swapdisk
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@TransmissionRetryTimeout 90
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@USERProcessHandleQuota 10000

—- EOF — GMER 1.0.14 —-

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Судя по RSIT логу, ваш компьютер заражён несколькими троянами, включая autorun.inf троян.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

:Processes

explorer.exe



:services

abp470n5

sfc



:reg

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FBC934E6-6F95-4742-B6BC-F6E8D854C25D}]

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyctlsys]



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]

"DisableRegistryTools"=0

"DisableTaskMgr"=0



[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

"C:DOCUME~1ShtefanLOCALS~1Tempwinrrdfe.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwintotj.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinwgmlb.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempbcvf.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinsbeogw.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinalevc.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempxpbg.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinijrh.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempqcwb.exe"=-

"C:Program FilesPunto Switcherpunto.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinwjxd.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinigli.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinxwnbq.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Temppudq.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempvkklr.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempnlhvhm.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempxuin.exe"=-

"C:WINDOWSsystemsvhost.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempbbyhmj.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinxyvor.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinfjjhxs.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempftxjg.exe"=-

"C:WINDOWSSystem3286.scr"=-

"C:WINDOWSSystem3260.scr"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwintvyoh.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempxgqs.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwingynbx.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinmvun.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempocyhf.exe"=-

"C:WINDOWSSystem3267.scr"=-

"C:DOCUME~1ShtefanLOCALS~1Tempxmgewh.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinjlhuqm.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempfofnm.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempmyqu.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempsmcmni.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinfcfkix.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempfxls.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinpbdkjt.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempdidyg.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempsfxkbm.exe"=-

"C:WINDOWSSystem3255.scr"=-

"C:WINDOWSSystem3235.scr"=-

"C:WINDOWSSystem3253.scr"=-

"C:WINDOWSSystem3285.scr"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwingwobsb.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwylijy.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinqybmio.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempxuucg.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempcggnh.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempfwdwa.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinhwta.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinkbgw.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinbcyphh.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempsdpna.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempnpecmp.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinqgkw.exe"=-

"C:WINDOWSSystem3231.scr"=-

"C:WINDOWSSystem328.scr"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinocxyx.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempdjua.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinoqirh.exe"=-

"C:WINDOWSSystem3213.scr"=-

"C:WINDOWSSystem3265.scr"=-

"C:WINDOWSSystem3225.scr"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwingwastd.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinjundst.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinppdp.exe"=-

"C:WINDOWSsystem32sysmgr.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinudmwhq.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempvfrdsb.exe"=-

"C:DOCUME~1ShtefanLOCALS~1Tempwinyokhvm.exe"=-



[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1ade2b37-9ed8-11dd-b27a-008048db0b36}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{53d26d24-ba36-11dd-b2c0-008048db0b36}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{81711b40-de7b-11dd-b316-008048db0b36}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{af3f22b4-9e06-11dd-b275-008048db0b36}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd8fe6b4-b959-11dd-b2bc-008048db0b36}]



:files

C:WINDOWSsystem32driverssfc.sys

C:WINDOWSsystem32driverslllqni.sys

c:Recycled

E:Recycled

E:3wcxx91.cmd

F:cv22.cmd



:Commands

[emptytemp]

[start explorer]

[Reboot]

Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен вглядить так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.

[klimst]

Все сделал так как сказали.
Вот лог от OTMoveIt:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service abp470n5 .
Unable to stop service sfc .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FBC934E6-6F95-4742-B6BC-F6E8D854C25D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyctlsys\ deleted successfully.
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableRegistryTools»|0 /E : value set successfully!
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableTaskMgr»|0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinrrdfe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwintotj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinwgmlb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempbcvf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinsbeogw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinalevc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxpbg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinijrh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempqcwb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:Program FilesPunto Switcherpunto.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinwjxd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinigli.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinxwnbq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Temppudq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempvkklr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempnlhvhm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxuin.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystemsvhost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempbbyhmj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinxyvor.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinfjjhxs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempftxjg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3286.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3260.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwintvyoh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxgqs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwingynbx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinmvun.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempocyhf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3267.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxmgewh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinjlhuqm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempfofnm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempmyqu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempsmcmni.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinfcfkix.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempfxls.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinpbdkjt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempdidyg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempsfxkbm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3255.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3235.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3253.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3285.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwingwobsb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwylijy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinqybmio.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxuucg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempcggnh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempfwdwa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinhwta.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinkbgw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinbcyphh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempsdpna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempnpecmp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinqgkw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3231.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem328.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinocxyx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempdjua.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinoqirh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3213.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3265.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3225.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwingwastd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinjundst.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinppdp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32sysmgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinudmwhq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempvfrdsb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinyokhvm.exe deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1ade2b37-9ed8-11dd-b27a-008048db0b36}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{53d26d24-ba36-11dd-b2c0-008048db0b36}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{81711b40-de7b-11dd-b316-008048db0b36}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{af3f22b4-9e06-11dd-b275-008048db0b36}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd8fe6b4-b959-11dd-b2bc-008048db0b36}\ not found.
========== FILES ==========
File/Folder C:WINDOWSsystem32driverssfc.sys not found.
File/Folder C:WINDOWSsystem32driverslllqni.sys not found.
File/Folder c:Recycled not found.
File/Folder E:Recycled not found.
File/Folder E:3wcxx91.cmd not found.
File/Folder F:cv22.cmd not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1ShtefanLOCALS~1Tempkqfr.exe scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1ShtefanLOCALS~1Tempwinsngvy.exe scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_684.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004md.dat-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004url.ax-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004w.ax-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004wb.vx-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02232009_135018

[klimst]

А вот лог RSIT

[klimst]

что скажете?

[klimst]

А вот еще лог с СomboFix.

ComboFix 09-02-24.02 — Shtefan 2009-02-25 12:27:04.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.478.246 [GMT 3:00]
Running from: c:documents and settingsShtefanРабочий столComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystemsvhost.exe
c:windowssystem32driverssysdrv32.sys
c:windowssystem32sysmgr.exe
c:windowsTemp63.exe
F:autorun.inf . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_SYSDRV32

---

Service_sysdrv32

((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-03-21 13:33 . 2009-02-23 17:06

d

---

c:program filestrend micro
2009-03-21 12:15 . 2009-03-21 12:15 d

---

c:documents and settingsAll UsersApplication DataAgnitum
2009-02-25 12:14 . 2009-02-25 12:14 134,638 —a

---

c:documents and settingsShtefan123555324917012.exe
2009-02-25 11:03 . 2009-02-25 11:03 134,638 —a

---

c:documents and settingsShtefan123554899316468.exe
2009-02-25 08:16 . 2009-02-25 08:16 102,403 —a

---

c:windowssystem32msvcrt2.dll
2009-02-23 22:13 . 2009-02-23 22:13 d

---

c:program filesPunto Switcher
2009-02-23 20:42 . 2009-02-23 20:42 d

---

c:program filesWebTransporter Demo
2009-02-23 17:24 . 2009-02-25 12:22 7,168 —a

---

c:windowssystem32driversuti4njyy.sys
2009-02-23 17:09 . 2009-02-23 17:10 d

---

C:AppServ
2009-02-21 15:40 . 2009-02-21 15:40 250 —a

---

c:windowsgmer.ini
2009-02-21 00:08 . 2009-03-21 14:39 d

---

c:program filesXoftSpySE
2009-02-20 23:00 . 2009-02-20 23:00 121 —a

---

c:windowsrootkitno.ini
2009-02-20 22:35 . 2009-02-20 22:35 (2) -rahs-ot- c:windowswinstart.bat
2009-02-20 22:34 . 2009-02-21 14:51 d

---

c:program filesUnHackMe
2009-02-20 20:21 . 2009-02-20 20:21 138,734 —a

---

c:documents and settingsShtefan123515048615936.exe
2009-02-20 19:58 . 2009-02-20 19:58 142,830 —a

---

c:documents and settingsShtefan123514913617348.exe
2009-02-20 19:43 . 2009-02-20 19:43 26,624 —a

---

c:windowssystem3258.scr
2009-02-20 19:30 . 2009-02-20 19:30 146,926 —a

---

c:documents and settingsShtefan123514743916168.exe
2009-02-20 19:25 . 2009-02-20 19:25 134,638 —a

---

c:documents and settingsShtefan123514715715916.exe
2009-02-20 19:19 . 2009-02-20 19:19 134,638 —a

---

c:documents and settingsShtefan123514679715680.exe
2009-02-20 19:10 . 2009-02-20 19:10 134,638 —a

---

c:documents and settingsShtefan123514621015932.exe
2009-02-20 18:43 . 2009-02-20 18:43 26,624 —a

---

c:windowssystem3225.scr
2009-02-20 18:38 . 2009-02-20 18:38 26,624 —a

---

c:windowssystem3265.scr
2009-02-20 18:23 . 2009-02-20 18:23 26,624 —a

---

c:windowssystem3213.scr
2009-02-20 18:06 . 2009-02-20 18:06 26,624 —a

---

c:windowssystem3208.scr
2009-02-20 17:43 . 2009-02-20 17:43 26,624 —a

---

c:windowssystem3231.scr
2009-02-20 15:44 . 2001-08-17 21:52 18,688 —a—c— c:windowssystem32dllcachecdaudio.sys
2009-02-20 15:28 . 2009-02-20 15:28 d

---

c:program filesKaspersky Lab
2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox2.idx
2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox2.dat
2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox.idx
2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox.dat
2009-02-20 15:24 . 2009-02-20 15:24 d

---

c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-20 01:13 . 2009-02-20 01:13 26,624 —a

---

c:windowssystem3253.scr
2009-02-20 01:05 . 2009-02-20 01:05 26,624 —a

---

c:windowssystem3235.scr
2009-02-20 01:02 . 2009-02-20 01:02 26,624 —a

---

c:windowssystem3255.scr
2009-02-18 22:30 . 2009-02-18 22:30 d—h

---

c:windowsPIF
2009-02-18 17:14 . 2009-02-18 17:14 d—h

---

c:windowssystem32GroupPolicy
2009-02-18 17:01 . 2009-02-18 17:01 26,624 —a

---

c:windowssystem3267.scr
2009-02-18 16:56 . 2009-02-18 16:56 26,624 —a

---

c:windowssystem3260.scr
2009-02-18 16:27 . 2009-02-18 16:27 26,624 —a

---

c:windowssystem3286.scr
2009-02-18 16:11 . 2009-02-18 16:11 26,624 —a

---

c:windowssystem3222.scr
2009-02-18 16:07 . 2009-02-18 16:07 25,983 —a

---

c:windowssystem3207.scr
2009-02-18 13:52 . 2009-02-18 13:52 25,983 —a

---

c:windowssystem3248.scr
2009-02-18 13:46 . 2009-02-18 13:46 25,311 —a

---

c:windowssystem3283.scr
2009-02-18 01:12 . 1998-11-21 22:17 12,800 —a

---

c:windowssystem32Wing32.dll
2009-02-18 01:11 . 2009-02-18 01:11 d

---

c:program filesHeroes
2009-02-17 23:47 . 2009-02-17 23:47 716,272 —a

---

c:windowssystem32driverssptd.sys
2009-02-15 23:15 . 2009-03-21 12:04 d

---

c:documents and settingsShtefanApplication DataEltima Software
2009-02-13 20:43 . 2009-02-16 16:07 10 —a

---

c:windowsZendOptimizer.MemoryBase@Shtefan
2009-02-13 16:27 . 2009-02-23 17:24 9,216 —a

---

c:windowssystem32driversuji4njyy.sys
2009-02-11 00:27 . 2009-02-11 00:27 d

---

c:documents and settingsShtefanApplication DataApple Computer
2009-02-06 01:35 . 2009-02-06 01:41 d

---

c:documents and settingsAll UsersApplication DataGlobalSCAPE
2009-02-06 01:28 . 2009-02-06 14:22 d

---

c:program filesGlobalSCAPE
2009-02-06 01:28 . 2009-02-06 01:41 d

---

c:documents and settingsShtefanApplication DataGlobalSCAPE
2009-02-02 22:28 . 2009-02-02 22:28 d

---

c:program filesРуссобит-М
2009-02-02 17:17 . 2009-02-02 17:17 d

---

c:program filesCommon FilesICQ
2009-02-02 17:17 . 2009-02-23 20:04 d

---

c:documents and settingsShtefanApplication DataICQ
2009-02-02 17:16 . 2009-02-02 17:18 d

---

c:program filesICQLite
2009-01-30 13:27 . 2009-01-30 13:27 d

---

c:program filesCommon FilesBcgsoft
2009-01-28 19:30 . 2009-01-28 19:30 d

---

c:program filesMonopoly
2009-01-26 23:38 . 2009-01-26 23:38 3,041 —a

---

C:default
2009-01-25 16:35 . 2009-01-25 16:35 d

---

c:program filesMustek 1200 UB PLUS
2009-01-25 16:35 . 2000-06-01 14:11 176,128 —a

---

c:windowssystem32PuzzSaver.scr
2009-01-25 16:35 . 2000-06-01 14:10 172,032 —a

---

c:windowssystem32SpotSaver.scr
2009-01-25 16:35 . 1999-12-26 17:35 135,168 —a

---

c:windowssystem32ParaSaver.scr
2009-01-25 16:35 . 2000-08-18 13:57 17,524 —a

---

c:windowssystem32driversgt680x.sys
2009-01-25 16:35 . 2001-11-07 10:10 7,821 —a

---

c:windowssystem32driversSBfw.usb
2009-01-25 15:23 . 2009-01-25 15:23 0 —a

---

c:windowsWATCH.INI
2009-01-25 15:16 . 1995-05-23 00:00 776,240 —a

---

c:windowssystemLead52.dll
2009-01-25 15:16 . 2001-06-18 10:53 57,344 —a

---

c:windowssystembpenhan.dll
2009-01-25 15:16 . 2000-10-24 18:09 19,552 —a

---

c:windowssystem32SBUSD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 09:18

---

d

---

w c:program filessDC++
2009-02-24 13:12

---

d

---

w c:documents and settingsShtefanApplication DataSkype
2009-02-24 13:11

---

d

---

w c:documents and settingsShtefanApplication DataskypePM
2009-02-23 17:50

---

d

---

w c:program filesOpera
2009-02-23 14:02

---

d

---

w c:program filesKerio
2009-02-21 11:52

---

d

---

w c:program filesQIP
2009-02-11 12:06

---

d—h—w c:program filesInstallShield Installation Information
2009-01-25 12:35

---

d

---

w c:program filesiriver
2009-01-25 12:34

---

d

---

w c:program filesCommon FilesYandex
2009-01-23 22:11 1,629 —-a-w c:windowssystem32driversfwdrv.err
2009-01-12 16:35

---

d

---

w c:program filescfgame.ru
2008-12-29 21:26

---

d

---

w c:program filesKwyshell
2008-12-25 21:34

---

d

---

w c:program filesCommon FilesInstallShield
2008-12-25 17:15 22,131 —-a-w c:windowssystem32ctlsys.dll
2008-12-06 13:05 410,984 —-a-w c:windowssystem32deploytk.dll
.

---

Sigcheck

---

2004-09-17 14:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe

2004-08-17 14:04 93184 a90929e13ed8753245cd75f5bd1389e2 c:windowssystem32ctfmon.exe
2004-08-17 14:04 15360 cdc69c55cf6c39162451685020cf6f06 c:windowssystem32dllcachectfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 93184]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2008MemOptimizer.exe» [2007-12-24 198912]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-06-10 413696]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 109424]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-06 210328]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 100648]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowsSOUNDMAN.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 93184]

c:documents and settingsSunnyrainѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
clrav.com [2009-02-19 3568672]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskMgr»= 1 (0x1)
«DisableRegistryTools»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«WinampAgent»=»c:program filesWinampwinampa.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001
«UacDisableNotify»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«FirewallDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UacDisableNotify»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\QIP Infium\infium.exe»=
«c:\Program Files\sDC++\StrongDC.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Raymarine\Raymarine RayTech Navigator\raytechnavigator.exe»=
«c:\Program Files\ICQLite\ICQ.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\AppServ\Apache2.2\bin\httpd.exe»=
«c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe»=
«c:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe»=
«c:\WINDOWS\SOUNDMAN.EXE»=
«c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe»=
«c:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE»=
«c:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe»=
«c:\WINDOWS\System32\58.scr»=
«c:\WINDOWS\system32\Ati2evxx.exe»=
«c:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe»=
«c:\WINDOWS\System32\25.scr»=

R2 Apache2.2;Apache2.2;c:appservApache2.2binhttpd.exe [2008-01-17 98363]
R3 abp470n5;abp470n5;??c:windowssystem32driverslllqni.sys —> c:windowssystem32driverslllqni.sys [?]
R3 W840ND;Winbond W89C840 Based PCI Fast Ethernet адаптер;c:windowssystem32driversW840ND.sys [2008-10-18 19528]
S2 WindowsTelephony;Windows Telephony;»c:windowssystemsvhost.exe» —> c:windowssystemsvhost.exe [?]
S3 AVPsys;AVPsys;??c:windowssystem32driverscdaudio.sys —> c:windowssystem32driverscdaudio.sys [?]
S3 uji4njyy;AVZ-SG Kernel Driver;c:windowssystem32driversuji4njyy.sys [2009-02-13 9216]
S3 uti4njyy;AVZ Kernel Driver;c:windowssystem32driversuti4njyy.sys [2009-02-23 7168]

— Other Services/Drivers In Memory —

*Deregistered* — sfc

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder

2009-02-20 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClick.exe [2007-12-24 08:13]
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-Microsoft(R) System Manager — c:windowssystem32sysmgr.exe

.

---

Supplementary Scan

---

.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Скачать сайт при помощи WebTransporter — c:program filesWebTransporter Demomenu.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 12:34:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(560)
c:windowssystem32Ati2evxx.dll
.

---

Other Running Processes

---

.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesJavajre6binjqs.exe
c:appservMySQLbinmysqld.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-02-25 12:40:49 — machine was rebooted [Shtefan]
ComboFix-quarantined-files.txt 2009-02-25 09:40:42

Pre-Run: 9,191,018,496 байт свободно
Post-Run: 9,171,808,256 байт свободно

237

[klimst]

Спасибо форуму.

На компьютере были обнаружены:
Virus.Win32.Sality.aa — Самый тяжкий из них.
backdoor.win32.IRCBot.htv
Trojan.Win32.Buzus.amjn
HEUR:Trojan.Win32.Generic
Packed.Win32.Klone.bj
Backdoor.win32.Bifrose.zzv
Virus.Win32.AutoRun.ezt
Trojan-Spy.Win32.Goldun.bin
Trojan-Mailfinder.Win32.Agent.ym
Trojan-Downloader.Win32.Agent.bfiv
HackTool.Win32.Kiser
Trojan-GameThief.Win32.Magania.asvp

Лечение было произведено при помощи утилиты KIS 2009. Для чего зараженный хард диск был подключен к здоровому компьютеру и пролечен антивирусом.

[Admin]

Вы постоянно обновляли топик, и я просто не мог за вами угнаться 🙂

Но сегодня добрался. Рад что вы решили свою проблему, пожалуйста пришлите свежий Combofix лог для дополнительной проверки, бывает что KIS не всё замечает.

[Автор]

Сообщения