• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › вирус сбивает работу интернет-браузера
Adguard
 

вирус сбивает работу интернет-браузера

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › вирус сбивает работу интернет-браузера

  • This topic has 5 ответов, 2 участника, and was last updated 16 years, 4 months назад by Admin.
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Автор
    Сообщения
  • 13 апреля, 2009 в 10:27 дп #16581
    anatoly_makh
    Participant
    • Темы:1
    • Сообщений:3
    • ☆

    Здравствуйте!!!
    Недавно ко мне в систему попал «Antivirus XP 2008». С помощью Superantispyware я его вывел, но видимо, не полностью. С тех пор компьютер работает медленно, при переходе по найденным ссылкам в яндексе и гугле меня периодически отправлеят на совсем не имеющие отношения к поиску сайты (в том числе порносайты). Чуть позже я провел полную проверку на вирусы с помощью следующих антивирусов: Doctor Web, Avast, Malwarebytes Antimalware, Superspyware, Spyware terminator, Kaspersky Antivirus. Каждый из них находил разных троянов и все они были удалены, но проблемы остались.
    В обнаруженных угрозах Касперского присутствуют Trojan-PSW.Win32.Agent.mcl,
    Superantispyware поместил на карантин Trojan.Downloder-Gen, Trojan.RootKit/Gen, Advare.Vundo/Variant-LIB после чего я их удалил.
    Помогите, пожалуйста, их решить.

    info.txt logfile of random’s system information tool 1.06 2009-04-13 13:34:50

    ======Uninstall list======

    —>MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    —>C:Program FilesNeroNero 7\nerouninstallUNNERO.exe /UNINSTALL
    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
    ABBYY Lingvo 12 Multilingual Edition—>MsiExec.exe /I{A1200000-0004-0000-0000-074957833700}
    ABBYY PDF Transformer 2.0—>MsiExec.exe /I{FA200000-0001-0000-0000-074957833700}
    AC3Filter (remove only)—>C:Program FilesAC3Filteruninstall.exe
    ACDSee 10 Photo Manager—>MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
    Acrobat.com—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com—>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR—>MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
    Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    Adobe Reader 9.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
    CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
    Conexant HDA D330 MDC V.92 Modem—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000FUIU32m.exe -U -Idel000f5.INF
    Dell Touchpad—>C:Program FilesDellTPadUninstap.exe ADDREMOVE
    e-Messenger 112—>»C:Program FilesInstallShield Installation Information{730C01C5-CAE4-46FE-BA13-8B3E637F8192}setup.exe» -runfromtemp -l0x0019 -removeonly
    EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{67EDD823-135A-4D59-87BD-950616D6E857}SETUP.EXE» -l0x19 -UnInstall
    EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}SETUP.EXE» -l0x19 UNINST
    EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E86BC406-944E-41F6-ADE6-2C136734C96B}Setup.exe» -l0x19 UNINST
    EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
    EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
    EPSON Scan—>C:Program Filesepsonescndvsetupsetup.exe /r
    ESDX4000_4050_CX3900 Руководство пользователя—>C:Program FilesEPSONTPMANUALESDX4000_4050_CX3900USE_G (Russian)DOCUNINS.EXE
    ffdshow [rev 2110] [2008-09-08]—>»C:Program Filesffdshowunins000.exe»
    Google Talk Plugin—>MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8}
    Google Планета Земля—>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Guitar Pro 5.2—>»C:Program FilesGuitar Pro 5unins000.exe»
    Haali Reader 2.0 (remove only)—>»C:Program FilesHaaliHaali Readeruninstall.exe»
    HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
    Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
    Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kantaris Media Player 0.3.7—>»C:Program FilesKantarisunins000.exe»
    Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
    Korean Fonts Support For Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-5670-0000-900000000003}
    L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
    Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
    Light Alloy 4.0—>C:Program FilesLight Alloyuninst.exe
    Logitech Audio Echo Cancellation Component—>MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
    Logitech QuickCam—>MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
    Logitech Video Enumerator—>MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
    Logitech® Camera Driver—>»C:Program FilesCommon FilesLogiShrdQCDRVBINSETUP.EXE» UNINSTALL REMOVEPROMPT
    Marvell Miniport Driver—>MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
    mCore—>MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    mDriver—>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mDrWiFi—>MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
    mHlpDell—>MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
    Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
    Microsoft .NET Framework 3.0—>c:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
    Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
    Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
    Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
    Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
    Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
    Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
    Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
    Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual Studio 2005 Tools for Office Runtime—>MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
    mIWA—>MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView—>MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse—>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    mPfMgr—>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz—>MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe—>MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    mSCfg—>MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
    mSSO—>MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
    MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser—>MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    MVision—>MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
    mWlsSafe—>MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mWMI—>MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
    mZConfig—>MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    Nero 7 Essentials—>MsiExec.exe /X{BC61F51E-8AF7-46B9-AF20-B33B5EE81049}
    neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    OpenOffice.org Installer 1.0—>MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    Opera 9.52—>MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}
    PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
    PROMT Expert 8 Giant Try-Buy—>MsiExec.exe /I{A4F761F7-FBC8-49BF-BC37-15550C3EAA85}
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}Setup.exe» -l0x19 anything
    S.T.A.L.K.E.R.—>»D:MediaGamesS.T.A.L.K.E.Runins000.exe»
    Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for CAPICOM (KB931906)—>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)—>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office OneNote 2007 (KB950130)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update для Microsoft .NET Framework 2.0 (КБ928365)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Skype™ Beta 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    SUPERAntiSpyware Free Edition—>MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Update for Microsoft Office Outlook 2007 (KB952142)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
    Winamp—>»C:Program FilesWinampUninstWA.exe»
    Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
    Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
    еда выполнения Visual Studio 2005 Tools for Office, второй выпуск—>C:Program FilesCommon FilesMicrosoft SharedVSTO8.0Microsoft Visual Studio 2005 Tools for Office Runtimeinstall.exe
    Звуковое устройство SigmaTel Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}setup.exe» -l0x19 -remove -removeonly
    Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
    Обновление безопасности для Windows XP — (KB923689)—>»C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
    Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
    Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
    Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
    Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
    Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
    Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
    Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
    Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
    Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
    Программа подготовки документов ЮЛ—>C:PROGRA~1Egrn_ulUNWISE.EXE C:PROGRA~1Egrn_ulINSTALL.LOG
    Программное обеспечение Intel(R) PROSet/Wireless—>C:WINDOWSInstalleriProInst.exe

    ======Security center information======

    AV: Doctor Web Anti-Virus (disabled)
    AV: Kaspersky Internet Security
    FW: Kaspersky Internet Security

    ======System event log======

    Computer Name: DDUSER-A5D63813
    Event Code: 7036
    Message: Служба «Сетевые подключения» перешла в состояние Работает.

    Record Number: 9787
    Source Name: Service Control Manager
    Time Written: 20090306205747.000000+180
    Event Type: информация
    User:

    Computer Name: DDUSER-A5D63813
    Event Code: 7035
    Message: Служба «Сетевые подключения» успешно отправила управляющий элемент «запустить».

    Record Number: 9786
    Source Name: Service Control Manager
    Time Written: 20090306205747.000000+180
    Event Type: информация
    User: NT AUTHORITYSYSTEM

    Computer Name: DDUSER-A5D63813
    Event Code: 7035
    Message: Служба «aswRdr» успешно отправила управляющий элемент «запустить».

    Record Number: 9785
    Source Name: Service Control Manager
    Time Written: 20090306205747.000000+180
    Event Type: информация
    User: NT AUTHORITYSYSTEM

    Computer Name: DDUSER-A5D63813
    Event Code: 7036
    Message: Служба «avast! Mail Scanner» перешла в состояние Работает.

    Record Number: 9784
    Source Name: Service Control Manager
    Time Written: 20090306205747.000000+180
    Event Type: информация
    User:

    Computer Name: DDUSER-A5D63813
    Event Code: 7035
    Message: Служба «Logitech LVPr2Mon Driver» успешно отправила управляющий элемент «запустить».

    Record Number: 9783
    Source Name: Service Control Manager
    Time Written: 20090306205747.000000+180
    Event Type: информация
    User: NT AUTHORITYSYSTEM

    =====Application event log=====

    Computer Name: DDUSER-A5D63813
    Event Code: 20
    Message:
    Record Number: 1772
    Source Name: Google Update
    Time Written: 20090104220043.000000+180
    Event Type: ошибка
    User: DDUSER-A5D63813User

    Computer Name: DDUSER-A5D63813
    Event Code: 20
    Message:
    Record Number: 1771
    Source Name: Google Update
    Time Written: 20090104210043.000000+180
    Event Type: ошибка
    User: DDUSER-A5D63813User

    Computer Name: DDUSER-A5D63813
    Event Code: 20
    Message:
    Record Number: 1770
    Source Name: Google Update
    Time Written: 20090104200043.000000+180
    Event Type: ошибка
    User: DDUSER-A5D63813User

    Computer Name: DDUSER-A5D63813
    Event Code: 20
    Message:
    Record Number: 1769
    Source Name: Google Update
    Time Written: 20090104190043.000000+180
    Event Type: ошибка
    User: DDUSER-A5D63813User

    Computer Name: DDUSER-A5D63813
    Event Code: 1002
    Message: Зависшее приложение Kantaris.exe, версия 0.3.7.0, зависший модуль hungapp, версия 0.0.0.0, адрес 0x00000000.

    Record Number: 1768
    Source Name: Application Hang
    Time Written: 20090104185757.000000+180
    Event Type: ошибка
    User:

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=6
    «PROCESSOR_IDENTIFIER»=x86 Family 6 Model 22 Stepping 1, GenuineIntel
    «PROCESSOR_REVISION»=1601
    «NUMBER_OF_PROCESSORS»=1
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP

    EOF

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by User at 2009-04-13 13:36:55
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 9 GB (47%) free of 20 GB
    Total RAM: 1014 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:36:57, on 13.04.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:Program FilesIntelWirelessBinS24EvMon.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
    C:Program FilesIntelWirelessBinEvtEng.exe
    C:Program FilesCommon FilesLightScribeLSSrvc.exe
    C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
    C:Program FilesIntelWirelessBinRegSrvc.exe
    C:Program FilesSigmaTelC-Major AudioWDMSTacSV.exe
    C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesIntelWirelessBinWLKeeper.exe
    C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
    C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
    C:Documents and SettingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
    C:Program FilesOperaopera.exe
    C:Documents and SettingsUserРабочий столRSIT.exe
    C:Program Filestrend microUser.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
    O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
    O2 — BHO: myiebho — {7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} — %SystemRoot%system32vmmreg32.dll (file missing)
    O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
    O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
    O4 — HKLM..Run: [LogitechCommunicationsManager] «C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe»
    O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:Program FilesLogitechQuickCamQuickcam.exe» /hide
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
    O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
    O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
    O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
    O9 — Extra button: Статистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220197190156
    O17 — HKLMSystemCCSServicesTcpip..{DC1C1315-15CA-4DEF-85C1-9F82986FC912}: NameServer = 85.21.192.5 213.234.192.7
    O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
    O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
    O20 — Winlogon Notify: !SASWinLogon — C:Program FilesSUPERAntiSpywareSASWINLO.DLL
    O20 — Winlogon Notify: ctasys — ctasys.dll (file missing)
    O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
    O23 — Service: LVCOMSer — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
    O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
    O23 — Service: LVSrvLauncher — Logitech Inc. — C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Stalker (Pro) Drivers Auto Removal (pr2ajtsb) (pr2ajtsb) — 1C: Multimedia — C:WINDOWSsystem32pr2ajtsb.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
    O23 — Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) — Intel Corporation — C:Program FilesIntelWirelessBinS24EvMon.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Program FilesSigmaTelC-Major AudioWDMSTacSV.exe
    O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) — Intel(R) Corporation — C:Program FilesIntelWirelessBinWLKeeper.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

    —
    End of file — 7745 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-2025429265-413027322-1417001333-1003.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-11-11 62728]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}]
    Windows Update Monitor bar — C:WINDOWSsystem32vmmreg32.dll [2009-02-15 139272]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-28 206088]
    «Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
    «LogitechCommunicationsManager»=C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe [2007-07-25 563984]
    «LogitechQuickCamRibbon»=C:Program FilesLogitechQuickCamQuickcam.exe [2007-07-25 2027792]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
    «AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
    C:Program FilesSUPERAntiSpywareSASWINLO.DLL [2009-02-16 356352]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyctasys]
    ctasys.dll []

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
    C:WINDOWSsystem32igfxdev.dll [2007-08-24 208896]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
    C:WINDOWSsystem32klogon.dll [2008-11-11 218376]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
    «{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program FilesSUPERAntiSpywareSASSEH.DLL [2009-02-16 77824]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVIDEO]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVIDEO]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «HonorAutoRunSetting»=
    «NoDriveTypeAutoRun»=

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
    «C:CorbinaStrongDCStrongDC.exe»=»C:CorbinaStrongDCStrongDC.exe:*:Enabled:StrongDC++»
    «C:Program FilesCorbinaShadowDCCorbinaShadowDC.exe»=»C:Program FilesCorbinaShadowDCCorbinaShadowDC.exe:*:Enabled:CorbinaShadowDC++»
    «C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
    «C:Documents and SettingsUserLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll»=»C:Documents and SettingsUserLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll:*:Enabled:Google Talk Plugin»
    «C:Documents and SettingsUserLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe»=»C:Documents and SettingsUserLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe:*:Enabled:Google Talk Plugin»
    «C:Program FilesCorbinaStrongDCStrongDC.exe»=»C:Program FilesCorbinaStrongDCStrongDC.exe:*:Enabled:StrongDC++»
    «C:Documents and SettingsUserLocal SettingsTempRar$EX00.797StrongDC.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX00.797StrongDC.exe:*:Enabled:StrongDC++»
    «C:Documents and SettingsUserРабочий столsdc221StrongDC.exe»=»C:Documents and SettingsUserРабочий столsdc221StrongDC.exe:*:Enabled:StrongDC++»
    «C:Documents and SettingsUserLocal SettingsTempRar$EX00.672StrongDC.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX00.672StrongDC.exe:*:Enabled:StrongDC++»
    «D:MediaGamesS.T.A.L.K.E.RbinXR_3DA.exe»=»D:MediaGamesS.T.A.L.K.E.RbinXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)»
    «D:MediaGamesS.T.A.L.K.E.RbindedicatedXR_3DA.exe»=»D:MediaGamesS.T.A.L.K.E.RbindedicatedXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)»
    «C:Program FilesStrongDC for CorbinaStrongDC.exe»=»C:Program FilesStrongDC for CorbinaStrongDC.exe:*:Enabled:StrongDC++»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4a7ba030-a0df-11dd-a9ec-001d0938bbb6}]
    shellAutoRuncommand — H:xyw9tmdj.com
    shellexplorecommand — H:xyw9tmdj.com
    shellopencommand — H:xyw9tmdj.com

    ======List of files/folders created in the last 1 months======

    2009-04-13 13:34:28 —-D—- C:Program Filestrend micro
    2009-04-13 13:34:26 —-D—- C:rsit
    2009-04-10 21:20:02 —-RA—- C:WINDOWSsystem32lvci1110.dll
    2009-04-10 21:11:56 —-D—- C:Program FilesLogitech
    2009-04-07 08:45:59 —-D—- C:Documents and SettingsUserApplication DataMozilla
    2009-03-30 00:34:05 —-HDC—- C:WINDOWS$NtUninstallKB958215$
    2009-03-30 00:33:56 —-HDC—- C:WINDOWS$NtUninstallKB960714$
    2009-03-29 00:56:02 —-HDC—- C:WINDOWS$NtUninstallKB950760$
    2009-03-28 16:31:15 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab

    ======List of files/folders modified in the last 1 months======

    2009-04-13 13:34:40 —-D—- C:WINDOWSPrefetch
    2009-04-13 13:34:29 —-D—- C:WINDOWSTemp
    2009-04-13 13:34:28 —-RD—- C:Program Files
    2009-04-13 09:17:43 —-D—- C:WINDOWSsystem32
    2009-04-13 09:17:43 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
    2009-04-13 09:13:53 —-D—- C:WINDOWSsystem32drivers
    2009-04-13 09:13:37 —-D—- C:WINDOWS
    2009-04-13 00:10:11 —-A—- C:WINDOWSSchedLgU.Txt
    2009-04-12 17:17:26 —-D—- C:Documents and SettingsUserApplication DataSkype
    2009-04-12 16:17:42 —-D—- C:Documents and SettingsUserApplication DataskypePM
    2009-04-10 21:21:25 —-D—- C:WINDOWSsystem32CatRoot
    2009-04-10 21:20:01 —-D—- C:Program FilesCommon FilesLogiShrd
    2009-04-10 21:19:55 —-HD—- C:WINDOWSinf
    2009-04-10 21:19:45 —-SHD—- C:WINDOWSInstaller
    2009-04-10 21:19:24 —-D—- C:WINDOWSsystem32CatRoot2
    2009-04-10 21:12:01 —-D—- C:Documents and SettingsAll UsersApplication DataLogishrd
    2009-03-31 22:59:42 —-SHD—- C:Documents and SettingsUserApplication Data.#
    2009-03-30 00:34:10 —-RSHDC—- C:WINDOWSsystem32dllcache
    2009-03-30 00:34:04 —-HD—- C:WINDOWS$hf_mig$
    2009-03-29 21:02:12 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
    2009-03-29 21:02:04 —-D—- C:Program FilesCommon FilesAdobe
    2009-03-29 19:57:53 —-D—- C:WINDOWSsystem32webmin
    2009-03-28 20:58:06 —-D—- C:WINDOWSHelp
    2009-03-28 20:58:06 —-D—- C:Program FilesInternet Explorer
    2009-03-28 20:58:05 —-D—- C:WINDOWSsystem32ru-ru
    2009-03-28 20:57:12 —-D—- C:WINDOWSie7updates
    2009-03-28 16:31:15 —-D—- C:Program FilesKaspersky Lab
    2009-03-23 21:41:16 —-A—- C:WINDOWSNeroDigital.ini
    2009-03-14 01:02:02 —-D—- C:WINDOWSDebug

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
    R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-03-28 226832]
    R1 KLMoveFileExDrv;KLMoveFileExDrv; ??C:WINDOWSsystem32klwk.sys []
    R1 SASDIFSV;SASDIFSV; ??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys []
    R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-14 8832]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-08-31 21393]
    R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
    R2 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2007-03-21 37376]
    R2 s24trans;Транспорт беспроводной сети; C:WINDOWSsystem32DRIVERSs24trans.sys [2007-05-29 12416]
    R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:WINDOWSsystem32DRIVERSApfiltr.sys [2007-12-26 164400]
    R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-14 13952]
    R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
    R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
    R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2007-08-02 989952]
    R3 HSFHWAZL;HSFHWAZL; C:WINDOWSsystem32DRIVERSHSFHWAZL.sys [2007-08-02 211200]
    R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-08-24 5776928]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:WINDOWSsystem32driversIntcHdmi.sys [2007-05-04 105984]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
    R3 LVcKap;Logitech AEC Driver; C:WINDOWSsystem32DRIVERSLVcKap.sys [2007-07-20 2109592]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:WINDOWSsystem32DRIVERSLVPr2Mon.sys [2007-07-18 25624]
    R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-20 12160]
    R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-15 79232]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:WINDOWSsystem32driverssthda.sys [2007-05-10 1222840]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
    R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
    R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
    R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2007-08-02 731136]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2007-09-17 265856]
    S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
    S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-15 60800]
    S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
    S3 FilterService;UVC Filter Service; C:WINDOWSsystem32DRIVERSlvuvcflt.sys [2007-07-19 22296]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:WINDOWSsystem32DRIVERSLVMVDrv.sys [2007-07-20 2142488]
    S3 lvpopflt;Logitech POP Suppression Filter; C:WINDOWSsystem32DRIVERSlvpopflt.sys [2007-07-19 1920920]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2007-07-19 41752]
    S3 LVUVC;QuickCam Communicate Deluxe(UVC); C:WINDOWSsystem32DRIVERSlvuvc.sys [2007-07-19 3599000]
    S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
    S3 NETw4x32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-08-08 2211456]
    S3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-15 61824]
    S3 PAC207;e-Messenger 112; C:WINDOWSsystem32DRIVERSPFC027.SYS [2007-10-25 616064]
    S3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2007-02-03 14240]
    S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2007-02-03 938272]
    S3 SASENUM;SASENUM; ??C:Program FilesSUPERAntiSpywareSASENUM.SYS []
    S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
    S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
    S3 UIUSys;Conexant Setup API; C:WINDOWSsystem32DRIVERSUIUSYS.SYS []
    S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
    S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-14 121984]
    S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
    S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-28 206088]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2007-07-25 647168]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-06-28 79136]
    R2 LVCOMSer;LVCOMSer; C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe [2007-07-20 186904]
    R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2007-07-20 137752]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2007-07-25 327680]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:Program FilesIntelWirelessBinS24EvMon.exe [2007-07-25 987136]
    R2 STacSV;SigmaTel Audio Service; C:Program FilesSigmaTelC-Major AudioWDMSTacSV.exe [2007-05-10 94208]
    R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
    R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
    R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:Program FilesIntelWirelessBinWLKeeper.exe [2007-07-25 294912]
    S2 LVSrvLauncher;LVSrvLauncher; C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe [2007-07-20 141848]
    S2 pr2ajtsb;Stalker (Pro) Drivers Auto Removal (pr2ajtsb); C:WINDOWSsystem32pr2ajtsb.exe [2007-03-05 407168]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
    S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
    S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-06-01 271920]
    S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

    EOF

    15 апреля, 2009 в 3:53 пп #23469
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    Судя по логу ваш диск H (возможно флешка) заражён autorun.inf трояном.
    Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

    * Отключите ваш антивирус.
    * Скачайте и запустите Flash_Disinfector.
    * По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

    Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

    Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
    Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

    :Processes
    
explorer.exe
    

    
:services
    
sfc
    

    
:reg
    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}]
    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyctasys]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4a7ba030-a0df-11dd-a9ec-001d0938bbb6}]
    

    
:files
    
C:WINDOWSsystem32driverssfc.sys
    
H:xyw9tmdj.com
    
C:WINDOWSsystem32vmmreg32.dll
    

    
:Commands
    
[emptytemp]
    
[start explorer]
    
[Reboot]

    Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
    По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

    Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.

    18 апреля, 2009 в 7:54 дп #23470
    anatoly_makh
    Participant
    • Темы:1
    • Сообщений:3
    • ☆

    Здравствуйте Valeri!
    Спасибо за ответ. Все сделал, как вы посоветовали.
    Прилагаю RSIT лог.

    Лог OTMoveIt выглядит так:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ServiceDriver sfc not found.
    ServiceDriver key sfc deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyctasys\ deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4a7ba030-a0df-11dd-a9ec-001d0938bbb6}\ deleted successfully.
    ========== FILES ==========
    File/Folder C:WINDOWSsystem32driverssfc.sys not found.
    File/Folder H:xyw9tmdj.com not found.
    C:WINDOWSsystem32vmmreg32.dll unregistered successfully.
    C:WINDOWSsystem32vmmreg32.dll moved successfully.
    ========== COMMANDS ==========
    User’s Temp folder emptied.
    User’s Internet Explorer cache folder emptied.
    File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    User’s Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
    Opera cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04182009_113429

    Files moved on Reboot…
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps013wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps012wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps011wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps010wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps009wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps007wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps006wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps001wb.vx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
    C:Documents and SettingsUserLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.

    20 апреля, 2009 в 5:01 пп #23471
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
    После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

    Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

    20 апреля, 2009 в 7:42 пп #23472
    anatoly_makh
    Participant
    • Темы:1
    • Сообщений:3
    • ☆

    Valeri, все сделал в соотвествии с вашими инструкциями, единственно — после того,как ComboFix перезагрузил компьютер и создавал отчет возник синий экран (как в описании последствий воздействия на компьютер antivirus xp 2008), все оборвалось и компьютер начал заново грузиться. После я запустил ComboFix снова и на этот раз все прошло нормально.

    ComboFix 09-04-21.01 — User 20.04.2009 23:04.2 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1014.665 [GMT 4:00]
    Running from: c:documents and settingsUserРабочий столComboFix.exe
    AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated)
    AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
    FW: Kaspersky Internet Security *disabled*
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    —- Previous Run

    .
    c:documents and settingsUserApplication Data.#
    c:documents and settingsUserApplication Data.#MBX@A80@353578.###
    c:documents and settingsUserApplication Data.#MBX@A80@353588.###
    c:documents and settingsUserApplication Data.#MBX@A80@353598.###
    c:documents and settingsUserApplication Data.#MBX@A80@3535A8.###
    c:documents and settingsUserApplication Data.#MBX@F38@353578.###
    c:documents and settingsUserApplication Data.#MBX@F38@353588.###
    c:documents and settingsUserApplication Data.#MBX@F38@353598.###
    c:documents and settingsUserApplication Data.#MBX@F38@3535A8.###
    c:windowssystem32clrs.tmp
    c:windowssystem32webmin
    c:windowssystem32webminvmmreg32.bkp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Legacy_SFC

    Service_sfc

    Legacy_SFC

    Service_sfc

    ((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
    .

    2009-04-18 15:13 . 2009-04-18 15:16 1374 —-a-w c:windowsimsins.BAK
    2009-04-18 07:34 . 2009-04-18 07:34

    d

    w C:_OTMoveIt
    2009-04-18 07:30 . 2009-04-18 07:30

    d-sha-r C:autorun.inf
    2009-04-13 10:56 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
    2009-04-13 10:56 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
    2009-04-13 10:56 . 2009-04-13 10:56

    d

    w c:program filesMalwarebytes’ Anti-Malware
    2009-04-13 09:34 . 2009-04-18 07:49

    d

    w c:program filestrend micro
    2009-04-13 09:34 . 2009-04-13 09:34

    d

    w C:rsit
    2009-04-10 17:20 . 2007-07-19 00:42 1920920 —-a-r c:windowssystem32driverslvpopflt.sys
    2009-04-10 17:20 . 2009-04-20 19:08 0 —-a-w c:windowssystem32driverslvuvc.hs
    2009-04-10 17:20 . 2007-07-19 00:40 195096 —-a-r c:windowssystem32lvci1110.dll
    2009-04-10 17:20 . 2007-07-19 00:44 3599000 —-a-r c:windowssystem32driverslvuvc.sys
    2009-04-10 17:19 . 2007-07-19 00:44 22296 —-a-r c:windowssystem32driverslvuvcflt.sys
    2009-04-10 17:11 . 2009-04-10 17:11

    d

    w c:program filesLogitech
    2009-03-28 14:30 . 2009-03-28 14:30 3567 —-a-w c:windowssystem32%LocalXml%
    2009-03-28 12:32 . 2009-03-28 12:41 89601 —-a-w c:windowssystem32driversklick.dat
    2009-03-28 12:32 . 2009-03-28 12:41 101287 —-a-w c:windowssystem32driversklin.dat
    2009-03-28 12:31 . 2009-04-20 19:07 3332 —sha-w c:windowssystem32driversfidbox2.idx
    2009-03-28 12:31 . 2009-04-20 19:07 352288 —sha-w c:windowssystem32driversfidbox2.dat
    2009-03-28 12:31 . 2009-04-20 19:07 2447904 —sha-w c:windowssystem32driversfidbox.dat
    2009-03-28 12:31 . 2009-04-20 19:07 21252 —sha-w c:windowssystem32driversfidbox.idx
    2009-03-28 12:31 . 2009-04-20 19:09

    d

    w c:documents and settingsAll UsersApplication DataKaspersky Lab

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-20 19:03 . 2008-08-31 14:20 45320 —-a-w c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
    2009-04-19 17:08 . 2008-09-01 16:51

    d

    w c:documents and settingsUserApplication DataSkype
    2009-04-19 15:03 . 2008-09-01 16:52

    d

    w c:documents and settingsUserApplication DataskypePM
    2009-04-18 21:12 . 2008-04-15 12:00 79170 —-a-w c:windowssystem32perfc019.dat
    2009-04-18 21:12 . 2008-04-15 12:00 472660 —-a-w c:windowssystem32perfh019.dat
    2009-04-18 15:14 . 2008-08-31 16:11

    d

    w c:documents and settingsAll UsersApplication DataMicrosoft Help
    2009-04-18 08:17 . 2008-09-02 05:56

    d

    w c:program filesOpera
    2009-04-18 07:34 . 2009-02-15 15:53 139272 —-a-w c:windowssystem32vmmreg32.dll
    2009-04-10 17:20 . 2008-09-05 14:15

    d

    w c:program filesCommon FilesLogiShrd
    2009-04-10 17:12 . 2008-09-05 14:15

    d

    w c:documents and settingsAll UsersApplication DataLogishrd
    2009-03-29 17:02 . 2008-09-03 06:40

    d

    w c:program filesCommon FilesAdobe
    2009-03-28 12:41 . 2008-01-29 14:29 33808 —-a-w c:windowssystem32driversklbg.sys
    2009-03-28 12:31 . 2008-08-31 15:05

    d

    w c:program filesKaspersky Lab
    2009-03-12 06:29 . 2009-02-15 17:43

    d

    w c:program filesSUPERAntiSpyware
    2009-03-06 14:23 . 2008-04-15 12:00 284672 —-a-w c:windowssystem32pdh.dll
    2009-02-28 15:40 . 2009-02-28 15:40 304160 —-a-w C:PA207.DAT
    2009-02-28 15:27 . 2009-02-28 15:27

    d

    w c:program filesKYE
    2009-02-28 15:27 . 2009-02-28 15:27

    d

    w c:program filesCommon FilesPAC207
    2009-02-28 15:27 . 2008-08-31 14:42

    d—h—w c:program filesInstallShield Installation Information
    2009-02-23 20:04 . 2009-02-23 20:04

    d

    w c:program filesAlwil Software
    2009-02-20 08:12 . 2008-04-15 12:00 81920 —-a-w c:windowssystem32ieencode.dll
    2009-02-20 08:12 . 2008-04-15 12:00 666624 —-a-w c:windowssystem32wininet.dll
    2009-02-15 17:38 . 2009-02-15 17:38 11761 —-a-w c:windowssystem32klwk.sys
    2009-02-10 15:09 . 2008-04-14 21:20 2067840 —-a-w c:windowssystem32ntkrnlpa.exe
    2009-02-09 14:07 . 2008-04-15 12:00 1846912

    w c:windowssystem32win32k.sys
    2009-02-09 11:26 . 2008-04-15 12:00 2190848 —-a-w c:windowssystem32ntoskrnl.exe
    2009-02-09 11:25 . 2008-04-15 12:00 111104

    w c:windowssystem32services.exe
    2009-02-09 10:54 . 2008-04-15 12:00 731136

    w c:windowssystem32lsasrv.dll
    2009-02-09 10:54 . 2008-04-15 12:00 687616

    w c:windowssystem32advapi32.dll
    2009-02-09 10:54 . 2008-04-15 12:00 401408 —-a-w c:windowssystem32rpcss.dll
    2009-02-09 10:54 . 2008-04-15 12:00 718848

    w c:windowssystem32ntdll.dll
    2009-02-06 10:39 . 2008-04-15 12:00 35328 —-a-w c:windowssystem32sc.exe
    2009-02-03 19:58 . 2008-04-15 12:00 56832 —-a-w c:windowssystem32secur32.dll
    2008-09-11 20:17 . 2008-09-11 20:17 120208 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
    .

    Sigcheck


    [-] 2008-04-15 12:00 1571840 A504005258F0D0237580CE9644EF3B0C c:windowssystem32sfcfiles.dll
    [7] 2008-04-15 12:00 1571840 4379CA978CB35BB2458156B2B6CB35DF c:windowssystem32dllcachesfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-03-28 206088]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
    «{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «c:program filesSUPERAntiSpywareSASSEH.DLL» [2009-02-15 77824]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
    2009-02-15 21:15 356352 —-a-w c:program filesSUPERAntiSpywareSASWINLO.DLL

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
    @=»Driver»

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    «FirewallOverride»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
    «EnableFirewall»= 0 (0x0)

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «%windir%\system32\sessmgr.exe»=
    «c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
    «c:\Program Files\Opera\opera.exe»=
    «c:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll»=
    «c:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe»=
    «c:\Program Files\CorbinaStrongDC\StrongDC.exe»=
    «d:\Media\Games\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe»=
    «c:\Program Files\Skype\Phone\Skype.exe»=

    R2 pr2ajtsb;Stalker (Pro) Drivers Auto Removal (pr2ajtsb); [x]
    R3 PAC207;e-Messenger 112;c:windowssystem32DRIVERSPFC027.SYS [2007-10-25 616064]
    R3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [2008-05-02 7408]
    S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-03-28 33808]
    S0 pe3ajtsb;Stalker (Pro) Environment Driver (pe3ajtsb);c:windowssystem32driverspe3ajtsb.sys [2007-03-05 65408]
    S0 ps6ajtsb;Stalker (Pro) Synchronization Driver (ps6ajtsb);c:windowssystem32driversps6ajtsb.sys [2007-03-05 52104]
    S1 KLMoveFileExDrv;KLMoveFileExDrv;c:windowssystem32klwk.sys [2009-02-15 11761]
    S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2008-05-02 8944]
    S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.sys [2008-05-02 55024]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:windowssystem32driversIntcHdmi.sys [2007-05-04 105984]
    S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2008-04-30 24592]

    — Other Services/Drivers In Memory —

    *NewlyCreated* — SFC
    *Deregistered* — sfc

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    «c:program filesCommon FilesLightScribeLSRunOnce.exe»
    .
    Contents of the ‘Scheduled Tasks’ folder

    2009-04-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-2025429265-413027322-1417001333-1003.job
    — c:documents and settingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-11-12 20:20]
    .
    .

    Supplementary Scan

    .
    IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-20 23:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .

    DLLs Loaded Under Running Processes


    — — — — — — — > ‘winlogon.exe'(1076)
    c:program filesSUPERAntiSpywareSASWINLO.DLL

    — — — — — — — > ‘explorer.exe'(6724)
    c:program filesCommon FilesLogishrdLVMVFMLVPrcInj.dll
    .

    Other Running Processes

    .
    c:program filesIntelWirelessBinS24EvMon.exe
    c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
    c:program filesIntelWirelessBinEvtEng.exe
    c:program filesCommon FilesLightScribeLSSrvc.exe
    c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
    c:program filesIntelWirelessBinRegSrvc.exe
    c:program filesSigmaTelC-Major AudioWDMstacsv.exe
    c:program filesAlcohol SoftAlcohol 120StarWindStarWindService.exe
    c:windowssystem32wdfmgr.exe
    c:program filesIntelWirelessBinWLKEEPER.exe
    c:program filesCommon FilesLogiShrdLVCOMSERLVComSer.exe
    c:windowssystem32wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-20 23:11 — machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-20 19:11

    Pre-Run: 9 756 585 984 байт свободно
    Post-Run: 9 741 262 848 байт свободно

    Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
    196 — E O F — 2009-04-18 15:16

    23 апреля, 2009 в 2:54 пп #23473
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Combofix удалил драйвер трояна и сейчас лог выглядит нормально.
    Как работает компьютер ?

  • Автор
    Сообщения
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 10 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 11 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    6 years, 1 month назад
  • Замучила реклама опубликовано Данила Беспятов
    6 years, 1 month назад
  • Замучила реклама опубликовано Марк
    5 years, 11 months назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years, 4 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    6 years, 1 month назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 5 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)