- This topic has 3 ответа, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Комп не запускается в безопасном режиме, не запускается диспетчер задач, не устанавливается антивирус, или устанавливается, но не запускается……..выдает ошибки и .т.д.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Администратор at 2009-04-19 22:12:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (33%) free of 20 GB
Total RAM: 1023 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:12, on 17.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCDSlowcdslow.exe
C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesSECNatural ColorNaturalColorLoad.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesOperaopera.exe
C:DOCUME~19335~1LOCALS~1Temphiult.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
F2 — REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 — BHO: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O3 — Toolbar: (no name) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — (no file)
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [NevoDRM] «C:ИгрыNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [CDSlow] C:Program FilesCDSlowcdslow.exe
O4 — HKCU..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe» /systray /nologon
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: TranslateNow.lnk = E:perevodTNOW 1.01TransNow.exe
O4 — Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 — Global Startup: NaturalColorLoad.lnk = ?
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Google Search — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Backward &Links — res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 — Extra context menu item: Cac&hed Snapshot of Page — res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 — Extra context menu item: Si&milar Pages — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 — Extra context menu item: Translate into English — res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 — HKLMSystemCCSServicesTcpip..{6858787C-1541-4F57-9EEF-B00F49D9B2C7}: NameServer = 82.207.66.250 82.207.66.241
O20 — Winlogon Notify: !SASWinLogon — C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8336 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-04-01 2086936][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-12-10 929224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2009-03-01 849392]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-04-01 2086936][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-02-26 16125440]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 139264]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-01 222768]
«NevoDRM»=C:ИгрыNevoDRMNevoDRM.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«CDSlow»=C:Program FilesCDSlowcdslow.exe [2005-11-19 185856]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe [2007-08-02 425984]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-05-16 226864]
«SUPERAntiSpyware»=C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [2009-03-23 1899760]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-04-15 172792]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
InterVideo WinCinema Manager.lnk — C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
NaturalColorLoad.lnk — C:Program FilesSECNatural ColorNaturalColorLoad.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
TranslateNow.lnk — E:perevodTNOW 1.01TransNow.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll [2008-12-22 356352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-11-02 122880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=95000000[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCommon FilesAheadNero WebSetupX.exe»=»C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Enabled:Nero ProductSetup»
«D:ИГРЫAVP2_PrimalHuntAVP2XServ.exe»=»D:ИГРЫAVP2_PrimalHuntAVP2XServ.exe:*:Enabled:AVP2 Stand-Alone Server»
«C:Program FilesNeroNero 7Nero MediaHomeNeroMediaHome.exe»=»C:Program FilesNeroNero 7Nero MediaHomeNeroMediaHome.exe:*:Enabled:Nero MediaHome (1)»
«C:Program FilesNeroNero 7Nero MediaHomeNMMediaServer.exe»=»C:Program FilesNeroNero 7Nero MediaHomeNMMediaServer.exe:*:Enabled:Nero MediaHome (2)»
«C:DOCUME~19335~1LOCALS~1Tempsvchost.exe»=»C:DOCUME~19335~1LOCALS~1Tempsvchost.exe:*:Enabled:Enabled»
«K:sqgdbo.exe»=»K:sqgdbo.exe:*:Enabled:ipsec»
«D:ИГРЫGTA San Andreas — Night Crimegta_sa.exe»=»D:ИгрыGTA San Andreas — Night Crimegta_sa.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»
«C:Documents and SettingsАдминистраторМои документыRanch RushRanchRush.exe»=»C:Documents and SettingsАдминистраторМои документыRanch RushRanchRush.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.exe»=»C:WINDOWSExplorer.exe:*:Enabled:ipsec»
«C:Program FilesNeroNero 7Nero VisionNeroVision.exe»=»C:Program FilesNeroNero 7Nero VisionNeroVision.exe:*:Enabled:ipsec»
«C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe»=»C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe:*:Enabled:ipsec»
«C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe»=»C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe:*:Enabled:ipsec»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe»=»C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe:*:Enabled:ipsec»
«D:GamesDAEMON Tools Litedaemon.exe»=»D:GamesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temp~nsu.tmpAu_.exe»=»C:DOCUME~19335~1LOCALS~1Temp~nsu.tmpAu_.exe:*:Enabled:ipsec»
«K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe»=»K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe:*:Enabled:ipsec»
«C:Program FilesScanSoftPaperPortPaprPort.exe»=»C:Program FilesScanSoftPaperPortPaprPort.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE111049msohelp.exe»=»C:Program FilesMicrosoft OfficeOFFICE111049msohelp.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE»=»C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE:*:Enabled:ipsec»
«C:Program FilesSECNatural ColorNaturalColorLoad.exe»=»C:Program FilesSECNatural ColorNaturalColorLoad.exe:*:Enabled:ipsec»
«D:Program FilesRecipesbinrecipes.exe»=»D:Program FilesRecipesbinrecipes.exe:*:Enabled:ipsec»
«D:Program FilesMy Cookery Bookcookery.exe»=»D:Program FilesMy Cookery Bookcookery.exe:*:Enabled:ipsec»
«K:abgssn.exe»=»K:abgssn.exe:*:Enabled:ipsec»
«K:rprvdp.pif»=»K:rprvdp.pif:*:Enabled:ipsec»
«C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe»=»C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe:*:Enabled:ipsec»
«C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовNOD 32nentrust.exe»=»C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовNOD 32nentrust.exe:*:Enabled:ipsec»
«D:Program FilesSims 2 FreeTime — The Ancient Ballsims2_freetimeTSBinSims2EP7.exe»=»D:Program FilesSims 2 FreeTime — The Ancient Ballsims2_freetimeTSBinSims2EP7.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadLibNMIndexingService.exe»=»C:Program FilesCommon FilesAheadLibNMIndexingService.exe:*:Enabled:ipsec»
«D:играGTA San Andreas — Night Crimegta_sa.exe»=»D:играGTA San Andreas — Night Crimegta_sa.exe:*:Enabled:ipsec»
«C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовDrWebdrweb-433-win-ru.exe»=»C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовDrWebdrweb-433-win-ru.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»=»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe:*:Enabled:ipsec»
«C:Program FilesTotal Commander XPTOTALCMD.EXE»=»C:Program FilesTotal Commander XPTOTALCMD.EXE:*:Enabled:ipsec»
«C:Program FilesABBYY FineReader 7.0 Professional EditionFineReader.exe»=»C:Program FilesABBYY FineReader 7.0 Professional EditionFineReader.exe:*:Enabled:ipsec»
«C:Program FilesNeroNero 7Nero StartSmartNeroStartSmart.exe»=»C:Program FilesNeroNero 7Nero StartSmartNeroStartSmart.exe:*:Enabled:ipsec»
«C:Program FilesInterVideoCommonBinWinCinemaMgr.exe»=»C:Program FilesInterVideoCommonBinWinCinemaMgr.exe:*:Enabled:ipsec»
«C:WINDOWSRTHDCPL.EXE»=»C:WINDOWSRTHDCPL.EXE:*:Enabled:ipsec»
«C:WINDOWSALCMTR.EXE»=»C:WINDOWSALCMTR.EXE:*:Enabled:ipsec»
«C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe»=»C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE»=»C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:Program FilesCDSlowcdslow.exe»=»C:Program FilesCDSlowcdslow.exe:*:Enabled:ipsec»
«C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe»=»C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempvkekv.exe»=»C:DOCUME~19335~1LOCALS~1Tempvkekv.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempsfexal.exe»=»C:DOCUME~19335~1LOCALS~1Tempsfexal.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinealnwm.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinealnwm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwincqnys.exe»=»C:DOCUME~19335~1LOCALS~1Tempwincqnys.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinjxbpgu.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinjxbpgu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Templbohy.exe»=»C:DOCUME~19335~1LOCALS~1Templbohy.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temppinph.exe»=»C:DOCUME~19335~1LOCALS~1Temppinph.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Templnadv.exe»=»C:DOCUME~19335~1LOCALS~1Templnadv.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempalqa.exe»=»C:DOCUME~19335~1LOCALS~1Tempalqa.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinujnwml.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinujnwml.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempxxgo.exe»=»C:DOCUME~19335~1LOCALS~1Tempxxgo.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temprstwd.exe»=»C:DOCUME~19335~1LOCALS~1Temprstwd.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinfifw.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinfifw.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinapddlc.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinapddlc.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinrmtv.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinrmtv.exe:*:Enabled:ipsec»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbitr.exe»=»C:DOCUME~19335~1LOCALS~1Tempbitr.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqssdw.exe»=»C:DOCUME~19335~1LOCALS~1Tempqssdw.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinbocpgd.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinbocpgd.exe:*:Enabled:ipsec»
«C:PROGRA~1ICQ6.5ICQ.exe»=»C:PROGRA~1ICQ6.5ICQ.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinhunbo.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinhunbo.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempdltqaj.exe»=»C:DOCUME~19335~1LOCALS~1Tempdltqaj.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempfqxg.exe»=»C:DOCUME~19335~1LOCALS~1Tempfqxg.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinkbxhkr.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinkbxhkr.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinduhh.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinduhh.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempgtlke.exe»=»C:DOCUME~19335~1LOCALS~1Tempgtlke.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temprkay.exe»=»C:DOCUME~19335~1LOCALS~1Temprkay.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinlgwp.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinlgwp.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbbfs.exe»=»C:DOCUME~19335~1LOCALS~1Tempbbfs.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Templektnu.exe»=»C:DOCUME~19335~1LOCALS~1Templektnu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempigvm.exe»=»C:DOCUME~19335~1LOCALS~1Tempigvm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbjfyu.exe»=»C:DOCUME~19335~1LOCALS~1Tempbjfyu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinsqjaih.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinsqjaih.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinoccd.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinoccd.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinuoakmf.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinuoakmf.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinhslb.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinhslb.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinlsax.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinlsax.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinvvld.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinvvld.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temphwrj.exe»=»C:DOCUME~19335~1LOCALS~1Temphwrj.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbfwyrj.exe»=»C:DOCUME~19335~1LOCALS~1Tempbfwyrj.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqjxu.exe»=»C:DOCUME~19335~1LOCALS~1Tempqjxu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinhmen.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinhmen.exe:*:Enabled:ipsec»
«C:ИгрыNevoDRMNevoDRM.exe»=»C:ИгрыNevoDRMNevoDRM.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinppcoph.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinppcoph.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwindntwq.exe»=»C:DOCUME~19335~1LOCALS~1Tempwindntwq.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempejcqm.exe»=»C:DOCUME~19335~1LOCALS~1Tempejcqm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwindblq.exe»=»C:DOCUME~19335~1LOCALS~1Tempwindblq.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinmltpql.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinmltpql.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwincqhy.exe»=»C:DOCUME~19335~1LOCALS~1Tempwincqhy.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqxjhap.exe»=»C:DOCUME~19335~1LOCALS~1Tempqxjhap.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempdjnm.exe»=»C:DOCUME~19335~1LOCALS~1Tempdjnm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqibofs.exe»=»C:DOCUME~19335~1LOCALS~1Tempqibofs.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempktoror.exe»=»C:DOCUME~19335~1LOCALS~1Tempktoror.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinygqcws.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinygqcws.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempcobi.exe»=»C:DOCUME~19335~1LOCALS~1Tempcobi.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1386de9c-2757-11de-b81a-001bfcab19a6}]
shellautoPLaycommand — K:ebflbl.pif
shellAutoRuncommand — K:ebflbl.pif
shellExplorecommand — K:ebflbl.pif
shellopencommand — K:ebflbl.pif[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1a4d72f6-9d35-11dd-b59b-001bfcab19a6}]
shellAutoRuncommand — L:
shellexplorecommand — L:RECYCLERINFO.exe
shellopencommand — L:RECYCLERINFO.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{802774fe-648d-11dd-b522-001bfcab19a6}]
shellAUTOPlaycommand — M:ftvpv.exe
shellAutoRuncommand — M:ftvpv.exe
shelleXPlorecommand — M:ftvpv.exe
shellOPENcommand — M:ftvpv.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9fe4591a-e23e-11dd-b65f-001bfcab19a6}]
shellAutoRuncommand — K:znfhvv.exe
shellexplorecommand — K:znfhvv.exe
shellopencommand — K:znfhvv.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8d54270-a82f-11dc-b2c5-001bfcab19a6}]
shellAutocommand — K:fw.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fw.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bed2c5f6-abf5-11dc-b2e8-001bfcab19a6}]
shellAutoRuncommand — K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe
shellopencommand — K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c85323b4-dbf6-11dd-b64e-001bfcab19a6}]
shellAUtoplAYcommand — K:exhp.pif
shellAutoRuncommand — K:exhp.pif
shellExploRecommand — K:exhp.pif
shellOPeNcommand — K:exhp.pif[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e859f362-8036-11dd-b551-001bfcab19a6}]
shellAutoPLAycommand — K:mbil.exe
shellAutoRuncommand — K:mbil.exe
shellexPlorEcommand — K:mbil.exe
shelloPencommand — K:mbil.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fae6a642-a842-11dc-b358-806d6172696f}]
shellAutoRuncommand — E:Binassetup.exe======List of files/folders created in the last 1 months======
2009-04-19 09:21:58 —-D—- C:Documents and SettingsАдминистраторApplication DataDesperate Housewives
2009-04-18 11:49:43 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32dpl100.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32divx.dll
2009-04-18 11:49:41 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-04-18 11:49:41 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-04-17 23:09:39 —-A—- C:HDLog.txt
2009-04-17 23:08:53 —-A—- C:WINDOWSIsUninst.exe
2009-04-17 15:57:33 —-D—- C:Documents and SettingsAll UsersApplication DataFugazo
2009-04-17 12:47:11 —-D—- C:rsit
2009-04-17 12:47:11 —-D—- C:Program Filestrend micro
2009-04-16 19:14:41 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-04-16 18:36:43 —-D—- C:Program FilesuTorrent
2009-04-16 18:23:00 —-A—- C:WINDOWSusdthank.ini
2009-04-16 18:23:00 —-A—- C:WINDOWSidc.ini
2009-04-13 19:44:29 —-D—- C:Program FilesSkopin FileCopier
2009-04-13 19:44:29 —-A—- C:WINDOWSUnGins.exe
2009-04-11 14:34:51 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-04-11 11:33:54 —-D—- C:Program FilesCommon FilesAdobe Systems Shared
2009-04-11 09:55:47 —-HD—- C:WINDOWSPIF
2009-04-10 17:58:58 —-D—- C:Program FilesRadio_W
2009-04-10 17:58:58 —-D—- C:Program FilesConduit
2009-04-10 12:31:55 —-D—- C:Documents and SettingsАдминистраторApplication DataROALDevelopment
2009-04-10 12:31:43 —-D—- C:Program FilesRadioClicker LITE
2009-04-10 12:26:54 —-A—- C:WINDOWSpsr.INI
2009-04-05 00:40:09 —-D—- C:Program FilesBonjour
2009-04-05 00:36:45 —-D—- C:Program FilesCommon FilesMacrovision Shared
2009-04-04 17:27:23 —-D—- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2009-04-04 17:27:16 —-D—- C:Program FilesSUPERAntiSpyware
2009-04-04 17:27:16 —-D—- C:Documents and SettingsАдминистраторApplication DataSUPERAntiSpyware.com
2009-04-04 17:11:29 —-A—- C:SAFEBOOT_REPAIR.TXT
2009-03-24 23:06:14 —-A—- C:WINDOWSsystem32cftu.exe======List of files/folders modified in the last 1 months======
2009-04-19 22:12:11 —-D—- C:WINDOWSPrefetch
2009-04-19 22:09:54 —-D—- C:Program FilesICQ6.5
2009-04-19 22:09:01 —-D—- C:WINDOWSTemp
2009-04-19 22:09:00 —-D—- C:WINDOWSsystem32drivers
2009-04-19 22:07:53 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-19 21:15:37 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-19 21:15:25 —-RD—- C:Program Files
2009-04-19 18:10:43 —-A—- C:WINDOWSNeroDigital.ini
2009-04-19 15:43:32 —-D—- C:Program FilesMozilla Firefox
2009-04-19 13:03:01 —-D—- C:WINDOWS
2009-04-18 11:50:46 —-D—- C:WINDOWSsystem32
2009-04-16 18:37:45 —-SHD—- C:WINDOWSInstaller
2009-04-15 12:40:45 —-HD—- C:WINDOWSinf
2009-04-15 12:40:45 —-D—- C:WINDOWSsystem32DirectX
2009-04-15 12:40:39 —-RSD—- C:WINDOWSassembly
2009-04-15 12:34:31 —-A—- C:WINDOWSwincmd.ini
2009-04-15 12:30:17 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-11 11:33:54 —-D—- C:Program FilesCommon Files
2009-04-11 11:33:51 —-D—- C:Program FilesAdobe
2009-04-11 11:33:07 —-D—- C:Program FilesCommon FilesAdobe
2009-04-11 11:33:07 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-04-11 09:55:26 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-04-11 09:48:50 —-D—- C:Program FilesInternet Explorer
2009-04-06 18:16:12 —-A—- C:WINDOWSSLENGINE.INI
2009-04-06 18:16:12 —-A—- C:WINDOWSSCPERS32.INI
2009-04-05 00:39:00 —-RSD—- C:WINDOWSFonts
2009-04-05 00:36:57 —-D—- C:WINDOWSWinSxS
2009-04-04 17:26:53 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-04-02 18:36:11 —-D—- C:Documents and Settings
2009-03-29 20:04:02 —-A—- C:WINDOWSsystem32ht8x4.exe
2009-03-29 15:08:57 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-25 11:14:55 —-D—- C:Program FilesAIMP2
2009-03-22 04:02:10 —-SD—- C:WINDOWSDownloaded Program Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-02 43520]
R1 AsIO;AsIO; C:WINDOWSsystem32driversAsIO.sys [2006-10-18 12664]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-08-18 34312]
R1 SASDIFSV;SASDIFSV; ??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2002-09-25 12032]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-08-18 39944]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2002-09-25 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2002-09-25 55936]
R3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversfijjlo.sys []
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-11-02 2644480]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-03-01 4484608]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-12 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-09-27 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-09-27 19968]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-04 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2002-09-25 5888]
R3 SASENUM;SASENUM; ??C:Program FilesSUPERAntiSpywareSASENUM.SYS []
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-04 17024]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys []
S3 ay4f615l;ay4f615l; C:WINDOWSsystem32driversay4f615l.sys []
S3 dac970nt;dac970nt; ??C:WINDOWSsystem32driversfijjlo.sys []
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys []
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-03-10 47360]
S3 PRODIGY;PRODIGY; C:WINDOWSSystem32DriversPRODIGY.SYS [2006-08-29 32377]
S3 SunkFilt;Alcor Micro Corp Reader; ??C:WINDOWSSystem32Driverssunkfilt.sys []
S3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2004-08-17 12416]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-11-02 495616]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 NwSapAgent;Агент SAP; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-05-16 271920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-28 593920]
S2 UxTuneUp;TuneUp Design Expansion; C:WINDOWSSystem32svchost.exe [2004-08-17 14336]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-04-11 146432]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-04-05 728576]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 147456]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-04-13 869936]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 162864]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логу ваш компьютер заражён несколькими троянами, включая autorun.inf троян.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Запустите HijackThis, для этого кликните Пуск, Выполнить, введите
C:Program Filestrend microАдминистратор.exeи нажмите Enter.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующую строку, если она присутствует:F2 - REG:system.ini: Shell=Explorer.exe csrcs.exeЗакройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:Drivers to delete:
abp470n5
nod32drv
ay4f615l
dac970nt
dwshdКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, запишите его на ваш рабочий стол.Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:reg
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1386de9c-2757-11de-b81a-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1a4d72f6-9d35-11dd-b59b-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{802774fe-648d-11dd-b522-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9fe4591a-e23e-11dd-b65f-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8d54270-a82f-11dc-b2c5-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bed2c5f6-abf5-11dc-b2e8-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c85323b4-dbf6-11dd-b64e-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e859f362-8036-11dd-b551-001bfcab19a6}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fae6a642-a842-11dc-b358-806d6172696f}]
:files
C:WINDOWSSystem32driversdwshd.sys
C:WINDOWSsystem32driversfijjlo.sys
K:mbil.exe
K:exhp.pif
K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe
K:fw.exe
K:znfhvv.exe
M:ftvpv.exe
L:RECYCLERINFO.exe
K:ebflbl.pif
%windir%csrcs.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите Avenger лог и свежий RSIT лог.
Спасибо за помощь……но не все пока так как хотелось:
с флэшкой теперь вроде все нормально…..
Когда хочу запустить HijackThis, выдает сообщение: «HijackThis — обнаружена ошибка. Приложение будет закрыто. Приносим извинения за неудобства.»
Avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
RSIT
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Администратор at 2009-04-23 20:17:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (48%) free of 20 GB
Total RAM: 1023 MB (62% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:12, on 17.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCDSlowcdslow.exe
C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesSECNatural ColorNaturalColorLoad.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesOperaopera.exe
C:DOCUME~19335~1LOCALS~1Temphiult.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
F2 — REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 — BHO: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O3 — Toolbar: (no name) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — (no file)
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [NevoDRM] «C:ИгрыNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [CDSlow] C:Program FilesCDSlowcdslow.exe
O4 — HKCU..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe» /systray /nologon
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: TranslateNow.lnk = E:perevodTNOW 1.01TransNow.exe
O4 — Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 — Global Startup: NaturalColorLoad.lnk = ?
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Google Search — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Backward &Links — res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 — Extra context menu item: Cac&hed Snapshot of Page — res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 — Extra context menu item: Si&milar Pages — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 — Extra context menu item: Translate into English — res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 — HKLMSystemCCSServicesTcpip..{6858787C-1541-4F57-9EEF-B00F49D9B2C7}: NameServer = 82.207.66.250 82.207.66.241
O20 — Winlogon Notify: !SASWinLogon — C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8336 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-04-01 2086936][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-12-10 929224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2009-03-01 849392]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-04-01 2086936][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2981888]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-02-26 16125440]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 139264]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-01 222768]
«NevoDRM»=C:ИгрыNevoDRMNevoDRM.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«CDSlow»=C:Program FilesCDSlowcdslow.exe [2005-11-19 185856]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe [2007-08-02 425984]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-05-16 226864]
«SUPERAntiSpyware»=C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [2009-03-23 1899760]
«ICQ»=C:Program FilesICQ6.5ICQ.exe silent []
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1741312]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
InterVideo WinCinema Manager.lnk — C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
NaturalColorLoad.lnk — C:Program FilesSECNatural ColorNaturalColorLoad.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
TranslateNow.lnk — E:perevodTNOW 1.01TransNow.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll [2008-12-22 356352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-11-02 122880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCommon FilesAheadNero WebSetupX.exe»=»C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Enabled:Nero ProductSetup»
«D:ИГРЫAVP2_PrimalHuntAVP2XServ.exe»=»D:ИГРЫAVP2_PrimalHuntAVP2XServ.exe:*:Enabled:AVP2 Stand-Alone Server»
«C:Program FilesNeroNero 7Nero MediaHomeNeroMediaHome.exe»=»C:Program FilesNeroNero 7Nero MediaHomeNeroMediaHome.exe:*:Enabled:Nero MediaHome (1)»
«C:Program FilesNeroNero 7Nero MediaHomeNMMediaServer.exe»=»C:Program FilesNeroNero 7Nero MediaHomeNMMediaServer.exe:*:Enabled:Nero MediaHome (2)»
«C:DOCUME~19335~1LOCALS~1Tempsvchost.exe»=»C:DOCUME~19335~1LOCALS~1Tempsvchost.exe:*:Enabled:Enabled»
«K:sqgdbo.exe»=»K:sqgdbo.exe:*:Enabled:ipsec»
«D:ИГРЫGTA San Andreas — Night Crimegta_sa.exe»=»D:ИгрыGTA San Andreas — Night Crimegta_sa.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»
«C:Documents and SettingsАдминистраторМои документыRanch RushRanchRush.exe»=»C:Documents and SettingsАдминистраторМои документыRanch RushRanchRush.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.exe»=»C:WINDOWSExplorer.exe:*:Enabled:ipsec»
«C:Program FilesNeroNero 7Nero VisionNeroVision.exe»=»C:Program FilesNeroNero 7Nero VisionNeroVision.exe:*:Enabled:ipsec»
«C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe»=»C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe:*:Enabled:ipsec»
«C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe»=»C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe:*:Enabled:ipsec»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe»=»C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe:*:Enabled:ipsec»
«D:GamesDAEMON Tools Litedaemon.exe»=»D:GamesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temp~nsu.tmpAu_.exe»=»C:DOCUME~19335~1LOCALS~1Temp~nsu.tmpAu_.exe:*:Enabled:ipsec»
«K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe»=»K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe:*:Enabled:ipsec»
«C:Program FilesScanSoftPaperPortPaprPort.exe»=»C:Program FilesScanSoftPaperPortPaprPort.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE111049msohelp.exe»=»C:Program FilesMicrosoft OfficeOFFICE111049msohelp.exe:*:Enabled:ipsec»
«C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE»=»C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE:*:Enabled:ipsec»
«C:Program FilesSECNatural ColorNaturalColorLoad.exe»=»C:Program FilesSECNatural ColorNaturalColorLoad.exe:*:Enabled:ipsec»
«D:Program FilesRecipesbinrecipes.exe»=»D:Program FilesRecipesbinrecipes.exe:*:Enabled:ipsec»
«D:Program FilesMy Cookery Bookcookery.exe»=»D:Program FilesMy Cookery Bookcookery.exe:*:Enabled:ipsec»
«K:abgssn.exe»=»K:abgssn.exe:*:Enabled:ipsec»
«K:rprvdp.pif»=»K:rprvdp.pif:*:Enabled:ipsec»
«C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe»=»C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe:*:Enabled:ipsec»
«C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовNOD 32nentrust.exe»=»C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовNOD 32nentrust.exe:*:Enabled:ipsec»
«D:Program FilesSims 2 FreeTime — The Ancient Ballsims2_freetimeTSBinSims2EP7.exe»=»D:Program FilesSims 2 FreeTime — The Ancient Ballsims2_freetimeTSBinSims2EP7.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadLibNMIndexingService.exe»=»C:Program FilesCommon FilesAheadLibNMIndexingService.exe:*:Enabled:ipsec»
«D:играGTA San Andreas — Night Crimegta_sa.exe»=»D:играGTA San Andreas — Night Crimegta_sa.exe:*:Enabled:ipsec»
«C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовDrWebdrweb-433-win-ru.exe»=»C:Documents and SettingsАдминистраторРабочий столСборка разных антивирусовDrWebdrweb-433-win-ru.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»=»C:Program FilesCommon FilesAheadLibNMBgMonitor.exe:*:Enabled:ipsec»
«C:Program FilesTotal Commander XPTOTALCMD.EXE»=»C:Program FilesTotal Commander XPTOTALCMD.EXE:*:Enabled:ipsec»
«C:Program FilesABBYY FineReader 7.0 Professional EditionFineReader.exe»=»C:Program FilesABBYY FineReader 7.0 Professional EditionFineReader.exe:*:Enabled:ipsec»
«C:Program FilesNeroNero 7Nero StartSmartNeroStartSmart.exe»=»C:Program FilesNeroNero 7Nero StartSmartNeroStartSmart.exe:*:Enabled:ipsec»
«C:Program FilesInterVideoCommonBinWinCinemaMgr.exe»=»C:Program FilesInterVideoCommonBinWinCinemaMgr.exe:*:Enabled:ipsec»
«C:WINDOWSRTHDCPL.EXE»=»C:WINDOWSRTHDCPL.EXE:*:Enabled:ipsec»
«C:WINDOWSALCMTR.EXE»=»C:WINDOWSALCMTR.EXE:*:Enabled:ipsec»
«C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe»=»C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE»=»C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:Program FilesCDSlowcdslow.exe»=»C:Program FilesCDSlowcdslow.exe:*:Enabled:ipsec»
«C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe»=»C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempvkekv.exe»=»C:DOCUME~19335~1LOCALS~1Tempvkekv.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempsfexal.exe»=»C:DOCUME~19335~1LOCALS~1Tempsfexal.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinealnwm.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinealnwm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwincqnys.exe»=»C:DOCUME~19335~1LOCALS~1Tempwincqnys.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinjxbpgu.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinjxbpgu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Templbohy.exe»=»C:DOCUME~19335~1LOCALS~1Templbohy.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temppinph.exe»=»C:DOCUME~19335~1LOCALS~1Temppinph.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Templnadv.exe»=»C:DOCUME~19335~1LOCALS~1Templnadv.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempalqa.exe»=»C:DOCUME~19335~1LOCALS~1Tempalqa.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinujnwml.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinujnwml.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempxxgo.exe»=»C:DOCUME~19335~1LOCALS~1Tempxxgo.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temprstwd.exe»=»C:DOCUME~19335~1LOCALS~1Temprstwd.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinfifw.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinfifw.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinapddlc.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinapddlc.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinrmtv.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinrmtv.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbitr.exe»=»C:DOCUME~19335~1LOCALS~1Tempbitr.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqssdw.exe»=»C:DOCUME~19335~1LOCALS~1Tempqssdw.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinbocpgd.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinbocpgd.exe:*:Enabled:ipsec»
«C:PROGRA~1ICQ6.5ICQ.exe»=»C:PROGRA~1ICQ6.5ICQ.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinhunbo.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinhunbo.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempdltqaj.exe»=»C:DOCUME~19335~1LOCALS~1Tempdltqaj.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempfqxg.exe»=»C:DOCUME~19335~1LOCALS~1Tempfqxg.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinkbxhkr.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinkbxhkr.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinduhh.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinduhh.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempgtlke.exe»=»C:DOCUME~19335~1LOCALS~1Tempgtlke.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temprkay.exe»=»C:DOCUME~19335~1LOCALS~1Temprkay.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinlgwp.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinlgwp.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbbfs.exe»=»C:DOCUME~19335~1LOCALS~1Tempbbfs.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Templektnu.exe»=»C:DOCUME~19335~1LOCALS~1Templektnu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempigvm.exe»=»C:DOCUME~19335~1LOCALS~1Tempigvm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbjfyu.exe»=»C:DOCUME~19335~1LOCALS~1Tempbjfyu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinsqjaih.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinsqjaih.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinoccd.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinoccd.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinuoakmf.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinuoakmf.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinhslb.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinhslb.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinlsax.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinlsax.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinvvld.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinvvld.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Temphwrj.exe»=»C:DOCUME~19335~1LOCALS~1Temphwrj.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempbfwyrj.exe»=»C:DOCUME~19335~1LOCALS~1Tempbfwyrj.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqjxu.exe»=»C:DOCUME~19335~1LOCALS~1Tempqjxu.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinhmen.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinhmen.exe:*:Enabled:ipsec»
«C:ИгрыNevoDRMNevoDRM.exe»=»C:ИгрыNevoDRMNevoDRM.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinppcoph.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinppcoph.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwindntwq.exe»=»C:DOCUME~19335~1LOCALS~1Tempwindntwq.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempejcqm.exe»=»C:DOCUME~19335~1LOCALS~1Tempejcqm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwindblq.exe»=»C:DOCUME~19335~1LOCALS~1Tempwindblq.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinmltpql.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinmltpql.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwincqhy.exe»=»C:DOCUME~19335~1LOCALS~1Tempwincqhy.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqxjhap.exe»=»C:DOCUME~19335~1LOCALS~1Tempqxjhap.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempdjnm.exe»=»C:DOCUME~19335~1LOCALS~1Tempdjnm.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempqibofs.exe»=»C:DOCUME~19335~1LOCALS~1Tempqibofs.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempktoror.exe»=»C:DOCUME~19335~1LOCALS~1Tempktoror.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwinygqcws.exe»=»C:DOCUME~19335~1LOCALS~1Tempwinygqcws.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempcobi.exe»=»C:DOCUME~19335~1LOCALS~1Tempcobi.exe:*:Enabled:ipsec»
«C:DOCUME~19335~1LOCALS~1Tempwindpeki.exe»=»C:DOCUME~19335~1LOCALS~1Tempwindpeki.exe:*:Enabled:ipsec»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-23 20:02:35 —-D—- C:_OTMoveIt
2009-04-23 19:58:36 —-D—- C:Avenger
2009-04-23 19:58:36 —-A—- C:avenger.txt
2009-04-23 19:56:33 —-A—- C:avexport.bat
2009-04-23 19:43:03 —-RASHD—- C:autorun.inf
2009-04-20 18:41:16 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe Systems
2009-04-20 13:13:57 —-SHD—- C:found.000
2009-04-19 09:21:58 —-D—- C:Documents and SettingsАдминистраторApplication DataDesperate Housewives
2009-04-18 11:49:43 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32dpl100.dll
2009-04-18 11:49:42 —-A—- C:WINDOWSsystem32divx.dll
2009-04-18 11:49:41 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-04-18 11:49:41 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-04-17 23:09:39 —-A—- C:HDLog.txt
2009-04-17 23:08:53 —-A—- C:WINDOWSIsUninst.exe
2009-04-17 15:57:33 —-D—- C:Documents and SettingsAll UsersApplication DataFugazo
2009-04-17 12:47:11 —-D—- C:rsit
2009-04-17 12:47:11 —-D—- C:Program Filestrend micro
2009-04-16 19:14:41 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-04-16 18:23:00 —-A—- C:WINDOWSusdthank.ini
2009-04-16 18:23:00 —-A—- C:WINDOWSidc.ini
2009-04-13 19:44:29 —-D—- C:Program FilesSkopin FileCopier
2009-04-13 19:44:29 —-A—- C:WINDOWSUnGins.exe
2009-04-11 14:34:51 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-04-11 11:33:54 —-D—- C:Program FilesCommon FilesAdobe Systems Shared
2009-04-11 09:55:47 —-HD—- C:WINDOWSPIF
2009-04-10 17:58:58 —-D—- C:Program FilesRadio_W
2009-04-10 17:58:58 —-D—- C:Program FilesConduit
2009-04-10 12:31:55 —-D—- C:Documents and SettingsАдминистраторApplication DataROALDevelopment
2009-04-10 12:31:43 —-D—- C:Program FilesRadioClicker LITE
2009-04-10 12:26:54 —-A—- C:WINDOWSpsr.INI
2009-04-05 00:40:09 —-D—- C:Program FilesBonjour
2009-04-05 00:36:45 —-D—- C:Program FilesCommon FilesMacrovision Shared
2009-04-04 17:27:23 —-D—- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2009-04-04 17:27:16 —-D—- C:Program FilesSUPERAntiSpyware
2009-04-04 17:27:16 —-D—- C:Documents and SettingsАдминистраторApplication DataSUPERAntiSpyware.com
2009-04-04 17:11:29 —-A—- C:SAFEBOOT_REPAIR.TXT
2009-03-24 23:06:14 —-A—- C:WINDOWSsystem32cftu.exe======List of files/folders modified in the last 1 months======
2009-04-23 20:08:22 —-D—- C:WINDOWSTemp
2009-04-23 20:08:15 —-D—- C:WINDOWSsystem32drivers
2009-04-23 20:07:19 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-23 19:58:36 —-D—- C:WINDOWS
2009-04-23 19:32:58 —-D—- C:WINDOWSsystem32
2009-04-23 19:32:58 —-D—- C:WINDOWSsystem
2009-04-22 22:11:24 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-20 19:03:48 —-SHD—- C:WINDOWSInstaller
2009-04-20 19:03:47 —-D—- C:Program FilesAdobe
2009-04-20 18:41:58 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-04-20 17:20:52 —-D—- C:WINDOWSPrefetch
2009-04-20 13:22:06 —-RD—- C:Program Files
2009-04-20 12:49:58 —-D—- C:Program FilesMozilla Firefox
2009-04-19 18:10:43 —-A—- C:WINDOWSNeroDigital.ini
2009-04-15 12:40:45 —-HD—- C:WINDOWSinf
2009-04-15 12:40:45 —-D—- C:WINDOWSsystem32DirectX
2009-04-15 12:40:39 —-RSD—- C:WINDOWSassembly
2009-04-15 12:34:31 —-A—- C:WINDOWSwincmd.ini
2009-04-15 12:30:17 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-11 11:33:54 —-D—- C:Program FilesCommon Files
2009-04-11 11:33:07 —-D—- C:Program FilesCommon FilesAdobe
2009-04-11 11:33:07 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-04-11 09:55:26 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-04-11 09:48:50 —-D—- C:Program FilesInternet Explorer
2009-04-06 18:16:12 —-A—- C:WINDOWSSLENGINE.INI
2009-04-06 18:16:12 —-A—- C:WINDOWSSCPERS32.INI
2009-04-05 00:39:00 —-RSD—- C:WINDOWSFonts
2009-04-05 00:36:57 —-D—- C:WINDOWSWinSxS
2009-04-04 17:26:53 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-04-02 18:36:11 —-D—- C:Documents and Settings
2009-03-29 20:04:02 —-A—- C:WINDOWSsystem32ht8x4.exe
2009-03-29 15:08:57 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-25 11:14:55 —-D—- C:Program FilesAIMP2======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-02 43520]
R1 AsIO;AsIO; C:WINDOWSsystem32driversAsIO.sys [2006-10-18 12664]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-08-18 34312]
R1 SASDIFSV;SASDIFSV; ??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2002-09-25 12032]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-08-18 39944]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2002-09-25 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2002-09-25 55936]
R3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversfijjlo.sys []
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-11-02 2644480]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-03-01 4484608]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-12 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-09-27 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-09-27 19968]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-04 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2002-09-25 5888]
R3 SASENUM;SASENUM; ??C:Program FilesSUPERAntiSpywareSASENUM.SYS []
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-04 17024]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 a40512no;a40512no; C:WINDOWSsystem32driversa40512no.sys []
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys []
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-03-10 47360]
S3 PRODIGY;PRODIGY; C:WINDOWSSystem32DriversPRODIGY.SYS [2006-08-29 32377]
S3 SunkFilt;Alcor Micro Corp Reader; ??C:WINDOWSSystem32Driverssunkfilt.sys []
S3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2004-08-17 12416]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-11-02 495616]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 NwSapAgent;Агент SAP; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-05-16 271920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-28 593920]
S2 UxTuneUp;TuneUp Design Expansion; C:WINDOWSSystem32svchost.exe [2004-08-17 14336]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-04-11 146432]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-04-05 728576]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 147456]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-04-13 869936]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 162864]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
EOF
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Driver «abp470n5» deleted successfully.
Driver «nod32drv» deleted successfully.Error: registry key «RegistryMachineSystemCurrentControlSetServicesay4f615l» not found!
Deletion of driver «ay4f615l» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existDriver «dac970nt» deleted successfully.
Driver «dwshd» deleted successfully.Completed script processing.
*******************
Finished! Terminate.
OTMoveIt3 by OldTimer
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1386de9c-2757-11de-b81a-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1a4d72f6-9d35-11dd-b59b-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{802774fe-648d-11dd-b522-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9fe4591a-e23e-11dd-b65f-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8d54270-a82f-11dc-b2c5-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bed2c5f6-abf5-11dc-b2e8-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c85323b4-dbf6-11dd-b64e-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e859f362-8036-11dd-b551-001bfcab19a6}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fae6a642-a842-11dc-b358-806d6172696f}\ deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSSystem32driversdwshd.sys not found.
File/Folder C:WINDOWSsystem32driversfijjlo.sys not found.
File/Folder K:mbil.exe not found.
File/Folder K:exhp.pif not found.
File/Folder K:RESTORES-1-5-21-1482476501-1644491937-682003330-1013dark.exe not found.
File/Folder K:fw.exe not found.
File/Folder K:znfhvv.exe not found.
File/Folder M:ftvpv.exe not found.
File/Folder L:RECYCLERINFO.exe not found.
File/Folder K:ebflbl.pif not found.
Folder C:WINDOWScsrcs.exe not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1Tempwinuksnbn.exe scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04232009_200235
Files moved on Reboot…
C:DOCUME~19335~1LOCALS~1Tempwinuksnbn.exe moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.Когда запускается RSIT выдает тоже сообщ: «HijackThis — обнаружена ошибка. Приложение будет закрыто. Приносим извинения за неудобства.»
Получше.
Скачайте RootkitRevealer кликнув по этой ссылке и распакуйте файл в папку, например C:RootkitRevealer.
Отключите соединение с Интернетом и ваш антивирус.
Запустите RootkitRevealer.
Когда программа запустится кликните по кнопке Scan.
Когда сканирование закончится, кликните File->Save и сохраните лог на ваш рабочий стол.
Закройте RootkitRevealer.Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ и приложите RootkitRevealer лог.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
- Для ответа в этой теме необходимо авторизоваться.
