- This topic has 13 ответов, 2 участника, and was last updated 16 years, 4 months назад by
.
-
Сообщения
-
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Вощем, загнал я ее себе на компьютер, хотел посмотреть, что же это за антивирус такой новый и крутой. Когда он нашел полторы сотен несуществующих вирусов и т.п., я все понял и удалил его через uninstall. Хренушки! После этого стали вылезать постоянно уведомления о всяких угрозах и атаках на мой компьютер.
Стоит у меня антивирус Avast, обновляется через Инет.
Я не глупый пользователь, поэтому попытался справиться сам. Как видимо, зря.
Его не могут ни выявить, ни вычистить ни очиститель регистра CC Cleaner, ни сам мой антивирус Avast, ни Dr. Web, ни антишпионы и всякие spy-malware Windows Defender, Spyware Terminator, Malwarebytes Antimalware, Malware Destroyer, Ad-Aware, Spybot — Search&Destroy.Что делать???!!!
Спасайте, ребята, задолбала меня эта штука вконец уже!
Здравствуйте, добро пожаловать на Spyware-ru форум.
хотел посмотреть, что же это за антивирус такой новый и крутой.
А откуда вы его скачали, скиньте мне в личку эту информацию.
Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.
* Дважды кликните по скачанному файлу.
* Если у вас есть файрвал (firewall) и он покажет, что программа RSIT пытается выйти в Интернет, то разрешите ей.
* Кликните по кнопке Continue.
* Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте оба RSIT лога в ваш ответ. Каждый лог в отдельное сообщение.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Откуда скачал? Честно говоря, уже не помню. Может, баннер какой-то вылез?
Log представляю, а info че-то не вылазит.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Logfile of random’s system information tool 1.06 (written by random/random)
Run by 1 at 2009-04-28 19:26:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (49%) free of 63 GB
Total RAM: 2046 MB (55% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:30, on 28.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:PROGRA~1DrWebspidernt.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesVIAVIAudioiHDADeckHDeck.exe
C:Program FilesMotorolaSMSERIALsm56hlpr.exe
C:Program FilesSynapticsSynTPSynTPStart.exe
C:WINDOWSBisonCamBisonHK.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesWinampwinampa.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesDrWebSpIDerAgent.exe
C:Program FilesDrWebspiderml.exe
C:Program FilesDrWebspidergate.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWinamp RemotebinOrbTray.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:Program FilesWinamp RemotebinOrb.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:WINDOWSsystem32setup2.exe
C:Program FilesHotKey_DriverHotKeyDriver.exe
C:Program FilesRALINKCommonRaUI.exe
C:Program FilesMach5 SoftwareKremlinKremlin Sentry.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:PROGRA~1CrawlerToolbarCToolbar.exe
C:Documents and Settings1Рабочий столRSIT.exe
C:Program Filestrend micro1.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=31214
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} — C:PROGRA~1CrawlerToolbarctbr.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Adobe PDF Link Helper — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: (no name) — {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} — C:PROGRA~1CrawlerToolbarctbr.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O2 — BHO: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: Панель &Crawler — {4B3803EA-5230-4DC3-A7FC-33638F3D3542} — C:PROGRA~1CrawlerToolbarctbr.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [HDAudDeck] C:Program FilesVIAVIAudioiHDADeckHDeck.exe 1
O4 — HKLM..Run: [SMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe
O4 — HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe
O4 — HKLM..Run: [BisonHK] C:WINDOWSBisonCamBisonHK.exe
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerGate] «C:Program FilesDrWebspidergate.exe» -autorun
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKLM..Run: [SpywareTerminator] «C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Orb] «C:Program FilesWinamp RemotebinOrbTray.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncWcescomm.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [setup2.exe] C:WINDOWSsystem32setup2.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: HotKeyDriver.lnk = ?
O4 — Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~4INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~4INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~4INetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Bonjour — {7F9DB11C-E358-4ca6-A83D-ACC663939424} — C:Program FilesBonjourExplorerPlugin.dll
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O14 — IERESET.INF: START_PAGE_URL=http://www.rovercomputers.ru
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) — C:Program FilesYahoo!Commonyinsthelper.dll
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{06CEB245-3934-4D9B-BAD9-4BDC188F6A44}: NameServer = 85.255.113.108 85.255.112.70
O17 — HKLMSystemCCSServicesTcpip..{474C9C49-8017-4800-98F7-7870A2CD9712}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{5C29A906-3470-46BC-A93D-1B97BCADC961}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{7BDB7A82-FC96-4BDE-B8F6-02AC71E1E97F}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{8DC61FC9-3540-4BE9-A180-5E5825F557A5}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{C9B58F8E-FAF9-448D-AA57-786BA4484619}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O23 — Service: Lavasoft Ad-Aware Service (aawservice) — Lavasoft — C:Program FilesLavasoftAd-Awareaawservice.exe
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба Google Update (gupdate1c9c67eb109aeb3) (gupdate1c9c67eb109aeb3) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Crawler.com — C:Program FilesSpyware Terminatorsp_rsser.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 16447 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksAt10.job
C:WINDOWStasksAt11.job
C:WINDOWStasksAt12.job
C:WINDOWStasksAt13.job
C:WINDOWStasksAt14.job
C:WINDOWStasksAt15.job
C:WINDOWStasksAt16.job
C:WINDOWStasksAt17.job
C:WINDOWStasksAt18.job
C:WINDOWStasksAt19.job
C:WINDOWStasksAt20.job
C:WINDOWStasksAt21.job
C:WINDOWStasksAt22.job
C:WINDOWStasksAt23.job
C:WINDOWStasksAt24.job
C:WINDOWStasksAt3.job
C:WINDOWStasksAt4.job
C:WINDOWStasksAt5.job
C:WINDOWStasksAt6.job
C:WINDOWStasksAt7.job
C:WINDOWStasksAt8.job
C:WINDOWStasksAt9.job
C:WINDOWStasksDr.Web Daily scan.job
C:WINDOWStasksDr.Web Update.job
C:WINDOWStasksGoogle Software Updater.job
C:WINDOWStasksGoogleUpdateTaskMachine.job
C:WINDOWStasksMP Scheduled Scan.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:PROGRA~1CrawlerToolbarctbr.dll [2009-03-24 1194496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2008-01-28 1554256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesmail.rusputnikMailRuSputnik.dll [2009-03-31 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll [2009-04-26 668656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-03-13 1883672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll [2009-03-31 680624]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-03-13 1883672]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} — Панель &Crawler — C:PROGRA~1CrawlerToolbarctbr.dll [2009-03-24 1194496][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-01-24 8527872]
«HDAudDeck»=C:Program FilesVIAVIAudioiHDADeckHDeck.exe [2007-10-12 794624]
«SMSERIAL»=C:Program FilesMotorolaSMSERIALsm56hlpr.exe [2008-01-23 634880]
«SynTPStart»=C:Program FilesSynapticsSynTPSynTPStart.exe [2008-01-23 102400]
«BisonHK»=C:WINDOWSBisonCamBisonHK.exe [2007-10-03 77824]
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«AppleSyncNotifier»=C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe [2009-03-06 177472]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2009-01-05 413696]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2009-04-02 342312]
«SpIDerAgent»=C:Program FilesDrWebSpIDerAgent.exe [2009-02-16 423152]
«SpIDerMail»=C:Program FilesDrWebspiderml.exe [2009-02-25 640240]
«SpIDerGate»=C:Program FilesDrWebspidergate.exe [2009-01-29 1451248]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2008-12-15 197896]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584]
«SpywareTerminator»=C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe [2009-04-27 2176000][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Orb»=C:Program FilesWinamp RemotebinOrbTray.exe [2008-04-01 507904]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-09-20 202024]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2008-01-28 2097488]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncWcescomm.exe [2006-11-13 1289000]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-04-26 39408]
«setup2.exe»=C:WINDOWSsystem32setup2.exe [2009-04-26 1097216][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
HotKeyDriver.lnk — C:Program FilesHotKey_DriverHotKeyDriver.exe
Ralink Wireless Utility.lnk — C:Program FilesRALINKCommonRaUI.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WIFD1F~1MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb Application»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Disabled:Orb»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:*:Enabled:ActiveSync RAPI Manager»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«E:Far Cry 2binFarCry2.exe»=»E:Far Cry 2binFarCry2.exe:*:Enabled:Far Cry® 2»
«C:Program FilesMail.RuAgentmagent.exe»=»C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ Library»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1af82763-0b76-11dd-8c26-0090f56b8dfd}]
shellAutoRuncommand — E:xn1i9x.com
shellexplorecommand — E:xn1i9x.com
shellopencommand — E:xn1i9x.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4261dae8-1d0a-11de-8bfc-0090f56b8dfd}]
shellAutoRuncommand — krwupv.exe
shellexplorecommand — krwupv.exe
shellopencommand — krwupv.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4ead3248-8ff3-11dd-8b63-0090f56b8dfd}]
shellAutoRuncommand — npyajn.exe
shellexplorecommand — npyajn.exe
shellopencommand — npyajn.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4ebbe686-0ab3-11dd-8c22-0090f56b8dfd}]
shellAutoRuncommand — RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213aut0runzo.exe
shellopencommand — RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213aut0runzo.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{54567ab8-9f58-11dd-8b75-0090f56b8dfd}]
shellAutoRuncommand — F:System_Cachelocale.exe
shellexplorecommand — F:System_Cachelocale.exe
shellopencommand — F:System_Cachelocale.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{737fde45-1b6f-11dd-8ac8-0090f56b8dfd}]
shellAutoRuncommand — F:RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213aut0runzo.exe
shellopencommand — F:RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213aut0runzo.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98e41df7-09ed-11dd-8c1f-0090f56b8dfd}]
shellAutoRuncommand — E:xn1i9x.com
shellexplorecommand — E:xn1i9x.com
shellopencommand — E:xn1i9x.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3348a04-c5ed-11dd-8bb4-0090f56b8dfd}]
shellAutoRuncommand — F:
shellopencommand — rundll32.exe .\kbymaori.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d983ea-b42c-11dd-8baa-a36b59db3f5f}]
shellAutoRuncommand — F:System_Cachelocale.exe
shellexplorecommand — F:System_Cachelocale.exe
shellopencommand — F:System_Cachelocale.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d983f4-b42c-11dd-8baa-0090f56b8dfd}]
shellAutoRuncommand — System_Cachelocale.exe
shellexplorecommand — System_Cachelocale.exe
shellopencommand — System_Cachelocale.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d16238b2-f22a-11dd-8bd1-0090f56b8dfd}]
shellAutoRuncommand — MicrSoft.exe
shellExplorecommand — MicrSoft.exe
shellOpencommand — MicrSoft.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc0cd2cc-2469-11de-8c07-0090f56b8dfd}]
shellAutoRuncommand — G:msimon.exe -flash
shellopencommand — G:msimon.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e3ccfffa-a9ee-11dd-8b87-0090f56b8dfd}]
shellAutoRuncommand — RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213aut0runzo.exe
shellopencommand — RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213aut0runzo.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f7bf166b-df43-11dd-8bc0-0090f56b8dfd}]
shellAutoRuncommand — G:USBNB.exe======File associations======
.vbs — edit —
.vbs — open — «C:Program FilesXingXingMPEG Playerxmplayer.exe» %1======List of files/folders created in the last 1 months======
2009-12-28 18:18:04 —-A—- C:WINDOWS59eezir2164.dll
2009-12-27 16:09:36 —-A—- C:WINDOWSsystem3215329noz-a-virus5069.dll
2009-12-24 16:18:20 —-A—- C:WINDOWSsystem326a10spazse15509.dll
2009-12-24 06:21:27 —-A—- C:WINDOWSsystem326552v9rz69.dll
2009-12-22 01:38:32 —-A—- C:WINDOWS29335tr9j3zb.exe
2009-12-16 13:53:10 —-A—- C:WINDOWSe1cbackdz9r655.dll
2009-12-14 14:23:37 —-A—- C:WINDOWSsystem327956zteal1485.dll
2009-12-10 07:05:54 —-A—- C:WINDOWSz4112s5y7049.exe
2009-12-09 22:27:29 —-A—- C:WINDOWS7977a59ware615z.dll
2009-12-04 06:51:52 —-A—- C:WINDOWSsystem325z90worm97f.exe
2009-11-26 18:40:14 —-A—- C:WINDOWSsystem3259dsteal31z9.dll
2009-11-26 07:11:59 —-A—- C:WINDOWS1fzdst59l25.exe
2009-11-25 15:11:24 —-A—- C:WINDOWS9ed6viz2528.dll
2009-11-23 10:04:25 —-A—- C:WINDOWS428ad5waze1295.dll
2009-11-23 08:49:33 —-A—- C:WINDOWSsystem3218zc5hreat29064.dll
2009-11-21 05:56:28 —-A—- C:WINDOWSsystem32946935py5z4.exe
2009-11-19 14:44:15 —-A—- C:WINDOWSsystem3219010zot-a9virus534.exe
2009-11-14 20:13:56 —-A—- C:WINDOWSsystem322c9bba9kd5or2z82.dll
2009-11-14 17:45:18 —-A—- C:WINDOWSsystem325a40thze98685.exe
2009-11-12 09:31:39 —-A—- C:WINDOWS5b90thi5f3z69.exe
2009-11-12 07:27:16 —-A—- C:WINDOWS50zev9r1166.exe
2009-11-11 20:38:27 —-A—- C:WINDOWSsystem324f3159reat1840z.dll
2009-11-07 02:39:54 —-A—- C:WINDOWSsystem321e57spy9zre2299.exe
2009-11-06 12:12:40 —-A—- C:WINDOWS25775hazkto9l29c.exe
2009-11-06 04:52:29 —-A—- C:WINDOWSz448s5ambo958c.exe
2009-11-05 23:05:27 —-A—- C:WINDOWS15338sp9z0.exe
2009-11-04 05:24:58 —-A—- C:WINDOWSsystem32251z9pyware1597.dll
2009-11-03 16:05:15 —-A—- C:WINDOWS2dza5hreat27629.exe
2009-11-02 01:08:05 —-A—- C:WINDOWS3z80addware659.dll
2009-10-22 05:04:19 —-A—- C:WINDOWSsystem3219821zpam5ot63e.exe
2009-10-17 10:51:35 —-A—- C:WINDOWS7d669oznlo5der1355.dll
2009-10-14 13:17:03 —-A—- C:WINDOWSsystem3297b5hiefz1.exe
2009-10-13 16:27:48 —-A—- C:WINDOWSsystem326953spa9boz56c5.exe
2009-10-12 09:57:23 —-A—- C:WINDOWS950bbackzoor617.exe
2009-10-10 21:29:32 —-A—- C:WINDOWS4dzfbackd9or2057.dll
2009-10-10 19:44:41 —-A—- C:WINDOWS19691wozm745.exe
2009-10-09 05:14:07 —-A—- C:WINDOWS10z05tro94fe.exe
2009-10-07 03:32:16 —-A—- C:WINDOWS4b5evirz59.exe
2009-09-29 00:20:08 —-A—- C:WINDOWSsystem327457not-a-ziru528e9.exe
2009-09-28 04:49:05 —-A—- C:WINDOWSsystem3211921h9ckt5zl29.exe
2009-09-26 22:19:41 —-A—- C:WINDOWSsystem32z1f5ackdoor13839.exe
2009-09-24 02:15:46 —-A—- C:WINDOWS299315irusb7z.exe
2009-09-23 21:11:46 —-A—- C:WINDOWSsystem32537cspyw5re694z.dll
2009-09-23 11:12:34 —-A—- C:WINDOWS1c50vir859z.dll
2009-09-23 07:01:43 —-A—- C:WINDOWS9262spywar53257z.dll
2009-09-22 10:55:58 —-A—- C:WINDOWSsystem3269dzthief51.exe
2009-09-16 11:22:37 —-A—- C:WINDOWSsystem328544virus9baz.exe
2009-09-14 10:15:53 —-A—- C:WINDOWSsystem324e489ackdozr5275.exe
2009-09-07 17:27:41 —-A—- C:WINDOWSsystem329559wormzf6.dll
2009-09-01 10:19:16 —-A—- C:WINDOWS19605not-5-zirus447.exe
2009-08-26 23:38:48 —-A—- C:WINDOWS7bf0v9z6675.exe
2009-08-26 00:32:45 —-A—- C:WINDOWSsystem321995downloaderz3505.exe
2009-08-24 06:05:54 —-A—- C:WINDOWS95z2wor57a0.dll
2009-08-21 17:03:38 —-A—- C:WINDOWSsystem3230989tr5j4zc.exe
2009-08-21 01:29:48 —-A—- C:WINDOWSsystem3211217hz9ktool650.exe
2009-08-20 23:30:08 —-A—- C:WINDOWS98fathrezt10566.dll
2009-08-15 04:14:24 —-A—- C:WINDOWS197z9tr5j295.dll
2009-08-10 06:39:24 —-A—- C:WINDOWS655b9hreatz1345.exe
2009-08-04 10:56:32 —-A—- C:WINDOWSsystem325d5bvz9511.exe
2009-07-28 01:28:16 —-A—- C:WINDOWSsystem325c5szarse799.dll
2009-07-28 00:41:09 —-A—- C:WINDOWSsystem324c55steaz9580.dll
2009-07-27 18:39:34 —-A—- C:WINDOWSsystem323ez0back5oor1694.exe
2009-07-27 14:25:06 —-A—- C:WINDOWS4z8dspyware39755.exe
2009-07-26 10:57:41 —-A—- C:WINDOWS13387vir9s465z.exe
2009-07-24 21:26:15 —-A—- C:WINDOWS5c5cs9eal296z.dll
2009-07-17 23:45:32 —-A—- C:WINDOWSsystem325559vir199z.exe
2009-07-04 00:33:49 —-A—- C:WINDOWS36c0b9ckdoorz252.dll
2009-06-28 08:20:31 —-A—- C:WINDOWS97556troj587z.exe
2009-06-22 15:37:16 —-A—- C:WINDOWSsystem327bc7d9wnzoader23995.dll
2009-06-21 21:20:24 —-A—- C:WINDOWS13198not-azvirus505.dll
2009-06-12 14:37:08 —-A—- C:WINDOWS58595ownloadzr1231.dll
2009-06-09 22:51:54 —-A—- C:WINDOWS14155h9cztoo5671.dll
2009-06-05 11:36:52 —-A—- C:WINDOWS6f01zpar9e5311.dll
2009-06-05 00:53:02 —-A—- C:WINDOWS9926spy159z.dll
2009-06-04 04:47:58 —-A—- C:WINDOWS10z56spy77a9.exe
2009-06-03 23:22:30 —-A—- C:WINDOWSsystem32zd59vir1939.exe
2009-05-24 20:34:06 —-A—- C:WINDOWSz1429ownloader5987.exe
2009-05-24 07:49:00 —-A—- C:WINDOWSsystem3226313t9ojz95.exe
2009-05-21 15:56:05 —-A—- C:WINDOWS6bd9addwar5z165.dll
2009-05-21 13:04:07 —-A—- C:WINDOWSsystem3231abvir254z9.dll
2009-05-20 20:14:12 —-A—- C:WINDOWS56933spambot98z.dll
2009-05-19 18:06:15 —-A—- C:WINDOWS33e9vir105z.dll
2009-05-17 21:13:35 —-A—- C:WINDOWS16036w9rz8e5.dll
2009-05-15 13:41:11 —-A—- C:WINDOWS5e67s9zrse5137.dll
2009-05-15 03:44:33 —-A—- C:WINDOWSsystem325991tz9j5695.exe
2009-05-13 07:43:43 —-A—- C:WINDOWSsystem3229947vir5s4dz.dll
2009-05-08 23:19:33 —-A—- C:WINDOWS6z7dv5r1591.dll
2009-05-02 07:53:46 —-A—- C:WINDOWS6369zirus585.dll
2009-05-01 21:26:19 —-A—- C:WINDOWSsystem321z34not-a5vi9us594.exe
2009-04-28 19:18:33 —-D—- C:rsit
2009-04-28 19:18:33 —-D—- C:Program Filestrend micro
2009-04-27 21:36:01 —-D—- C:Program FilesCrawler
2009-04-27 21:35:55 —-D—- C:Documents and Settings1Application DataSpyware Terminator
2009-04-27 21:35:50 —-D—- C:Documents and SettingsAll UsersApplication DataSpyware Terminator
2009-04-27 21:35:43 —-D—- C:Program FilesSpyware Terminator
2009-04-27 21:35:25 —-D—- C:Program FilesWindows Defender
2009-04-27 20:40:33 —-D—- C:Documents and Settings1Application DataMalwarebytes
2009-04-27 20:40:27 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-04-27 20:40:26 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-04-27 20:33:32 —-D—- C:Program FilesCommon FilesDoctor Web
2009-04-27 20:33:24 —-D—- C:Program FilesDrWeb
2009-04-27 20:33:24 —-D—- C:Documents and SettingsAll UsersApplication DataDoctor Web
2009-04-27 20:27:57 —-D—- C:Program FilesEMCO
2009-04-27 19:59:06 —-D—- C:Documents and Settings1Application DataGetRightToGo
2009-04-26 21:44:04 —-A—- C:WINDOWSsystem3258z91troj39a.exe
2009-04-26 21:44:04 —-A—- C:WINDOWSsystem32584z9hackto9l69b.dll
2009-04-26 21:44:04 —-A—- C:WINDOWSsystem3251b85zwnloader937.dll
2009-04-26 21:44:04 —-A—- C:WINDOWSsystem322d9zsparse10215.dll
2009-04-26 21:44:04 —-A—- C:WINDOWSsystem321183szy195.exe
2009-04-26 21:44:04 —-A—- C:WINDOWSsystem3211071notz5-v9rus179.dll
2009-04-26 21:44:04 —-A—- C:WINDOWS94862not5a-vizus64e.exe
2009-04-26 21:44:04 —-A—- C:WINDOWS7z55thre9t9585.exe
2009-04-26 21:44:04 —-A—- C:WINDOWS7b37stza9539.dll
2009-04-26 21:44:04 —-A—- C:WINDOWS6bf1ad5zare1599.exe
2009-04-26 21:44:04 —-A—- C:WINDOWS4f85tzie5930.dll
2009-04-26 21:44:04 —-A—- C:WINDOWS42ca5ddwar91052z.dll
2009-04-26 21:44:04 —-A—- C:WINDOWS2zb9v5r2920.dll
2009-04-26 21:44:04 —-A—- C:WINDOWS2a4bthr5a92139z.dll
2009-04-26 21:44:03 —-A—- C:WINDOWSz057tr9j75.exe
2009-04-26 21:44:03 —-A—- C:WINDOWSsystem3297cez5r3167.exe
2009-04-26 21:44:03 —-A—- C:WINDOWSsystem32695cviz2516.exe
2009-04-26 21:44:03 —-A—- C:WINDOWSsystem325a03st95z941.exe
2009-04-26 21:44:03 —-A—- C:WINDOWSsystem322d55ad9warez688.exe
2009-04-26 21:44:03 —-A—- C:WINDOWSsystem32281279ot-a-viru5zfe.exe
2009-04-26 21:44:03 —-A—- C:WINDOWS6a1fdo9nl5zder2453.dll
2009-04-26 21:44:03 —-A—- C:WINDOWS5e1zthreat539829.dll
2009-04-26 21:44:03 —-A—- C:WINDOWS15831wo9m70z.dll
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem32z9932spambo539e.dll
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem3294765trzj11d.dll
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem3270cbsteaz3539.exe
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem325c6asteal99z9.exe
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem3257996tro974z.exe
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem324892t95zf2693.dll
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem322896zsp564.exe
2009-04-26 21:44:02 —-A—- C:WINDOWSsystem3221adsz9ware2756.exe
2009-04-26 21:44:02 —-A—- C:WINDOWSb8fdo9nloa5er1790z.exe
2009-04-26 21:44:02 —-A—- C:WINDOWS5zc9downl5ader3180.exe
2009-04-26 21:44:02 —-A—- C:WINDOWS5f8e9ownloadzr1555.dll
2009-04-26 21:44:02 —-A—- C:WINDOWS5ez0b9ckdoor1386.exe
2009-04-26 21:44:02 —-A—- C:WINDOWS58d95ownloa9zr564.dll
2009-04-26 21:44:02 —-A—- C:WINDOWS4cefv9r2551z.dll
2009-04-26 21:44:02 —-A—- C:WINDOWS287a9zr655.dll
2009-04-26 21:44:02 —-A—- C:WINDOWS26742zack9oo552f.dll
2009-04-26 21:44:02 —-A—- C:WINDOWS26299spz6539.exe
2009-04-26 21:44:02 —-A—- C:WINDOWS15209zpy9a.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem32z595thief2279.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem32setup2.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem32749fzddw9re2589.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem326578th9ez360.dll
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem325z51spyware799.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem324aaev59z592.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem32257csteal295z.exe
2009-04-26 21:44:01 —-A—- C:WINDOWSsystem3212z03sp94985.exe
2009-04-26 21:44:01 —-A—- C:WINDOWS5f519ddzare118.dll
2009-04-26 21:44:01 —-A—- C:WINDOWS5c81do9nzoader1091.exe
2009-04-26 21:44:01 —-A—- C:WINDOWS39d5d9wnloazer1205.exe
2009-04-26 17:56:57 —-D—- C:Documents and Settings1Application DataGoogle
2009-04-26 17:49:45 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-04-26 17:49:42 —-D—- C:Program FilesGoogle
2009-04-20 23:57:21 —-A—- C:WINDOWSsystem326992zacktool579.dll
2009-04-18 14:33:54 —-D—- C:Program FilesiPod
2009-04-18 14:33:51 —-D—- C:Program FilesiTunes
2009-04-18 14:33:51 —-D—- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-18 02:34:50 —-A—- C:WINDOWSsystem327932zirus655.exe
2009-04-16 17:03:24 —-A—- C:WINDOWSsystem32z3931hacktool58c.exe
2009-04-15 15:59:12 —-A—- C:WINDOWS4e94spzware5967.dll
2009-04-15 15:53:46 —-A—- C:WINDOWSsystem3259684spz12d.exe
2009-04-14 11:55:22 —-A—- C:WINDOWSsystem32zc635hreat9995.exe
2009-04-13 20:02:18 —-A—- C:WINDOWSsystem326812wor9z51.dll
2009-04-13 03:52:27 —-A—- C:WINDOWSsystem32889sp9z5re301.dll
2009-04-12 19:09:02 —-D—- C:Program FilesError Repair Professional
2009-04-12 19:07:56 —-D—- C:Program FilesHide Folders XP 2
2009-04-12 17:30:54 —-D—- C:Program FilesMach5 Software
2009-04-11 18:33:27 —-A—- C:WINDOWSsystem325201zspy4a59.exe
2009-04-09 13:04:36 —-A—- C:WINDOWS9z9fstea5417.exe
2009-04-04 17:14:47 —-D—- C:Program FilesYandex
2009-04-04 17:12:15 —-D—- C:Documents and Settings1Application DataDownload Master
2009-04-02 16:17:03 —-A—- C:WINDOWSsystem3265dc9zr3178.exe
2009-04-02 12:31:12 —-A—- C:WINDOWSsystem32CNAB4SMK.DLL
2009-04-02 12:31:11 —-A—- C:WINDOWSsystem32CNAB4RPK.EXE
2009-04-02 12:31:11 —-A—- C:WINDOWSsystem32CNAB4PTU.DLL
2009-04-02 12:31:10 —-A—- C:WINDOWSsystem32CNAB4LMK.DLL
2009-04-02 12:31:10 —-A—- C:WINDOWSsystem32CNAB4EMU.DLL
2009-04-02 12:30:38 —-D—- C:Program FilesCanon
2009-04-02 01:16:59 —-A—- C:WINDOWSsystem327f78za9kdoor5237.dll
2009-03-29 13:28:17 —-D—- C:Documents and SettingsAll UsersApplication Data{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-29 13:26:24 —-A—- C:WINDOWSsystem32usbaaplrc.dll
2009-03-29 12:59:52 —-D—- C:Program FilesBonjour======List of files/folders modified in the last 1 months======
2009-04-28 19:26:18 —-D—- C:WINDOWSTemp
2009-04-28 19:18:57 —-D—- C:WINDOWSPrefetch
2009-04-28 19:18:33 —-RD—- C:Program Files
2009-04-28 18:40:32 —-D—- C:Program FilesMozilla Firefox
2009-04-28 18:36:28 —-D—- C:WINDOWSsystem32LogFiles
2009-04-28 18:36:15 —-D—- C:WINDOWS
2009-04-28 17:59:17 —-SD—- C:WINDOWSTasks
2009-04-28 17:56:36 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-28 17:54:53 —-N—- C:WINDOWSSchedLgU.Txt
2009-04-27 21:36:00 —-D—- C:WINDOWSsystem32drivers
2009-04-27 21:35:35 —-SHD—- C:WINDOWSInstaller
2009-04-27 21:35:35 —-D—- C:Config.Msi
2009-04-27 21:35:30 —-HD—- C:WINDOWSinf
2009-04-27 21:35:25 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-04-27 20:33:32 —-D—- C:Program FilesCommon Files
2009-04-27 20:07:49 —-D—- C:Program FilesWinamp Remote
2009-04-27 20:03:00 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-04-27 19:05:22 —-D—- C:Documents and Settings1Application DataDiskAid
2009-04-27 19:00:27 —-D—- C:WINDOWSMinidump
2009-04-26 21:44:04 —-D—- C:WINDOWSsystem32
2009-04-25 17:54:43 —-D—- C:Documents and Settings1Application DataiPhoneRingToneMaker
2009-04-22 21:52:05 —-A—- C:WINDOWSNeroDigital.ini
2009-04-18 14:34:19 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-04-18 14:33:53 —-D—- C:Program FilesCommon FilesApple
2009-04-18 14:31:50 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-04-18 14:13:54 —-D—- C:Program FilesICQ6
2009-04-14 22:52:13 —-A—- C:WINDOWSsystem32PQ_DEBUG.TXT
2009-04-12 19:01:15 —-D—- C:WINDOWSsystem32Restore
2009-04-04 18:47:03 —-D—- C:Program FilesDownload Master
2009-04-04 17:37:38 —-D—- C:Downloads
2009-04-04 17:14:47 —-D—- C:Program FilesCommon FilesYandex
2009-04-02 12:32:10 —-D—- C:WINDOWSsystem32CatRoot
2009-03-31 20:27:50 —-D—- C:Documents and Settings1Application DataMra
2009-03-30 13:50:53 —-A—- C:WINDOWSwin.ini
2009-03-29 13:06:13 —-D—- C:Program FilesSafari======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2001-08-10 3252]
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-01-24 21419]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2004-08-18 55936]
R2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 Cam5607;BisonCam, NB Pro; C:WINDOWSSystem32DriversBisonC07.sys [2007-09-13 810408]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 EMSCR;EMSCR; C:WINDOWSsystem32DRIVERSEMS7SK.sys [2008-01-23 66432]
R3 ESDCR;ESDCR; C:WINDOWSsystem32DRIVERSESD7SK.sys [2008-01-23 46080]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2008-01-23 43520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-01-24 7430432]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2008-01-23 983936]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2008-01-23 212704]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:WINDOWSsystem32driversviahduaa.sys [2007-09-28 205184]
S2 zntport;NTPort Library Driver; ??C:WINDOWSsystem32zntport.sys []
S3 awlcmdqj;awlcmdqj; C:WINDOWSsystem32driversawlcmdqj.sys []
S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:WINDOWSsystem32DRIVERSbcfilter.sys []
S3 BcfilterMP;BcfilterMP; C:WINDOWSsystem32DRIVERSbcfilter.sys []
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 dot4;Драйвер MS IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4.sys [2008-04-13 206976]
S3 Dot4Print;Драйвер класса принтеров для IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB фильтр Dot4USB Filter; C:WINDOWSsystem32DRIVERSdot4usb.sys [2001-10-19 23936]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 FileObjInfo;STFileDriver; ??C:Documents and SettingsAll UsersApplication DataSpyware TerminatorFileObjInfo.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2008-09-15 22016]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:WINDOWSsystem32DRIVERSrt73.sys [2007-10-01 451968]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:WINDOWSsystem32DRIVERSRTL8187.sys [2006-06-23 180608]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-03-05 36864]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-13 121984]
S3 vaxscsi;vaxscsi; C:WINDOWSSystem32Driversvaxscsi.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-03-06 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2009-01-21 886072]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-01-24 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-12-09 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2009-04-27 487424]
R2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2008-12-15 197896]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2009-04-02 656168]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-09-20 382248]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 gupdate1c9c67eb109aeb3;Служба Google Update (gupdate1c9c67eb109aeb3); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-04-26 133104]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-26 183280]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
Кроме всего прочего, компьютер заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ComboFix 09-04-29.07 — 1 30.04.2009 21:11.1 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.2046.1424 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: AGAVA Firewall *disabled*
FW: BitDefender Firewall *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32tmp10.tmp
c:windowssystem32tmp11.tmp
c:windowssystem32tmp13.tmp
c:windowssystem32tmp14.tmp.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_OREANS32((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.2009-12-28 15:18 . 2009-12-28 15:18 2775 —-a-w c:windows59eezir2164.dll
2009-12-27 13:09 . 2009-12-27 13:09 17968 —-a-w c:windowssystem3215329noz-a-virus5069.dll
2009-12-25 21:42 . 2009-12-25 21:42 10861 —-a-w c:windows806thr5z930057.bin
2009-12-24 13:18 . 2009-12-24 13:18 13776 —-a-w c:windowssystem326a10spazse15509.dll
2009-12-24 03:21 . 2009-12-24 03:21 5527 —-a-w c:windowssystem326552v9rz69.dll
2009-12-21 22:38 . 2009-12-21 22:38 16522 —-a-w c:windows29335tr9j3zb.exe
2009-12-18 04:45 . 2009-12-18 04:45 3596 —-a-w c:windows79a89pywar5352z.bin
2009-12-16 10:53 . 2009-12-16 10:53 4070 —-a-w c:windowse1cbackdz9r655.dll
2009-12-16 06:21 . 2009-12-16 06:21 15000 —-a-w c:windows6a22spy59re29z5.bin
2009-12-16 03:32 . 2009-12-16 03:32 10364 —-a-w c:windowssystem3225e1z9dware13865.bin
2009-12-14 11:23 . 2009-12-14 11:23 7441 —-a-w c:windowssystem327956zteal1485.dll
2009-12-10 04:05 . 2009-12-10 04:05 5651 —-a-w c:windowsz4112s5y7049.exe
2009-12-09 19:27 . 2009-12-09 19:27 17394 —-a-w c:windows7977a59ware615z.dll
2009-12-08 10:34 . 2009-12-08 10:34 5726 —-a-w c:windowssystem328539zy115.bin
2009-12-04 03:51 . 2009-12-04 03:51 16114 —-a-w c:windowssystem325z90worm97f.exe
2009-11-27 19:01 . 2009-11-27 19:01 9765 —-a-w c:windows3cf1z9ar5e327.bin
2009-11-26 15:40 . 2009-11-26 15:40 13783 —-a-w c:windowssystem3259dsteal31z9.dll
2009-11-26 04:11 . 2009-11-26 04:11 14773 —-a-w c:windows1fzdst59l25.exe
2009-11-25 12:11 . 2009-11-25 12:11 13075 —-a-w c:windows9ed6viz2528.dll
2009-11-23 07:04 . 2009-11-23 07:04 16238 —-a-w c:windows428ad5waze1295.dll
2009-11-23 05:49 . 2009-11-23 05:49 6656 —-a-w c:windowssystem3218zc5hreat29064.dll
2009-11-21 12:44 . 2009-11-21 12:44 8234 —-a-w c:windowssystem32479spar5e1z61.bin
2009-11-21 02:56 . 2009-11-21 02:56 14859 —-a-w c:windowssystem32946935py5z4.exe
2009-11-19 19:22 . 2009-11-19 19:22 3294 —-a-w c:windows9bfthze59100.bin
2009-11-19 11:44 . 2009-11-19 11:44 17979 —-a-w c:windowssystem3219010zot-a9virus534.exe
2009-11-14 17:13 . 2009-11-14 17:13 15206 —-a-w c:windowssystem322c9bba9kd5or2z82.dll
2009-11-14 14:45 . 2009-11-14 14:45 5251 —-a-w c:windowssystem325a40thze98685.exe
2009-11-12 06:31 . 2009-11-12 06:31 4212 —-a-w c:windows5b90thi5f3z69.exe
2009-11-12 04:27 . 2009-11-12 04:27 17288 —-a-w c:windows50zev9r1166.exe
2009-11-11 17:38 . 2009-11-11 17:38 13834 —-a-w c:windowssystem324f3159reat1840z.dll
2009-11-08 09:24 . 2009-11-08 09:24 12436 —-a-w c:windowssystem32299b5teal1992z.bin
2009-11-07 10:10 . 2009-11-07 10:10 6970 —-a-w c:windowssystem325z921v9rus7a8.bin
2009-11-06 23:39 . 2009-11-06 23:39 15198 —-a-w c:windowssystem321e57spy9zre2299.exe
2009-11-06 09:12 . 2009-11-06 09:12 15649 —-a-w c:windows25775hazkto9l29c.exe
2009-11-06 01:52 . 2009-11-06 01:52 8232 —-a-w c:windowsz448s5ambo958c.exe
2009-11-05 20:05 . 2009-11-05 20:05 15570 —-a-w c:windows15338sp9z0.exe
2009-11-04 10:42 . 2009-11-04 10:42 16832 —-a-w c:windows1494znot-a-virus1f5.bin
2009-11-04 02:24 . 2009-11-04 02:24 10932 —-a-w c:windowssystem32251z9pyware1597.dll
2009-11-03 13:05 . 2009-11-03 13:05 18332 —-a-w c:windows2dza5hreat27629.exe
2009-11-01 22:08 . 2009-11-01 22:08 2691 —-a-w c:windows3z80addware659.dll
2009-10-22 02:04 . 2009-10-22 02:04 18409 —-a-w c:windowssystem3219821zpam5ot63e.exe
2009-10-17 07:51 . 2009-10-17 07:51 3097 —-a-w c:windows7d669oznlo5der1355.dll
2009-10-16 07:34 . 2009-10-16 07:34 12156 —-a-w c:windowssystem322949sp5mbot694z.bin
2009-10-14 10:17 . 2009-10-14 10:17 14531 —-a-w c:windowssystem3297b5hiefz1.exe
2009-10-13 13:27 . 2009-10-13 13:27 8270 —-a-w c:windowssystem326953spa9boz56c5.exe
2009-10-12 06:57 . 2009-10-12 06:57 7439 —-a-w c:windows950bbackzoor617.exe
2009-10-10 18:29 . 2009-10-10 18:29 3504 —-a-w c:windows4dzfbackd9or2057.dll
2009-10-10 16:44 . 2009-10-10 16:44 17131 —-a-w c:windows19691wozm745.exe
2009-10-09 02:14 . 2009-10-09 02:14 14474 —-a-w c:windows10z05tro94fe.exe
2009-10-08 03:45 . 2009-10-08 03:45 15801 —-a-w c:windows1cd3spar5e390z.bin
2009-10-07 00:32 . 2009-10-07 00:32 5554 —-a-w c:windows4b5evirz59.exe
2009-10-06 16:34 . 2009-10-06 16:34 17275 —-a-w c:windows29867wzrm7c35.bin
2009-10-03 04:29 . 2009-10-03 04:29 3359 —-a-w c:windowsz0f05parse1079.bin
2009-10-01 05:19 . 2009-10-01 05:19 3019 —-a-w c:windowssystem32z9905spy3835.bin
2009-09-28 21:20 . 2009-09-28 21:20 7903 —-a-w c:windowssystem327457not-a-ziru528e9.exe
2009-09-28 01:49 . 2009-09-28 01:49 12881 —-a-w c:windowssystem3211921h9ckt5zl29.exe
2009-09-26 19:19 . 2009-09-26 19:19 17959 —-a-w c:windowssystem32z1f5ackdoor13839.exe
2009-09-23 23:15 . 2009-09-23 23:15 10103 —-a-w c:windows299315irusb7z.exe
2009-09-23 18:11 . 2009-09-23 18:11 3009 —-a-w c:windowssystem32537cspyw5re694z.dll
2009-09-23 08:12 . 2009-09-23 08:12 5516 —-a-w c:windows1c50vir859z.dll
2009-09-23 04:01 . 2009-09-23 04:01 10523 —-a-w c:windows9262spywar53257z.dll
2009-09-22 07:55 . 2009-09-22 07:55 3673 —-a-w c:windowssystem3269dzthief51.exe
2009-09-17 15:24 . 2009-09-17 15:24 3440 —-a-w c:windowssystem3239f1s5arse2z13.bin
2009-09-17 14:26 . 2009-09-17 14:26 17269 —-a-w c:windows93915ot-a-vzrus1ff.bin
2009-09-16 08:22 . 2009-09-16 08:22 17851 —-a-w c:windowssystem328544virus9baz.exe
2009-09-14 12:37 . 2009-09-14 12:37 5288 —-a-w c:windows10665sp9mbot1z5.bin
2009-09-14 07:15 . 2009-09-14 07:15 3830 —-a-w c:windowssystem324e489ackdozr5275.exe
2009-09-10 14:56 . 2009-09-10 14:56 15563 —-a-w c:windowssystem3224dfa9dware5z87.bin
2009-09-10 09:39 . 2009-09-10 09:39 10482 —-a-w c:windows2152thiefz2695.bin
2009-09-07 14:27 . 2009-09-07 14:27 7746 —-a-w c:windowssystem329559wormzf6.dll
2009-09-01 07:19 . 2009-09-01 07:19 6536 —-a-w c:windows19605not-5-zirus447.exe
2009-08-27 19:13 . 2009-08-27 19:13 11982 —-a-w c:windows58076not-a-virus3zd9.bin
2009-08-26 20:38 . 2009-08-26 20:38 12226 —-a-w c:windows7bf0v9z6675.exe
2009-08-25 21:32 . 2009-08-25 21:32 14495 —-a-w c:windowssystem321995downloaderz3505.exe
2009-08-24 03:05 . 2009-08-24 03:05 5836 —-a-w c:windows95z2wor57a0.dll
2009-08-21 14:03 . 2009-08-21 14:03 17105 —-a-w c:windowssystem3230989tr5j4zc.exe
2009-08-20 22:29 . 2009-08-20 22:29 7203 —-a-w c:windowssystem3211217hz9ktool650.exe
2009-08-20 20:30 . 2009-08-20 20:30 6380 —-a-w c:windows98fathrezt10566.dll
2009-08-15 01:14 . 2009-08-15 01:14 15298 —-a-w c:windows197z9tr5j295.dll
2009-08-11 18:05 . 2009-08-11 18:05 4118 —-a-w c:windows9951addwar53z68.bin
2009-08-10 16:28 . 2009-08-10 16:28 11135 —-a-w c:windowssystem3213422not-z5v9rusc2.bin
2009-08-10 03:39 . 2009-08-10 03:39 6639 —-a-w c:windows655b9hreatz1345.exe
2009-08-04 07:56 . 2009-08-04 07:56 16680 —-a-w c:windowssystem325d5bvz9511.exe
2009-07-27 22:28 . 2009-07-27 22:28 17810 —-a-w c:windowssystem325c5szarse799.dll
2009-07-27 21:41 . 2009-07-27 21:41 5106 —-a-w c:windowssystem324c55steaz9580.dll
2009-07-27 15:39 . 2009-07-27 15:39 2531 —-a-w c:windowssystem323ez0back5oor1694.exe
2009-07-27 11:25 . 2009-07-27 11:25 12424 —-a-w c:windows4z8dspyware39755.exe
2009-07-26 07:57 . 2009-07-26 07:57 16633 —-a-w c:windows13387vir9s465z.exe
2009-07-24 18:26 . 2009-07-24 18:26 13565 —-a-w c:windows5c5cs9eal296z.dll
2009-07-18 15:17 . 2009-07-18 15:17 12610 —-a-w c:windows15a895eal911z.bin
2009-07-17 20:45 . 2009-07-17 20:45 9715 —-a-w c:windowssystem325559vir199z.exe
2009-07-17 10:14 . 2009-07-17 10:14 11501 —-a-w c:windows51686hacktooz1c09.bin
2009-07-03 21:33 . 2009-07-03 21:33 10787 —-a-w c:windows36c0b9ckdoorz252.dll
2009-07-02 19:13 . 2009-07-02 19:13 7338 —-a-w c:windows269659roj5z9.bin
2009-07-01 05:11 . 2009-07-01 05:11 7706 —-a-w c:windowssystem325czbvir27389.bin
2009-06-28 05:20 . 2009-06-28 05:20 18016 —-a-w c:windows97556troj587z.exe
2009-06-22 12:37 . 2009-06-22 12:37 3170 —-a-w c:windowssystem327bc7d9wnzoader23995.dll
2009-06-21 18:20 . 2009-06-21 18:20 15583 —-a-w c:windows13198not-azvirus505.dll
2009-06-21 02:14 . 2009-06-21 02:14 9291 —-a-w c:windows7d37thre9t265z1.bin
2009-06-17 16:34 . 2009-06-17 16:34 4297 —-a-w c:windowssystem32f54t9ief5z97.bin
2009-06-12 11:37 . 2009-06-12 11:37 8787 —-a-w c:windows58595ownloadzr1231.dll
2009-06-09 19:51 . 2009-06-09 19:51 4172 —-a-w c:windows14155h9cztoo5671.dll
2009-06-05 20:57 . 2009-06-05 20:57 14279 —-a-w c:windows2892vzr152.bin
2009-06-05 08:36 . 2009-06-05 08:36 5150 —-a-w c:windows6f01zpar9e5311.dll
2009-06-04 21:53 . 2009-06-04 21:53 2889 —-a-w c:windows9926spy159z.dll
2009-06-04 01:47 . 2009-06-04 01:47 9794 —-a-w c:windows10z56spy77a9.exe
2009-06-04 00:34 . 2009-06-04 00:34 7352 —-a-w c:windows9162hackto5zbb.bin
2009-06-03 20:22 . 2009-06-03 20:22 8350 —-a-w c:windowssystem32zd59vir1939.exe
2009-06-01 22:18 . 2009-06-01 22:18 11838 —-a-w c:windowssystem32dzbsteal4195.bin
2009-05-24 17:34 . 2009-05-24 17:34 17970 —-a-w c:windowsz1429ownloader5987.exe
2009-05-24 04:49 . 2009-05-24 04:49 17512 —-a-w c:windowssystem3226313t9ojz95.exe
2009-05-21 12:56 . 2009-05-21 12:56 8403 —-a-w c:windows6bd9addwar5z165.dll
2009-05-21 10:04 . 2009-05-21 10:04 14519 —-a-w c:windowssystem3231abvir254z9.dll
2009-05-20 17:14 . 2009-05-20 17:14 9039 —-a-w c:windows56933spambot98z.dll
2009-05-19 15:06 . 2009-05-19 15:06 12169 —-a-w c:windows33e9vir105z.dll
2009-05-19 05:01 . 2009-05-19 05:01 9068 —-a-w c:windows91aspazse1525.bin
2009-05-17 18:13 . 2009-05-17 18:13 18363 —-a-w c:windows16036w9rz8e5.dll
2009-05-17 08:39 . 2009-05-17 08:39 10183 —-a-w c:windowssystem321z955not-a-viru52c0.bin
2009-05-15 10:41 . 2009-05-15 10:41 10123 —-a-w c:windows5e67s9zrse5137.dll
2009-05-15 00:44 . 2009-05-15 00:44 16535 —-a-w c:windowssystem325991tz9j5695.exe
2009-05-13 19:29 . 2009-05-13 19:29 18042 —-a-w c:windows2232bac95oorz2.bin
2009-05-13 04:43 . 2009-05-13 04:43 4027 —-a-w c:windowssystem3229947vir5s4dz.dll
2009-05-12 06:14 . 2009-05-12 06:14 11124 —-a-w c:windowssystem321827zv5ru92c7.bin
2009-05-08 20:19 . 2009-05-08 20:19 15586 —-a-w c:windows6z7dv5r1591.dll
2009-05-08 08:55 . 2009-05-08 08:55 14729 —-a-w c:windows19437not-a-5izus1de.bin.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 15:58 . 2009-02-15 15:51
d
w c:program filesCommon FilesYandex
2009-04-28 17:49 . 1980-01-01 00:00 76968 —-a-w c:windowssystem32perfc019.dat
2009-04-28 17:49 . 1980-01-01 00:00 447846 —-a-w c:windowssystem32perfh019.dat
2009-04-28 16:41 . 2008-10-06 05:38
d
w c:program filesCS Source Operation Terror
2009-04-27 17:07 . 2008-05-06 19:18
d
w c:program filesWinamp Remote
2009-04-18 11:33 . 2008-10-03 19:25
d
w c:program filesCommon FilesApple
2009-04-18 11:13 . 2008-11-02 12:14
d
w c:program filesICQ6
2009-04-04 15:47 . 2009-01-18 18:39
d
w c:program filesDownload Master
2009-03-29 10:06 . 2008-12-07 18:23
d
w c:program filesSafari
2009-03-29 09:59 . 2009-03-29 09:59
d
w c:program filesBonjour
2009-03-28 20:08 . 2009-03-28 20:08 5469 —-a-w c:windows33z5steal3049.exe
2009-03-28 18:15 . 2009-03-28 18:15 8306 —-a-w c:windows9dz8v5r1592.bin
2009-03-24 20:32 . 2009-03-24 20:32 5703 —-a-w c:windows19737s5zmb9t3c2.bin
2009-03-23 13:58 . 2009-02-17 14:14
d
w c:program filesWorms Armageddon
2009-03-22 00:29 . 2009-03-22 00:29 17262 —-a-w c:windows9993spy56z9.dll
2009-03-19 20:32 . 2009-03-19 20:32 9259 —-a-w c:windows55fdaddware15z09.exe
2009-03-19 13:32 . 2008-01-29 08:01 23400 —-a-w c:windowssystem32driversGEARAspiWDM.sys
2009-03-17 08:13 . 2009-03-17 08:13 3000 —-a-w c:windows29ezspyw5re2037.exe
2009-03-16 21:01 . 2009-03-16 21:01 14376 —-a-w c:windowssystem323c4v5r261z9.dll
2009-03-14 07:59 . 2009-03-14 07:59 14918 —-a-w c:windowssystem3213z32s9a5bot23b.bin
2009-03-13 15:32 . 2009-03-13 15:32 2887 —-a-w c:windows25c395reatz293.exe
2009-03-13 08:44 . 2009-03-13 08:44 10136 —-a-w c:windows6z97n59-a-virus69c.bin
2009-03-12 21:32 . 2009-01-22 22:02
d
w c:program filesfree-downloads.net
2009-03-12 03:07 . 2009-03-12 03:07 13184 —-a-w c:windowssystem321455495yz52.bin
2009-03-11 22:04 . 2009-03-11 22:04 17735 —-a-w c:windowssystem32405fbackdoor591z.dll
2009-03-11 08:29 . 2009-03-11 08:29 9421 —-a-w c:windows294z6not-a-9irus7325.dll
2009-03-11 07:40 . 2009-03-11 07:40 8193 —-a-w c:windows195aspzrse2750.bin
2009-03-09 09:22 . 2009-03-09 09:22 7149 —-a-w c:windowssystem3218025virzs19d.exe
2009-03-07 16:57 . 2009-03-07 16:53
d
w c:program filesMicrosoft ActiveSync
2009-03-07 16:57 . 2008-01-24 12:19
d—h—w c:program filesInstallShield Installation Information
2009-03-06 15:59 . 2009-03-06 15:59 10892 —-a-w c:windowsb0fz5ckdoor2929.bin
2009-03-05 20:59 . 2009-03-29 10:26 1900544 —-a-w c:windowssystem32usbaaplrc.dll
2009-03-05 20:59 . 2008-10-03 19:25 36864 —-a-w c:windowssystem32driversusbaapl.sys
2009-03-01 05:48 . 2009-03-01 05:48 16265 —-a-w c:windows6009threz530176.dll
2009-02-28 19:18 . 2009-02-28 19:18 2549 —-a-w c:windowssystem32246z9spambo55d9.dll
2009-02-26 22:13 . 2009-02-26 22:13 3535 —-a-w c:windows929hz5ktool538.exe
2009-02-26 02:54 . 2009-02-26 02:54 9683 —-a-w c:windowssystem322ba7s9arsez5575.dll
2009-02-25 02:08 . 2009-02-25 02:08 12597 —-a-w c:windows10525spamboz5e9.bin
2009-02-21 08:00 . 2009-02-21 08:00 14396 —-a-w c:windows3597wo5mz43.exe
2009-02-14 18:55 . 2009-02-14 18:55 17182 —-a-w c:windowssystem3245a3addwaze1879.dll
2009-02-12 12:19 . 2009-02-12 12:19 13247 —-a-w c:windowssystem3231586vi9us6f5z.bin
2009-02-10 23:43 . 2009-02-10 23:43 12013 —-a-w c:windows2a11zpar5e9522.bin
2009-02-10 13:28 . 2009-02-10 13:28 8688 —-a-w c:windowssystem324f9f5ownloadez12499.dll
2009-02-07 05:32 . 2009-02-07 05:32 17371 —-a-w c:windowssystem32z6275wo9m6c2.exe
2009-02-06 02:52 . 2009-02-06 02:52 13829 —-a-w c:windowssystem321d64z9reat178085.bin
2009-02-04 14:37 . 2009-02-04 14:37 4247 —-a-w c:windowssystem327a1zdownload5r1797.exe
2009-02-02 01:46 . 2009-02-02 01:46 3038 —-a-w c:windowssystem322975ztroj592.bin
2009-03-05 15:08 . 2009-04-28 17:57 49664 —-a-w c:program filesmozilla firefoxcomponentsFFComm.dll
2008-11-14 12:43 . 2008-11-13 19:11 3561504 —sha-w c:windowssystem32driversfidbox.dat
.
Sigcheck
[-] 2004-08-18 16:00 14336 5DB0AE95BF08D5A63C167648F1314C07 c:windows$NtServicePackUninstall$svchost.exe
[-] 2008-04-14 16:11 14336 E948A9079D0E6350BE92D4D3E0077F81 c:windowsServicePackFilesi386svchost.exe
[-] 2008-04-14 16:11 14336 E948A9079D0E6350BE92D4D3E0077F81 c:windowssystem32svchost.exe[-] 2005-03-02 18:20 577536 4FA97F24930AB5845A8214589AE0430A c:windows$hf_mig$KB890859SP2QFEuser32.dll
[-] 2007-03-08 15:51 578560 037E2AC14B8A7E7673175FBDE6602D7A c:windows$hf_mig$KB925902SP2QFEuser32.dll
[-] 2007-03-08 15:38 578048 94F595B4BB622AB472AEB77CB8274150 c:windows$NtServicePackUninstall$user32.dll
[-] 2008-04-14 16:10 579072 A9CDF92EA1CFFB67448EF26F5DF21A6F c:windowsServicePackFilesi386user32.dll
[-] 2008-04-14 16:10 579072 A9CDF92EA1CFFB67448EF26F5DF21A6F c:windowssystem32user32.dll[-] 2004-08-18 16:00 82944 0B6185E58290D4E5944F6FB9BF6562A1 c:windows$NtServicePackUninstall$ws2_32.dll
[-] 2008-04-14 16:10 82432 5E2915645A0D139519A99F0F95437D96 c:windowsServicePackFilesi386ws2_32.dll
[-] 2008-04-14 16:10 82432 5E2915645A0D139519A99F0F95437D96 c:windowssystem32ws2_32.dll[-] 2004-09-29 18:46 657408 D2B382A55A5D605B54DCA5487C06AD6E c:windows$hf_mig$KB834707SP2QFEwininet.dll
[-] 2005-01-27 17:13 658432 548AC1F671EF510BB77C3F64301FE8BF c:windows$hf_mig$KB867282SP2QFEwininet.dll
[-] 2005-05-02 20:58 659456 09687429727E94460C48EFDECCE5A63F c:windows$hf_mig$KB883939SP2QFEwininet.dll
[-] 2005-03-10 07:48 658432 7CEF9E06C86F1BBEE0E17AD6F7E81D73 c:windows$hf_mig$KB890923SP2QFEwininet.dll
[-] 2005-09-02 23:55 660992 00E8F2FD696DA311F8C82BABCED914D6 c:windows$hf_mig$KB896688SP2QFEwininet.dll
[-] 2005-07-03 02:11 659968 6FA110021FE66A1E41F0830286E324D1 c:windows$hf_mig$KB896727SP2QFEwininet.dll
[-] 2005-10-21 03:39 662016 8FE419999554F3A1479F7CB90E686E84 c:windows$hf_mig$KB905915SP2QFEwininet.dll
[-] 2008-03-01 12:35 827392 F7B6F2689C6B30996A645EAE37B600A4 c:windows$hf_mig$KB947864-IE7SP2QFEwininet.dll
[-] 2008-04-23 04:21 827392 9D4B02E4424DE1DDB030659EFA7ACC5D c:windows$hf_mig$KB950759-IE7SP2QFEwininet.dll
[-] 2008-06-23 15:41 827904 04B0920B661877A10E3409FAF1900810 c:windows$hf_mig$KB953838-IE7SP2QFEwininet.dll
[-] 2006-11-07 18:03 818688 92995334F993E6E49C25C6D02EC04401 c:windowsie7updatesKB947864-IE7wininet.dll
[-] 2008-03-01 13:01 826368 094F3167C8D6489A56F85BE5481875E0 c:windowsie7updatesKB950759-IE7wininet.dll
[-] 2008-04-23 07:20 826368 B1D68565F47E0B2037EF92A49F6367FA c:windowsie7updatesKB953838-IE7wininet.dll
[-] 2008-04-14 16:10 666624 BD953FC6D28126E19882944944E39904 c:windowsServicePackFilesi386wininet.dll
[-] 2008-06-23 16:42 826368 F81191A302E8E1D33583ADA68C4AF8D7 c:windowssystem32wininet.dll
[-] 2008-06-23 16:42 826368 F81191A302E8E1D33583ADA68C4AF8D7 c:windowssystem32dllcachewininet.dll[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:windows$hf_mig$KB893066SP2QFEtcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:windows$hf_mig$KB913446SP2QFEtcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:windows$hf_mig$KB941644SP2QFEtcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:windows$hf_mig$KB951748SP2QFEtcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windows$hf_mig$KB951748SP3GDRtcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:windows$NtServicePackUninstall$tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:windowsServicePackFilesi386tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32dllcachetcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32driverstcpip.sys[-] 2004-08-18 16:00 503808 BA9DF5930B2582C31C0C8E52C94DDA48 c:windows$NtServicePackUninstall$winlogon.exe
[-] 2008-04-14 16:11 509440 B3B5D5855127E240C88451030AAEE76E c:windowsServicePackFilesi386winlogon.exe
[-] 2008-04-14 16:11 509440 B3B5D5855127E240C88451030AAEE76E c:windowssystem32winlogon.exe[-] 2004-08-18 16:00 182912 558635D3AF1C7546D26067D5D9B6959E c:windows$NtServicePackUninstall$ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:windowsServicePackFilesi386ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:windowssystem32driversndis.sys[-] 2004-08-18 16:00 29056 4448006B6BC60E6C027932CFC38D6855 c:windows$NtServicePackUninstall$ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:windowsServicePackFilesi386ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:windowssystem32driversip6fw.sys[-] 2005-03-02 07:13 2058752 B62278A511F835C480F9BDCA9B775A94 c:windows$hf_mig$KB890859SP2QFEntkrnlpa.exe
[-] 2007-02-28 16:08 2061184 B683F99750E5C450A03DB3F01648BD4A c:windows$hf_mig$KB931784SP2QFEntkrnlpa.exe
[-] 2007-02-28 16:04 2017792 8BCBF5DC5DA07E6F713A94BE8C4745C9 c:windows$NtServicePackUninstall$ntkrnlpa.exe
[-] 2008-04-14 15:50 2067712 B732BB0B17FE6547FC1F5C770549391E c:windowsServicePackFilesi386ntkrnlpa.exe
[-] 2008-04-14 15:50 2025984 F4D282171BC6BD644ECB1FDE5F9A62B4 c:windowssystem32ntkrnlpa.exe[-] 2005-03-02 18:14 2181376 9B6F60E8765A76958E8986AFDB5D85CC c:windows$hf_mig$KB890859SP2QFEntoskrnl.exe
[-] 2007-02-28 16:08 2183936 32FF36DB045A32F606F1EEEC98C78954 c:windows$hf_mig$KB931784SP2QFEntoskrnl.exe
[-] 2007-02-28 16:04 2138112 D4EB32BE6C12507FB4E7973CDF2F46DE c:windows$NtServicePackUninstall$ntoskrnl.exe
[-] 2008-04-14 15:51 2190848 DBD9F0B1A0D346EBBCF20940B86941C5 c:windowsServicePackFilesi386ntoskrnl.exe
[-] 2008-04-14 15:50 2147328 96195AD9ED0A998DDD86C2AD252ADE79 c:windowssystem32ntoskrnl.exe[-] 2008-04-14 16:10 1034240 847C01CA71883702CC7445364DD9D097 c:windowsexplorer.exe
[-] 2007-06-13 13:11 1033728 A1BFBE52E8865C5641AC6EB1CEE8DB26 c:windows$hf_mig$KB938828SP2QFEexplorer.exe
[-] 2007-06-13 13:23 1033728 3630DBB63BAD434E3B1F39C2B61FC62F c:windows$NtServicePackUninstall$explorer.exe
[-] 2008-04-14 16:10 1034240 847C01CA71883702CC7445364DD9D097 c:windowsServicePackFilesi386explorer.exe[-] 2004-08-18 16:00 108544 394BE1D5B35B031A94AE51C6F05E3967 c:windows$NtServicePackUninstall$services.exe
[-] 2008-04-14 16:11 109056 AE5D25E59BC5D193ADD3DBF01864BDC5 c:windowsServicePackFilesi386services.exe
[-] 2008-04-14 16:11 109056 AE5D25E59BC5D193ADD3DBF01864BDC5 c:windowssystem32services.exe[-] 2004-08-18 16:00 13312 1952DDC36E60C313CD6ACBD07D4548D6 c:windows$NtServicePackUninstall$lsass.exe
[-] 2008-04-14 16:10 13312 17C1AC326238EFADF17A0612AFD822AD c:windowsServicePackFilesi386lsass.exe
[-] 2008-04-14 16:10 13312 17C1AC326238EFADF17A0612AFD822AD c:windowssystem32lsass.exe[-] 2004-08-18 16:00 15360 CDC69C55CF6C39162451685020CF6F06 c:windows$NtServicePackUninstall$ctfmon.exe
[-] 2008-04-14 16:10 15360 B5DC70BB43A14093E00C5A735CC5DFD4 c:windowsServicePackFilesi386ctfmon.exe
[-] 2008-04-14 16:10 15360 B5DC70BB43A14093E00C5A735CC5DFD4 c:windowssystem32ctfmon.exe[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:windows$hf_mig$KB896423SP2QFEspoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:windows$NtServicePackUninstall$spoolsv.exe
[-] 2008-04-14 16:11 57856 0139187CDD1B598B6CBB235517117832 c:windowsServicePackFilesi386spoolsv.exe
[-] 2008-04-14 16:11 57856 0139187CDD1B598B6CBB235517117832 c:windowssystem32spoolsv.exe[-] 2004-08-18 16:00 25088 B5F1A73EDAB83FA2DB9662E10E027587 c:windows$NtServicePackUninstall$userinit.exe
[-] 2008-04-14 16:11 26624 4F88778DD0CD6B99FCDA408E16B36AE7 c:windowsServicePackFilesi386userinit.exe
[-] 2008-04-14 16:11 26624 4F88778DD0CD6B99FCDA408E16B36AE7 c:windowssystem32userinit.exe[-] 2004-08-18 16:00 295936 FBE10ED076D1E87782778A6CD2AB7085 c:windows$NtServicePackUninstall$termsrv.dll
[-] 2008-04-14 16:10 295936 804A741E1806E8C33C8C642781896C0D c:windowsServicePackFilesi386termsrv.dll
[-] 2008-04-14 16:10 295936 804A741E1806E8C33C8C642781896C0D c:windowssystem32termsrv.dll[-] 2007-04-16 16:11 992256 386376D4516F7922C5AFE1752B6DED84 c:windows$hf_mig$KB935839SP2QFEkernel32.dll
[-] 2007-04-16 15:54 990720 9716CE5C88A4EFF821503CBEAC55830B c:windows$NtServicePackUninstall$kernel32.dll
[-] 2008-04-14 16:10 995840 D612EE36F95DA6D1179F7567B2B77D77 c:windowsServicePackFilesi386kernel32.dll
[-] 2008-04-14 16:10 995840 D612EE36F95DA6D1179F7567B2B77D77 c:windowssystem32kernel32.dll[-] 2004-08-18 16:00 17408 604F22705C12080012968D72D97C6D64 c:windows$NtServicePackUninstall$powrprof.dll
[-] 2008-04-14 16:10 17408 DDDB63DB4C327CA3996AD326C1A8B8D4 c:windowsServicePackFilesi386powrprof.dll
[-] 2008-04-14 16:10 17408 DDDB63DB4C327CA3996AD326C1A8B8D4 c:windowssystem32powrprof.dll[-] 2004-08-18 16:00 110080 318492C9327EDBBD7FAD35FB3DF65CC3 c:windows$NtServicePackUninstall$imm32.dll
[-] 2008-04-14 16:10 110080 A9690FD601E9F5102F0D3388DF6081BD c:windowsServicePackFilesi386imm32.dll
[-] 2008-04-14 16:10 110080 A9690FD601E9F5102F0D3388DF6081BD c:windowssystem32imm32.dll[-] 2004-08-18 16:00 1548288 01C8786B1DDB91D5D40044DED8864EDC c:windows$NtServicePackUninstall$sfcfiles.dll
[-] 2008-04-14 16:10 1571840 4379CA978CB35BB2458156B2B6CB35DF c:windowsServicePackFilesi386sfcfiles.dll
[-] 2008-04-14 16:10 1571840 4379CA978CB35BB2458156B2B6CB35DF c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-12 21:33 1883672 —-a-w c:program filesfree-downloads.nettbfre1.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{ecdee021-0d17-467f-a1ff-c7a115230949}»= «c:program filesfree-downloads.nettbfre1.dll» [2009-03-12 1883672][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{ECDEE021-0D17-467F-A1FF-C7A115230949}»= «c:program filesfree-downloads.nettbfre1.dll» [2009-03-12 1883672][HKEY_CLASSES_ROOTclsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Orb»=»c:program filesWinamp RemotebinOrbTray.exe» [2008-04-01 507904]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-09-20 202024]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-01-28 2097488]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncWcescomm.exe» [2006-11-13 1289000]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-04-26 39408]
«setup2.exe»=»c:windowssystem32setup2.exe» [2009-04-26 1097216][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-01-24 8527872]
«HDAudDeck»=»c:program filesVIAVIAudioiHDADeckHDeck.exe» [2007-10-12 794624]
«SMSERIAL»=»c:program filesMotorolaSMSERIALsm56hlpr.exe» [2008-01-23 634880]
«SynTPStart»=»c:program filesSynapticsSynTPSynTPStart.exe» [2008-01-23 102400]
«BisonHK»=»c:windowsBisonCamBisonHK.exe» [2007-10-03 77824]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-03 36352]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-03-31 6210744]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-09-20 1836328]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«AppleSyncNotifier»=»c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe» [2009-03-05 177472]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2009-04-02 342312]
«BluetoothAuthenticationAgent»=»bthprops.cpl» — c:windowssystem32bthprops.cpl [2008-04-14 110592][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-13 39264]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HotKeyDriver.lnk — c:program filesHotKey_DriverHotKeyDriver.exe [2008-1-24 3461120]
Ralink Wireless Utility.lnk — c:program filesRALINKCommonRaUI.exe [2008-1-24 1114112][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Microsoft ActiveSync\rapimgr.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\WINDOWS\system32\CNAB4RPK.EXE»=
«e:\Far Cry 2\bin\FarCry2.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:\Program Files\iTunes\iTunes.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 sp_rsdrv2;Spyware Terminator Driver 2; [x]
R2 gupdate1c9c67eb109aeb3;Служба Google Update (gupdate1c9c67eb109aeb3);c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-26 133104]
R3 Bcfilter;Jetico Personal Firewall Network Monitor; [x]
R3 BcfilterMP;BcfilterMP; [x]
R3 FileObjInfo;STFileDriver; [x]
R3 MBAMSwissArmy;MBAMSwissArmy; [x]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187.sys [2006-06-23 180608]
S0 HFXP2;HFXP2;c:windowsSYSTEM32DRIVERSHFXP2.SYS [2007-01-22 17264]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [2007-09-28 205184][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1af82763-0b76-11dd-8c26-0090f56b8dfd}]
ShellAutoRuncommand — E:xn1i9x.com
ShellexploreCommand — E:xn1i9x.com
ShellopenCommand — E:xn1i9x.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4261dae8-1d0a-11de-8bfc-0090f56b8dfd}]
ShellAutoRuncommand — krwupv.exe
ShellexploreCommand — krwupv.exe
ShellopenCommand — krwupv.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4ead3248-8ff3-11dd-8b63-0090f56b8dfd}]
ShellAutoRuncommand — npyajn.exe
ShellexploreCommand — npyajn.exe
ShellopenCommand — npyajn.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{54567ab8-9f58-11dd-8b75-0090f56b8dfd}]
ShellAutoRuncommand — f:system_cachelocale.exe
ShellexploreCommand — f:system_cachelocale.exe
ShellopenCommand — f:system_cachelocale.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98e41df7-09ed-11dd-8c1f-0090f56b8dfd}]
ShellAutoRuncommand — E:xn1i9x.com
ShellexploreCommand — E:xn1i9x.com
ShellopenCommand — E:xn1i9x.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3348a04-c5ed-11dd-8bb4-0090f56b8dfd}]
ShellAutoRuncommand — F:
ShellopenCommand — rundll32.exe .\kbymaori.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d983ea-b42c-11dd-8baa-a36b59db3f5f}]
ShellAutoRuncommand — f:system_cachelocale.exe
ShellexploreCommand — f:system_cachelocale.exe
ShellopenCommand — f:system_cachelocale.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d983f4-b42c-11dd-8baa-0090f56b8dfd}]
ShellAutoRuncommand — System_Cachelocale.exe
ShellexploreCommand — System_Cachelocale.exe
ShellopenCommand — System_Cachelocale.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d16238b2-f22a-11dd-8bd1-0090f56b8dfd}]
ShellAutoRuncommand — MicrSoft.exe
ShellExploreCommand — MicrSoft.exe
ShellOpenCommand — MicrSoft.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc0cd2cc-2469-11de-8c07-0090f56b8dfd}]
ShellAutoRuncommand — G:msimon.exe -flash
ShellopenCommand — G:msimon.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f7bf166b-df43-11dd-8bc0-0090f56b8dfd}]
ShellAutoRuncommand — G:USBNB.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-04-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 08:34]2009-04-30 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-26 14:49]2009-04-30 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-26 14:52]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=31214
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {474C9C49-8017-4800-98F7-7870A2CD9712} = 208.67.220.220,208.67.222.222
TCP: {5C29A906-3470-46BC-A93D-1B97BCADC961} = 208.67.220.220,208.67.222.222
TCP: {7BDB7A82-FC96-4BDE-B8F6-02AC71E1E97F} = 208.67.220.220,208.67.222.222
TCP: {8DC61FC9-3540-4BE9-A180-5E5825F557A5} = 208.67.220.220,208.67.222.222
TCP: {C9B58F8E-FAF9-448D-AA57-786BA4484619} = 208.67.220.220,208.67.222.222
FF — ProfilePath — c:documents and settings1Application DataMozillaFirefoxProfiles1bqcnxsf.default
FF — prefs.js: browser.search.defaulturl — hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF — prefs.js: browser.search.selectedEngine —
FF — prefs.js: browser.startup.homepage — hxxp://www.google.ru/
FF — prefs.js: keyword.URL — hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF — component: c:program filesMozilla FirefoxcomponentsFFComm.dll
FF — plugin: c:program filesGoogleGoogle Earth Pluginnpgeplugin.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 21:15
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HDAudDeck = c:program filesVIAVIAudioiHDADeckHDeck.exe 1????????????????????????????????????????????????scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(3084)
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 6PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 6PCSCM.dll
c:program filesNokiaNokia PC Suite 6LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 6ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesLavasoftAd-Awareaawservice.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32CNAB4RPK.EXE
c:windowssystem32rundll32.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesSynapticsSynTPSynTPEnh.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:progra~1MICROS~4rapimgr.exe
c:program filesWinamp RemotebinOrb.exe
c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
c:program filesiPodbiniPodService.exe
c:windowssystem32wbemunsecapp.exe
.
**************************************************************************
.
Completion time: 2009-04-30 21:19 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 18:19Pre-Run: 32 763 289 600 байт свободно
Post-Run: 32 714 137 600 байт свободно495 — E O F — 2008-09-26 15:07
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Ув. Valeri, надеюсь на Вашу помощь!
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Что, мой случай неизлечим?
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Я не могу скачать Windows XP SP 3, и поэтому не могу создать Recovery console, потому что ссылка сайта Windows на service pack 3 то ли битая, то ли не туда идет.
Инет просто не соединяет на эту ссылку.Продолжим лечение 🙂
Судя по логу, ваши диски E и F (флешки ?) заражёны autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"setup2.exe"=-
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1af82763-0b76-11dd-8c26-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4261dae8-1d0a-11de-8bfc-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4ead3248-8ff3-11dd-8b63-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{54567ab8-9f58-11dd-8b75-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98e41df7-09ed-11dd-8c1f-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3348a04-c5ed-11dd-8bb4-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d983ea-b42c-11dd-8baa-a36b59db3f5f}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d983f4-b42c-11dd-8baa-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d16238b2-f22a-11dd-8bd1-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc0cd2cc-2469-11de-8c07-0090f56b8dfd}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f7bf166b-df43-11dd-8bc0-0090f56b8dfd}]
File::
c:windowssystem32setup2.exeЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Наверное, это будет Ваш не самый легкий случай.
Создал CFScript. Перетащил в ComboFix. Перед этим обездвижил и Avast, и Antivira.
И — тишина. Никаких логов не создается.- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Person-molecule , можно поподробнее?
Где, куда и когда заходить и что удалять?- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
У меня вдруг пропала эта паскудина. Перед этим я просканировал и проверил ее и весь свой комп примерно 15-ю разными программами, но ничего ее не брало.
Потом поставил антивирус Avira Antivir personal — он бесплатный в Инете висит, т.е у меня щас два антивируса — Avast и Avira Antivir personal, причем между собой они вообще никак не конфликтуют. По-видимому, последний эту пакость вычислил, а потом и вычистил. Перед этим, правда, я удалили setup2, но, по-моему, она пропала и до этого.
Потом проверил весь комп Malware, он нашел 3 каких-то подозрительных ключа, которые я тоже вполне благополучно стер.
В общем, пока тьфу-тьфу.
- Для ответа в этой теме необходимо авторизоваться.
