- This topic has 12 ответов, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Здравствуйте! Помогите пожалуйста удалить WiniBlueSoft. Malwarebytes Anti-Malware его не видит. Спасибо за помощь!
Скачал сканер RSIT и отправляю то,что получилось!
info.txt logfile of random’s system information tool 1.06 2009-05-16 20:41:09
======Uninstall list======
—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 4.0 Sprint—>C:WINDOWSbitdeins.exe C:PROGRA~1ABBYYF~1.0SPbitdeins.ini
ACDSee 4.0.1 Power Pack Suite—>MsiExec.exe /I{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Photoshop 6.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesAdobePhotoshop 6.0Uninst.isu» -c»C:Program FilesAdobePhotoshop 6.0Uninst.dll»
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2002—>MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
BearPaw 1200CU Plus v1.2—>C:PROGRA~1ULEADS~1ULEADP~1.0SEBEARPA~1DRIVERUNINST.EXE
CorelDRAW Graphics Suite 12—>MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Crush’Em 2.0—>C:WINDOWSCrush’Em 2.0UNWISE.EXE C:WINDOWSCrush’Em 2.0install.log
DAEMON Tools—>MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DriverCD—>C:WINDOWSIsUninst.exe -f»C:Program FilesGIGABYTEDriverCDUninst.isu»
Firebird 1.0.0.796—>»C:Program FilesFirebirdunins000.exe»
Fraps—>»C:Frapsuninstall.exe»
Hardlock Device Driver—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32HLDRV.LOG
Hardlock Device Drivers—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32HLDRV.LOG
HASP Device Driver—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32hdd32.log
ICQ6—>C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe -runfromtemp -l0x0009 -removeonly
Java 2 Runtime Environment Standard Edition v1.3.1_06—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D2BFDD8E-D276-11D6-88AF-0050DA21757E}Setup.exe» -uninst
Kaspersky Internet Security 6.0—>MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
K-Lite Mega Codec Pack 4.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
MadOnion.com/3DMark2001 SE—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{91B323B5-A79C-4D23-BD6D-046C565F9BCF}Setup.exe» -l0x9 uninstall -uninst
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Marvell Miniport Driver—>MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.0.10)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MP3 Player Mate VII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{60857B29-7A73-4B0E-8D89-6FE482043A8B}Setup.exe» -l0x9
MultiLex 4.0 (English-Russian)—>C:PROGRA~1MEDIAL~1MULTIL~1.0UnInstal.exe
Need For Speed Hot Pursuit 2—>C:PROGRA~1NEEDFO~1UNWISE.EXE C:PROGRA~1NEEDFO~1INSTALL.LOG
Need For Speed Underground 2—>»C:Program FilesEA GamesNeed For Speed Underground 2unins000.exe»
Nero Suite—>C:Program FilesCommon FilesNeroUninstallSetupx.exe /uninstall ExtraUninstallID=»»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Puzzl’Em 1.0 Beta2—>C:WINDOWSPuzzl’Em1.0Beta2UNWISE.EXE C:WINDOWSPuzzl’Em1.0Beta2install.log
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
SAMSUNG CDMA Modem Driver Set—>C:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
Samsung ML-1520 Series—>C:WINDOWSSamsungML-1520SETUP.EXE
SAMSUNG Mobile Composite Device Software—>C:WINDOWSsystem32Samsung_USB_Drivers6SSBCUninstall.exe
Samsung Mobile phone USB driver Software—>C:WINDOWSsystem32Samsung_USB_Drivers5SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -l0x19 -removeonly
SmartPhotoRefresh—>C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU PlusUNWISE.EXE C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU Plusinstall.log
Sound’Em—>C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU PlusUNWISE.EXE C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU Plusinstall.log
Spyware Doctor 6.0—>C:Program FilesSpyware Doctorunins000.exe /LOG
Stamina 2.5—>»C:Program FilesStaminauninstall.exe»
TOCA — Race Driver—>C:PROGRA~1CODEMA~1RACEDR~1UNWISE.EXE C:PROGRA~1CODEMA~1RACEDR~1INSTALL.LOG
Ulead DVD PictureShow 2 SE Basic—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A9212616-FCA2-4173-BD99-5C741EB3A068}Setup.exe» -l0x9
Ulead Photo Express 4.0 SE—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}Setup.exe» -l0x9
VIA Диспетчер устройств платформы—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Volo View Express—>C:WINDOWSuninst.exe -f»C:Program FilesVolo View ExpressDeIsL1.isu»
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Бесплатный контент FieryAds—>C:Documents and SettingsUserApplication DataFieryAdsFieryAdsUninstall.exe
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Программа обновлений Google—>»C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe» -uninstall
Расширенный выпуск Microsoft Office 2000—>MsiExec.exe /I{00000419-78E1-11D2-B60F-006097C998E7}
СтройОфис—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FC983B4E-D9CB-46DE-B44C-B912776000F3}setup.exe»======Security center information======
AV: Kaspersky Internet Security 6.0 (outdated)
FW: Kaspersky Internet Security 6.0======System event log======
Computer Name: TWEAKLAB-C7C570
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 39394
Source Name: Service Control Manager
Time Written: 20090308201652.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 7035
Message: Служба «ServiceLayer» успешно отправила управляющий элемент «запустить».Record Number: 39393
Source Name: Service Control Manager
Time Written: 20090308201649.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: TWEAKLAB-C7C570
Event Code: 7036
Message: Служба «Служба сетевого расположения (NLA)» перешла в состояние Работает.Record Number: 39392
Source Name: Service Control Manager
Time Written: 20090308201647.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 7035
Message: Служба «Служба обнаружения SSDP» успешно отправила управляющий элемент «запустить».Record Number: 39391
Source Name: Service Control Manager
Time Written: 20090308201647.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: TWEAKLAB-C7C570
Event Code: 7035
Message: Служба «Служба сетевого расположения (NLA)» успешно отправила управляющий элемент «запустить».Record Number: 39390
Source Name: Service Control Manager
Time Written: 20090308201646.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM=====Application event log=====
Computer Name: TWEAKLAB-C7C570
Event Code: 105
Message: The service was started.Record Number: 5
Source Name: ATI Smart
Time Written: 20090113174541.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 0
Message:
Record Number: 4
Source Name: ServiceLayer
Time Written: 20090113114754.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.Record Number: 3
Source Name: SecurityCenter
Time Written: 20090113114745.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 251
Message:
Record Number: 2
Source Name: Firebird Guardian
Time Written: 20090113114741.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 105
Message: The service was started.Record Number: 1
Source Name: ATI Smart
Time Written: 20090113114719.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI Control Panel;C:Program FilesCommon FilesAutodesk Shared;C:Program FilesCommon FilesUlead SystemsMPEG;C:Program FilesSamsungSamsung PC Studio 3
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 1, GenuineIntel
«PROCESSOR_REVISION»=0401
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-16 21:07:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (56%) free of 114 GB
Total RAM: 511 MB (36% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:59, on 16.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFirebirdbinibguard.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesSpyware DoctorpctsTray.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesD-Toolsdaemon.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesICQ6ICQ.exe
C:WINDOWSsystem32setup2.exe
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:Program FilesACD SystemsImageFoxImageFox.exe
C:Program FilesFirebirdbinibserver.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:WINDOWSSystem32alg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSYSTEM32NOTEPAD.EXE
C:Documents and SettingsUserРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microUser.exe
C:Program FilesX-Translator GOLDXTRAPrmtX.exe
C:Program FilesX-Translator GOLDPromtsvr.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ru/ig?hl=ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Доступ к платному контенту FieryAds v2.0.0 — {6D125299-C2A9-4DBC-BEC3-6F7124E39A41} — C:DOCUME~1UserAPPLIC~1FieryAdsFieryAds.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O3 — Toolbar: XTRANS — {DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKLM..Run: [WiniBlueSoft] C:Program FilesWiniBlueSoft SoftwareWiniBlueSoftWiniBlueSoft.exe -min
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [wsctf.exe] wsctf.exe
O4 — HKCU..Run: [AdobeUpdater] «C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe»
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [setup2.exe] C:WINDOWSsystem32setup2.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAIDraid_tool.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 — Global Startup: MultiLex Universal Hotkeys.lnk = C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
O4 — Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O4 — Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: ImageFox.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Настройки перевода — C:Program FilesX-Translator GOLDPRMTEToptions.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Перевод страницы — C:Program FilesX-Translator GOLDPRMTETtranslat.htm
O9 — Extra button: Веб-Антивирус — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) — file://C:Program FilesAutoCAD 2002AcDcToday.ocx
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) — file://C:Program FilesAutoCAD 2002InstBanr.ocx
O16 — DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) — file://C:Program FilesAutoCAD 2002InstFred.ocx
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) — file://C:Program FilesAutoCAD 2002AcPreview.ocx
O17 — HKLMSystemCCSServicesTcpip..{315A4568-AB50-4B16-8587-9023F3150455}: NameServer = 85.255.113.134 85.255.112.140
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Internet Security 6.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: IB_Backup (Service1) — Unknown owner — C:StroySoftUtilsIB_Backup.exe (file missing)
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10115 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}]
Доступ к платному контенту FieryAds v2.0.0 — C:DOCUME~1UserAPPLIC~1FieryAdsFieryAds.dll [2009-05-05 669184][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll [2009-04-03 668656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — XTRANS — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll [2002-07-15 212992]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-27 849392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2004-09-30 4603904]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2004-09-30 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-11-30 344064]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-12-22 77824]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«»= []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-07-16 1166216]
«WiniBlueSoft»=C:Program FilesWiniBlueSoft SoftwareWiniBlueSoftWiniBlueSoft.exe -min [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«wsctf.exe»=wsctf.exe []
«AdobeUpdater»=C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe []
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304]
«setup2.exe»=C:WINDOWSsystem32setup2.exe [2009-05-12 1097216]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
VIA RAID TOOL.lnk — C:Program FilesVIARAIDraid_tool.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
MultiLex Universal Hotkeys.lnk — C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
Ulead Photo Express 4.0 SE Calendar Checker .lnk — C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
Adobe Gamma Loader.exe.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
ImageFox.lnk — C:WINDOWSInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2004-12-01 94208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2006-03-24 28778][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoFolderOptions»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe:*:Enabled:µTorrent»
«C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{32e4a2ba-158e-11dc-b730-000fead6e02d}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — F:Recycledctfmon.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{603a4152-6f48-11dc-b791-000fead6e02d}]
shellAutoRuncommand — F:EXPLORER.EXE
shellexplorecommand — F:EXPLORER.EXE
shellopencommand — F:EXPLORER.EXE======File associations======
.ini — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1
.scr — open — C:WINDOWSNOTEPAD.EXE «%1»
.scr — install —
.scr — config —
.txt — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1======List of files/folders created in the last 1 months======
2009-12-26 14:43:08 —-A—- C:WINDOWSsystem3255ad9pyware883z.dll
2009-12-24 18:16:42 —-A—- C:WINDOWS5597vir33z.dll
2009-12-20 07:44:29 —-A—- C:WINDOWSsystem32310adownlza9e51353.exe
2009-12-12 20:44:13 —-A—- C:WINDOWS6e5backzoor51739.exe
2009-12-11 13:30:49 —-A—- C:WINDOWS293zs9y503.dll
2009-12-05 09:12:00 —-A—- C:WINDOWS7cd5down5oaze92691.dll
2009-12-04 06:32:26 —-A—- C:WINDOWSsystem32699zthr5at27751.dll
2009-12-03 07:32:08 —-A—- C:WINDOWSsystem32z9576worm6a.exe
2009-12-01 04:35:05 —-A—- C:WINDOWSsystem321763595zus6f2.exe
2009-11-28 02:35:00 —-A—- C:WINDOWS13383hackt5olz89.dll
2009-11-26 00:48:39 —-A—- C:WINDOWSsystem3229970trzj55f.exe
2009-11-21 00:46:54 —-A—- C:WINDOWS6536backdoo9257z.dll
2009-11-19 21:16:25 —-A—- C:WINDOWSsystem3243bzddwa5e1994.dll
2009-11-15 14:57:33 —-A—- C:WINDOWSsystem326z1baddwar52993.dll
2009-11-15 11:53:19 —-A—- C:WINDOWS459faddw9r51492z.dll
2009-11-13 14:22:00 —-A—- C:WINDOWSsystem325f29s9y5arez118.exe
2009-11-06 01:21:19 —-A—- C:WINDOWS1292zir521.exe
2009-11-04 18:51:51 —-A—- C:WINDOWSsystem3223z99wo5m49e.dll
2009-11-04 05:58:04 —-A—- C:WINDOWSsystem3210985not9a-virus5z5.exe
2009-11-03 16:15:10 —-A—- C:WINDOWSsystem325665spazse10749.exe
2009-11-03 09:33:05 —-A—- C:WINDOWS3z1athr9a517127.dll
2009-11-03 03:06:42 —-A—- C:WINDOWSsystem324f0daddwar559z.exe
2009-10-26 01:09:55 —-A—- C:WINDOWS1dff95arse1227z.dll
2009-10-25 17:16:24 —-A—- C:WINDOWSz953worm57a5.exe
2009-10-25 13:11:32 —-A—- C:WINDOWSsystem324a7z5ackdoor11819.exe
2009-10-24 17:07:40 —-A—- C:WINDOWSsystem32104spaz5e5009.dll
2009-10-23 11:21:54 —-A—- C:WINDOWS15d0v5z9193.exe
2009-10-20 18:51:37 —-A—- C:WINDOWS1e6bvzr295.exe
2009-10-15 05:14:19 —-A—- C:WINDOWS18405zt-a9virus72d.dll
2009-10-12 00:24:36 —-A—- C:WINDOWS23701sz51fd9.dll
2009-10-11 05:06:52 —-A—- C:WINDOWSsystem325f97v9rz6735.exe
2009-10-10 12:21:20 —-A—- C:WINDOWS5935wozm559.dll
2009-10-03 09:52:26 —-A—- C:WINDOWS14eathre9t7457z.dll
2009-10-02 09:36:27 —-A—- C:WINDOWSz3974sp5235.exe
2009-10-01 21:27:33 —-A—- C:WINDOWS5e5downloade9162z.exe
2009-09-28 22:18:03 —-A—- C:WINDOWSsystem3212dbzparse9255.exe
2009-09-20 06:36:11 —-A—- C:WINDOWS67ftz9e5t2775.dll
2009-09-07 18:53:05 —-A—- C:WINDOWS17936hzc5tool61.dll
2009-09-06 11:26:17 —-A—- C:WINDOWS2a95a9dwzre2838.dll
2009-09-02 13:06:47 —-A—- C:WINDOWSz982spambot9db5.dll
2009-09-02 12:45:55 —-A—- C:WINDOWS235z5worm9bb.dll
2009-08-22 09:42:27 —-A—- C:WINDOWS96643viruz565.dll
2009-08-16 02:03:01 —-A—- C:WINDOWSsystem321c89t9ie5859z.dll
2009-08-14 14:19:17 —-A—- C:WINDOWSsystem322097trzj4635.exe
2009-08-14 12:33:08 —-A—- C:WINDOWSsystem326629th9ef4z95.exe
2009-08-06 07:14:15 —-A—- C:WINDOWSsystem3223378viru5zf69.exe
2009-08-03 23:44:31 —-A—- C:WINDOWS24989sp59fz.dll
2009-07-24 09:18:16 —-A—- C:WINDOWSsystem321b2fd5wnloaz9r459.dll
2009-07-23 18:10:21 —-A—- C:WINDOWSsystem3236ebdow9loadez16395.exe
2009-07-22 16:47:39 —-A—- C:WINDOWSsystem32902zthreat32350.exe
2009-07-19 06:12:33 —-A—- C:WINDOWS9253spzrse2952.dll
2009-07-18 21:49:10 —-A—- C:WINDOWS2z339hack95ol572.exe
2009-07-18 00:18:08 —-A—- C:WINDOWS13454not-a-vi9uz3c5.dll
2009-07-13 17:47:31 —-A—- C:WINDOWSsystem322z521hack95ol7ac.exe
2009-07-12 01:26:31 —-A—- C:WINDOWSsystem324a3zthr5at114779.dll
2009-07-06 21:30:03 —-A—- C:WINDOWS486eback5o9z199.dll
2009-07-05 23:42:31 —-A—- C:WINDOWSsystem32179zbackdoor2531.exe
2009-06-27 05:19:20 —-A—- C:WINDOWSsystem3215z07tr9j65f.dll
2009-06-25 21:29:48 —-A—- C:WINDOWSsystem3236249ow5loadzr2308.exe
2009-06-24 15:45:35 —-A—- C:WINDOWSsystem32z2304s9y7a25.exe
2009-06-22 04:23:37 —-A—- C:WINDOWS41485hie92520z.exe
2009-06-21 04:08:00 —-A—- C:WINDOWSd4thre9t1z4665.exe
2009-06-10 01:52:54 —-A—- C:WINDOWS2500t9ief2z505.dll
2009-06-02 16:31:05 —-A—- C:WINDOWSsystem3297194zorm7b5.dll
2009-05-28 04:15:09 —-A—- C:WINDOWS9942not-a-vzr5s193.exe
2009-05-25 21:26:17 —-A—- C:WINDOWSsystem326971thr5zt288.exe
2009-05-22 01:00:38 —-A—- C:WINDOWS5f8ste9lz857.exe
2009-05-17 20:32:59 —-A—- C:WINDOWS296595t-a-virus498z.dll
2009-05-16 20:40:35 —-D—- C:Program Filestrend micro
2009-05-16 20:40:24 —-D—- C:rsit
2009-05-16 19:06:07 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-05-16 19:05:54 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-05-16 19:05:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-15 22:02:38 —-A—- C:WINDOWS7125spyw9re2z585.dll
2009-05-14 18:21:28 —-A—- C:WINDOWS6418zhi592347.dll
2009-05-14 17:08:33 —-A—- C:WINDOWSsystem329z075n5t-a-virus6.exe
2009-05-14 11:00:54 —-A—- C:WINDOWS29750spy15z9.dll
2009-05-13 13:22:09 —-A—- C:WINDOWSsystem32setup_XP.ini
2009-05-13 00:29:52 —-A—- C:WINDOWS5e1baddware949z.dll
2009-05-12 13:42:58 —-A—- C:WINDOWSsystem32658dthizf9127.exe
2009-05-12 13:42:58 —-A—- C:WINDOWS55923not-9-vzrus2c4.dll
2009-05-12 13:42:57 —-A—- C:WINDOWSsystem325823addzare5279.exe
2009-05-12 13:42:57 —-A—- C:WINDOWS282bthrz5915900.dll
2009-05-12 13:42:57 —-A—- C:WINDOWS15550spyze9.dll
2009-05-12 13:42:56 —-A—- C:WINDOWSsystem3223893z5t-a9virus298.exe
2009-05-12 13:42:56 —-A—- C:WINDOWS34zead9wa5e263.exe
2009-05-12 13:42:56 —-A—- C:WINDOWS2925dzwnl9ader976.exe
2009-05-12 13:42:54 —-A—- C:WINDOWSsystem32ef19teal1656z.dll
2009-05-12 13:42:54 —-A—- C:WINDOWSsystem3224298spamb595zd.dll
2009-05-12 13:42:51 —-A—- C:WINDOWS10540not-a-viru53b9z.dll
2009-05-12 13:42:48 —-A—- C:WINDOWSsystem3215585vir9sz56.exe
2009-05-12 13:42:47 —-A—- C:WINDOWS14582not-a-9iru56z5.exe
2009-05-12 13:42:45 —-A—- C:WINDOWS59cfszywa5e1603.exe
2009-05-12 13:42:37 —-A—- C:WINDOWS4551spa9se289z.dll
2009-05-12 13:42:36 —-A—- C:WINDOWSsystem325e66doznloader9429.dll
2009-05-12 13:42:34 —-A—- C:WINDOWS3e5fbazkdoor5999.dll
2009-05-12 13:42:34 —-A—- C:WINDOWS25e9vi9z96.dll
2009-05-12 13:42:34 —-A—- C:WINDOWS2248th9eaz25526.exe
2009-05-12 13:42:33 —-A—- C:WINDOWSsystem32944notza-95rus6a6.dll
2009-05-12 13:42:30 —-A—- C:WINDOWSsystem3259932viruz9f.dll
2009-05-12 13:42:30 —-A—- C:WINDOWS7573thi9f18z8.dll
2009-05-12 13:42:29 —-A—- C:WINDOWS5487zpy969.dll
2009-05-12 13:42:29 —-A—- C:WINDOWS3744ba9kd5or1651z.dll
2009-05-12 13:42:29 —-A—- C:WINDOWS20987vir5s3zc9.dll
2009-05-12 13:42:28 —-A—- C:WINDOWS16511hac95ooz467.exe
2009-05-12 13:42:25 —-A—- C:WINDOWSsystem325638zi5939.exe
2009-05-12 13:42:24 —-A—- C:WINDOWSsystem325105dozn9o5der1646.dll
2009-05-12 13:42:23 —-A—- C:WINDOWSsystem3299975rzj3c9.dll
2009-05-12 13:42:23 —-A—- C:WINDOWSsystem32291espar952354z.exe
2009-05-12 13:42:23 —-A—- C:WINDOWS92543hacktozl54.dll
2009-05-12 13:42:21 —-A—- C:WINDOWSsystem3292759tro524z.dll
2009-05-12 13:42:19 —-A—- C:WINDOWS51b89zief854.dll
2009-05-12 13:42:12 —-A—- C:WINDOWSsystem3225712z5rm1d69.exe
2009-05-12 13:42:11 —-A—- C:WINDOWSsystem324765s9ywaze1869.exe
2009-05-12 13:42:11 —-A—- C:WINDOWSsystem321d95wnloader952z.dll
2009-05-12 13:42:11 —-A—- C:WINDOWS14290zp511.exe
2009-05-12 13:42:10 —-A—- C:WINDOWSsystem321911vir9s459z.dll
2009-05-12 13:42:09 —-A—- C:WINDOWS5z4faddware9462.exe
2009-05-12 13:42:08 —-A—- C:WINDOWSz7025hac5tool289.exe
2009-05-12 13:42:08 —-A—- C:WINDOWSsystem323016backd9or55z.dll
2009-05-12 13:42:08 —-A—- C:WINDOWSsystem322fd5oz9loader3194.exe
2009-05-12 13:42:08 —-A—- C:WINDOWS789ztr5j2b0.exe
2009-05-12 13:42:05 —-A—- C:WINDOWSsystem325992vi5z457.dll
2009-05-12 13:42:04 —-A—- C:WINDOWSsystem3214693zot-9-virus685.dll
2009-05-12 13:41:59 —-A—- C:WINDOWSsystem329697adz5are448.dll
2009-05-12 13:41:59 —-A—- C:WINDOWS29a1threat1645z.exe
2009-05-12 13:41:55 —-A—- C:WINDOWSz9e9backdoor7155.dll
2009-05-12 13:41:54 —-A—- C:WINDOWSsystem32373viruz591.dll
2009-05-12 13:41:53 —-A—- C:WINDOWSsystem3249f6azdware2595.dll
2009-05-12 13:41:52 —-A—- C:WINDOWSsystem32985ba5zware726.exe
2009-05-12 13:41:49 —-A—- C:WINDOWSsystem325895t5ief938z.dll
2009-05-12 13:41:45 —-A—- C:WINDOWS908035acktozl20c.dll
2009-05-12 13:41:44 —-A—- C:WINDOWS68f9do5nlzader423.dll
2009-05-12 13:41:43 —-A—- C:WINDOWSsystem32c9caddzar59015.exe
2009-05-12 13:41:42 —-A—- C:WINDOWSsystem32setup2.exe
2009-05-08 07:21:31 —-A—- C:WINDOWSsystem321259ztr5j9a1.exe
2009-05-08 05:03:06 —-A—- C:WINDOWSsystem321z549ir11125.dll
2009-05-07 22:00:46 —-A—- C:WINDOWSsystem32z56sp9rse2521.exe
2009-05-06 00:36:56 —-A—- C:WINDOWS30z895orm5149.dll
2009-05-05 20:13:49 —-D—- C:Documents and SettingsUserApplication DataFieryAds
2009-05-01 04:56:37 —-A—- C:WINDOWS2258addwzre9252.dll
2009-04-25 16:35:38 —-A—- C:WINDOWS153wz9m325.exe
2009-04-22 17:52:53 —-A—- C:WINDOWS583bsparz51809.dll
2009-04-17 14:18:56 —-A—- C:WINDOWSsystem3218861notza-vi9us695.dll======List of files/folders modified in the last 1 months======
2009-05-16 19:40:18 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-16 17:52:56 —-A—- C:WINDOWSPrmtX.INI
2009-05-14 15:05:22 —-A—- C:WINDOWSNeroDigital.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-06-10 81288]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-12-01 928256]
R3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-21 17504]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2008-04-13 12800]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 vusbbus;Virtual Usb Bus Enumerator; C:WINDOWSsystem32DRIVERSvusbbus.sys [2006-08-19 52224]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSsystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-04-14 41984]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-09-30 2743840]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-12-01 425984]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-08-07 1073544]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2004-11-30 516096]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-03 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2004-09-30 127043]
S2 Service1;IB_Backup; C:StroySoftUtilsIB_Backup.exe []
S3 AVP;Kaspersky Internet Security 6.0; C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe [2006-03-24 139367]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логу ваш диск F (флешка ?) заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
dwshd
sfc
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"WiniBlueSoft"=-
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"setup2.exe"=-
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{32e4a2ba-158e-11dc-b730-000fead6e02d}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{603a4152-6f48-11dc-b791-000fead6e02d}]
:files
F:Recycledctfmon.exe
F:EXPLORER.EXE
C:WINDOWSsystem32setup2.exe
C:Program FilesWiniBlueSoft Software
C:WINDOWSsystem3255ad9pyware883z.dll
C:WINDOWS5597vir33z.dll
C:WINDOWSsystem32310adownlza9e51353.exe
C:WINDOWS6e5backzoor51739.exe
C:WINDOWS293zs9y503.dll
C:WINDOWS7cd5down5oaze92691.dll
C:WINDOWSsystem32699zthr5at27751.dll
C:WINDOWSsystem32z9576worm6a.exe
C:WINDOWSsystem321763595zus6f2.exe
C:WINDOWS13383hackt5olz89.dll
C:WINDOWSsystem3229970trzj55f.exe
C:WINDOWS6536backdoo9257z.dll
C:WINDOWSsystem3243bzddwa5e1994.dll
C:WINDOWSsystem326z1baddwar52993.dll
C:WINDOWS459faddw9r51492z.dll
C:WINDOWSsystem325f29s9y5arez118.exe
C:WINDOWS1292zir521.exe
C:WINDOWSsystem3223z99wo5m49e.dll
C:WINDOWSsystem3210985not9a-virus5z5.exe
C:WINDOWSsystem325665spazse10749.exe
C:WINDOWS3z1athr9a517127.dll
C:WINDOWSsystem324f0daddwar559z.exe
C:WINDOWS1dff95arse1227z.dll
C:WINDOWSz953worm57a5.exe
C:WINDOWSsystem324a7z5ackdoor11819.exe
C:WINDOWSsystem32104spaz5e5009.dll
C:WINDOWS15d0v5z9193.exe
C:WINDOWS1e6bvzr295.exe
C:WINDOWS18405zt-a9virus72d.dll
C:WINDOWS23701sz51fd9.dll
C:WINDOWSsystem325f97v9rz6735.exe
C:WINDOWS5935wozm559.dll
C:WINDOWS14eathre9t7457z.dll
C:WINDOWSz3974sp5235.exe
C:WINDOWS5e5downloade9162z.exe
C:WINDOWSsystem3212dbzparse9255.exe
C:WINDOWS67ftz9e5t2775.dll
C:WINDOWS17936hzc5tool61.dll
C:WINDOWS2a95a9dwzre2838.dll
C:WINDOWSz982spambot9db5.dll
C:WINDOWS235z5worm9bb.dll
C:WINDOWS96643viruz565.dll
C:WINDOWSsystem321c89t9ie5859z.dll
C:WINDOWSsystem322097trzj4635.exe
C:WINDOWSsystem326629th9ef4z95.exe
C:WINDOWSsystem3223378viru5zf69.exe
C:WINDOWS24989sp59fz.dll
C:WINDOWSsystem321b2fd5wnloaz9r459.dll
C:WINDOWSsystem3236ebdow9loadez16395.exe
C:WINDOWSsystem32902zthreat32350.exe
C:WINDOWS9253spzrse2952.dll
C:WINDOWS2z339hack95ol572.exe
C:WINDOWS13454not-a-vi9uz3c5.dll
C:WINDOWSsystem322z521hack95ol7ac.exe
C:WINDOWSsystem324a3zthr5at114779.dll
C:WINDOWS486eback5o9z199.dll
C:WINDOWSsystem32179zbackdoor2531.exe
C:WINDOWSsystem3215z07tr9j65f.dll
C:WINDOWSsystem3236249ow5loadzr2308.exe
C:WINDOWSsystem32z2304s9y7a25.exe
C:WINDOWS41485hie92520z.exe
C:WINDOWSd4thre9t1z4665.exe
C:WINDOWS2500t9ief2z505.dll
C:WINDOWSsystem3297194zorm7b5.dll
C:WINDOWS9942not-a-vzr5s193.exe
C:WINDOWSsystem326971thr5zt288.exe
C:WINDOWS5f8ste9lz857.exe
C:WINDOWS296595t-a-virus498z.dll
C:WINDOWS7125spyw9re2z585.dll
C:WINDOWS6418zhi592347.dll
C:WINDOWSsystem329z075n5t-a-virus6.exe
C:WINDOWS29750spy15z9.dll
C:WINDOWS5e1baddware949z.dll
C:WINDOWSsystem32658dthizf9127.exe
C:WINDOWS55923not-9-vzrus2c4.dll
C:WINDOWSsystem325823addzare5279.exe
C:WINDOWS282bthrz5915900.dll
C:WINDOWS15550spyze9.dll
C:WINDOWSsystem3223893z5t-a9virus298.exe
C:WINDOWS34zead9wa5e263.exe
C:WINDOWS2925dzwnl9ader976.exe
C:WINDOWSsystem32ef19teal1656z.dll
C:WINDOWSsystem3224298spamb595zd.dll
C:WINDOWS10540not-a-viru53b9z.dll
C:WINDOWSsystem3215585vir9sz56.exe
C:WINDOWS14582not-a-9iru56z5.exe
C:WINDOWS59cfszywa5e1603.exe
C:WINDOWS4551spa9se289z.dll
C:WINDOWSsystem325e66doznloader9429.dll
C:WINDOWS3e5fbazkdoor5999.dll
C:WINDOWS25e9vi9z96.dll
C:WINDOWS2248th9eaz25526.exe
C:WINDOWSsystem32944notza-95rus6a6.dll
C:WINDOWSsystem3259932viruz9f.dll
C:WINDOWS7573thi9f18z8.dll
C:WINDOWS5487zpy969.dll
C:WINDOWS3744ba9kd5or1651z.dll
C:WINDOWS20987vir5s3zc9.dll
C:WINDOWS16511hac95ooz467.exe
C:WINDOWSsystem325638zi5939.exe
C:WINDOWSsystem325105dozn9o5der1646.dll
C:WINDOWSsystem3299975rzj3c9.dll
C:WINDOWSsystem32291espar952354z.exe
C:WINDOWS92543hacktozl54.dll
C:WINDOWSsystem3292759tro524z.dll
C:WINDOWS51b89zief854.dll
C:WINDOWSsystem3225712z5rm1d69.exe
C:WINDOWSsystem324765s9ywaze1869.exe
C:WINDOWSsystem321d95wnloader952z.dll
C:WINDOWS14290zp511.exe
C:WINDOWSsystem321911vir9s459z.dll
C:WINDOWS5z4faddware9462.exe
C:WINDOWSz7025hac5tool289.exe
C:WINDOWSsystem323016backd9or55z.dll
C:WINDOWSsystem322fd5oz9loader3194.exe
C:WINDOWS789ztr5j2b0.exe
C:WINDOWSsystem325992vi5z457.dll
C:WINDOWSsystem3214693zot-9-virus685.dll
C:WINDOWSsystem329697adz5are448.dll
C:WINDOWS29a1threat1645z.exe
C:WINDOWSz9e9backdoor7155.dll
C:WINDOWSsystem32373viruz591.dll
C:WINDOWSsystem3249f6azdware2595.dll
C:WINDOWSsystem32985ba5zware726.exe
C:WINDOWSsystem325895t5ief938z.dll
C:WINDOWS908035acktozl20c.dll
C:WINDOWS68f9do5nlzader423.dll
C:WINDOWSsystem32c9caddzar59015.exe
C:WINDOWSsystem32setup2.exe
C:WINDOWSsystem321259ztr5j9a1.exe
C:WINDOWSsystem321z549ir11125.dll
C:WINDOWSsystem32z56sp9rse2521.exe
C:WINDOWS30z895orm5149.dll
C:Documents and SettingsUserApplication DataFieryAds
C:WINDOWS2258addwzre9252.dll
C:WINDOWS153wz9m325.exe
C:WINDOWS583bsparz51809.dll
C:WINDOWSsystem3218861notza-vi9us695.dll
C:WINDOWSSystem32driversdwshd.sys
C:WINDOWSsystem32driverssfc.sys
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог (log.txt).
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver dwshd not found.
ServiceDriver dwshd not found.
ServiceDriver sfc not found.
ServiceDriver sfc not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}\ not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\WiniBlueSoft not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\setup2.exe not found.
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys\ .
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys\ .
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{32e4a2ba-158e-11dc-b730-000fead6e02d}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{603a4152-6f48-11dc-b791-000fead6e02d}\ not found.
========== FILES ==========
File/Folder F:Recycledctfmon.exe not found.
File/Folder F:EXPLORER.EXE not found.
File/Folder C:WINDOWSsystem32setup2.exe not found.
File/Folder C:Program FilesWiniBlueSoft Software not found.
File/Folder C:WINDOWSsystem3255ad9pyware883z.dll not found.
File/Folder C:WINDOWS5597vir33z.dll not found.
File/Folder C:WINDOWSsystem32310adownlza9e51353.exe not found.
File/Folder C:WINDOWS6e5backzoor51739.exe not found.
File/Folder C:WINDOWS293zs9y503.dll not found.
File/Folder C:WINDOWS7cd5down5oaze92691.dll not found.
File/Folder C:WINDOWSsystem32699zthr5at27751.dll not found.
File/Folder C:WINDOWSsystem32z9576worm6a.exe not found.
File/Folder C:WINDOWSsystem321763595zus6f2.exe not found.
File/Folder C:WINDOWS13383hackt5olz89.dll not found.
File/Folder C:WINDOWSsystem3229970trzj55f.exe not found.
File/Folder C:WINDOWS6536backdoo9257z.dll not found.
File/Folder C:WINDOWSsystem3243bzddwa5e1994.dll not found.
File/Folder C:WINDOWSsystem326z1baddwar52993.dll not found.
File/Folder C:WINDOWS459faddw9r51492z.dll not found.
File/Folder C:WINDOWSsystem325f29s9y5arez118.exe not found.
File/Folder C:WINDOWS1292zir521.exe not found.
File/Folder C:WINDOWSsystem3223z99wo5m49e.dll not found.
File/Folder C:WINDOWSsystem3210985not9a-virus5z5.exe not found.
File/Folder C:WINDOWSsystem325665spazse10749.exe not found.
File/Folder C:WINDOWS3z1athr9a517127.dll not found.
File/Folder C:WINDOWSsystem324f0daddwar559z.exe not found.
File/Folder C:WINDOWS1dff95arse1227z.dll not found.
File/Folder C:WINDOWSz953worm57a5.exe not found.
File/Folder C:WINDOWSsystem324a7z5ackdoor11819.exe not found.
File/Folder C:WINDOWSsystem32104spaz5e5009.dll not found.
File/Folder C:WINDOWS15d0v5z9193.exe not found.
File/Folder C:WINDOWS1e6bvzr295.exe not found.
File/Folder C:WINDOWS18405zt-a9virus72d.dll not found.
File/Folder C:WINDOWS23701sz51fd9.dll not found.
File/Folder C:WINDOWSsystem325f97v9rz6735.exe not found.
File/Folder C:WINDOWS5935wozm559.dll not found.
File/Folder C:WINDOWS14eathre9t7457z.dll not found.
File/Folder C:WINDOWSz3974sp5235.exe not found.
File/Folder C:WINDOWS5e5downloade9162z.exe not found.
File/Folder C:WINDOWSsystem3212dbzparse9255.exe not found.
File/Folder C:WINDOWS67ftz9e5t2775.dll not found.
File/Folder C:WINDOWS17936hzc5tool61.dll not found.
File/Folder C:WINDOWS2a95a9dwzre2838.dll not found.
File/Folder C:WINDOWSz982spambot9db5.dll not found.
File/Folder C:WINDOWS235z5worm9bb.dll not found.
File/Folder C:WINDOWS96643viruz565.dll not found.
File/Folder C:WINDOWSsystem321c89t9ie5859z.dll not found.
File/Folder C:WINDOWSsystem322097trzj4635.exe not found.
File/Folder C:WINDOWSsystem326629th9ef4z95.exe not found.
File/Folder C:WINDOWSsystem3223378viru5zf69.exe not found.
File/Folder C:WINDOWS24989sp59fz.dll not found.
File/Folder C:WINDOWSsystem321b2fd5wnloaz9r459.dll not found.
File/Folder C:WINDOWSsystem3236ebdow9loadez16395.exe not found.
File/Folder C:WINDOWSsystem32902zthreat32350.exe not found.
File/Folder C:WINDOWS9253spzrse2952.dll not found.
File/Folder C:WINDOWS2z339hack95ol572.exe not found.
File/Folder C:WINDOWS13454not-a-vi9uz3c5.dll not found.
File/Folder C:WINDOWSsystem322z521hack95ol7ac.exe not found.
File/Folder C:WINDOWSsystem324a3zthr5at114779.dll not found.
File/Folder C:WINDOWS486eback5o9z199.dll not found.
File/Folder C:WINDOWSsystem32179zbackdoor2531.exe not found.
File/Folder C:WINDOWSsystem3215z07tr9j65f.dll not found.
File/Folder C:WINDOWSsystem3236249ow5loadzr2308.exe not found.
File/Folder C:WINDOWSsystem32z2304s9y7a25.exe not found.
File/Folder C:WINDOWS41485hie92520z.exe not found.
File/Folder C:WINDOWSd4thre9t1z4665.exe not found.
File/Folder C:WINDOWS2500t9ief2z505.dll not found.
File/Folder C:WINDOWSsystem3297194zorm7b5.dll not found.
File/Folder C:WINDOWS9942not-a-vzr5s193.exe not found.
File/Folder C:WINDOWSsystem326971thr5zt288.exe not found.
File/Folder C:WINDOWS5f8ste9lz857.exe not found.
LoadLibrary failed for C:WINDOWS296595t-a-virus498z.dll
C:WINDOWS296595t-a-virus498z.dll NOT unregistered.
C:WINDOWS296595t-a-virus498z.dll moved successfully.
LoadLibrary failed for C:WINDOWS7125spyw9re2z585.dll
C:WINDOWS7125spyw9re2z585.dll NOT unregistered.
C:WINDOWS7125spyw9re2z585.dll moved successfully.
LoadLibrary failed for C:WINDOWS6418zhi592347.dll
C:WINDOWS6418zhi592347.dll NOT unregistered.
C:WINDOWS6418zhi592347.dll moved successfully.
C:WINDOWSsystem329z075n5t-a-virus6.exe moved successfully.
LoadLibrary failed for C:WINDOWS29750spy15z9.dll
C:WINDOWS29750spy15z9.dll NOT unregistered.
C:WINDOWS29750spy15z9.dll moved successfully.
LoadLibrary failed for C:WINDOWS5e1baddware949z.dll
C:WINDOWS5e1baddware949z.dll NOT unregistered.
C:WINDOWS5e1baddware949z.dll moved successfully.
C:WINDOWSsystem32658dthizf9127.exe moved successfully.
LoadLibrary failed for C:WINDOWS55923not-9-vzrus2c4.dll
C:WINDOWS55923not-9-vzrus2c4.dll NOT unregistered.
C:WINDOWS55923not-9-vzrus2c4.dll moved successfully.
C:WINDOWSsystem325823addzare5279.exe moved successfully.
LoadLibrary failed for C:WINDOWS282bthrz5915900.dll
C:WINDOWS282bthrz5915900.dll NOT unregistered.
C:WINDOWS282bthrz5915900.dll moved successfully.
LoadLibrary failed for C:WINDOWS15550spyze9.dll
C:WINDOWS15550spyze9.dll NOT unregistered.
C:WINDOWS15550spyze9.dll moved successfully.
C:WINDOWSsystem3223893z5t-a9virus298.exe moved successfully.
C:WINDOWS34zead9wa5e263.exe moved successfully.
C:WINDOWS2925dzwnl9ader976.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem32ef19teal1656z.dll
C:WINDOWSsystem32ef19teal1656z.dll NOT unregistered.
C:WINDOWSsystem32ef19teal1656z.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3224298spamb595zd.dll
C:WINDOWSsystem3224298spamb595zd.dll NOT unregistered.
C:WINDOWSsystem3224298spamb595zd.dll moved successfully.
LoadLibrary failed for C:WINDOWS10540not-a-viru53b9z.dll
C:WINDOWS10540not-a-viru53b9z.dll NOT unregistered.
C:WINDOWS10540not-a-viru53b9z.dll moved successfully.
C:WINDOWSsystem3215585vir9sz56.exe moved successfully.
C:WINDOWS14582not-a-9iru56z5.exe moved successfully.
C:WINDOWS59cfszywa5e1603.exe moved successfully.
LoadLibrary failed for C:WINDOWS4551spa9se289z.dll
C:WINDOWS4551spa9se289z.dll NOT unregistered.
C:WINDOWS4551spa9se289z.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem325e66doznloader9429.dll
C:WINDOWSsystem325e66doznloader9429.dll NOT unregistered.
C:WINDOWSsystem325e66doznloader9429.dll moved successfully.
LoadLibrary failed for C:WINDOWS3e5fbazkdoor5999.dll
C:WINDOWS3e5fbazkdoor5999.dll NOT unregistered.
C:WINDOWS3e5fbazkdoor5999.dll moved successfully.
LoadLibrary failed for C:WINDOWS25e9vi9z96.dll
C:WINDOWS25e9vi9z96.dll NOT unregistered.
C:WINDOWS25e9vi9z96.dll moved successfully.
C:WINDOWS2248th9eaz25526.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem32944notza-95rus6a6.dll
C:WINDOWSsystem32944notza-95rus6a6.dll NOT unregistered.
C:WINDOWSsystem32944notza-95rus6a6.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3259932viruz9f.dll
C:WINDOWSsystem3259932viruz9f.dll NOT unregistered.
C:WINDOWSsystem3259932viruz9f.dll moved successfully.
LoadLibrary failed for C:WINDOWS7573thi9f18z8.dll
C:WINDOWS7573thi9f18z8.dll NOT unregistered.
C:WINDOWS7573thi9f18z8.dll moved successfully.
LoadLibrary failed for C:WINDOWS5487zpy969.dll
C:WINDOWS5487zpy969.dll NOT unregistered.
C:WINDOWS5487zpy969.dll moved successfully.
LoadLibrary failed for C:WINDOWS3744ba9kd5or1651z.dll
C:WINDOWS3744ba9kd5or1651z.dll NOT unregistered.
C:WINDOWS3744ba9kd5or1651z.dll moved successfully.
LoadLibrary failed for C:WINDOWS20987vir5s3zc9.dll
C:WINDOWS20987vir5s3zc9.dll NOT unregistered.
C:WINDOWS20987vir5s3zc9.dll moved successfully.
C:WINDOWS16511hac95ooz467.exe moved successfully.
C:WINDOWSsystem325638zi5939.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem325105dozn9o5der1646.dll
C:WINDOWSsystem325105dozn9o5der1646.dll NOT unregistered.
C:WINDOWSsystem325105dozn9o5der1646.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3299975rzj3c9.dll
C:WINDOWSsystem3299975rzj3c9.dll NOT unregistered.
C:WINDOWSsystem3299975rzj3c9.dll moved successfully.
C:WINDOWSsystem32291espar952354z.exe moved successfully.
LoadLibrary failed for C:WINDOWS92543hacktozl54.dll
C:WINDOWS92543hacktozl54.dll NOT unregistered.
C:WINDOWS92543hacktozl54.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3292759tro524z.dll
C:WINDOWSsystem3292759tro524z.dll NOT unregistered.
C:WINDOWSsystem3292759tro524z.dll moved successfully.
LoadLibrary failed for C:WINDOWS51b89zief854.dll
C:WINDOWS51b89zief854.dll NOT unregistered.
C:WINDOWS51b89zief854.dll moved successfully.
C:WINDOWSsystem3225712z5rm1d69.exe moved successfully.
C:WINDOWSsystem324765s9ywaze1869.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem321d95wnloader952z.dll
C:WINDOWSsystem321d95wnloader952z.dll NOT unregistered.
C:WINDOWSsystem321d95wnloader952z.dll moved successfully.
C:WINDOWS14290zp511.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem321911vir9s459z.dll
C:WINDOWSsystem321911vir9s459z.dll NOT unregistered.
C:WINDOWSsystem321911vir9s459z.dll moved successfully.
C:WINDOWS5z4faddware9462.exe moved successfully.
C:WINDOWSz7025hac5tool289.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem323016backd9or55z.dll
C:WINDOWSsystem323016backd9or55z.dll NOT unregistered.
C:WINDOWSsystem323016backd9or55z.dll moved successfully.
C:WINDOWSsystem322fd5oz9loader3194.exe moved successfully.
C:WINDOWS789ztr5j2b0.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem325992vi5z457.dll
C:WINDOWSsystem325992vi5z457.dll NOT unregistered.
C:WINDOWSsystem325992vi5z457.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3214693zot-9-virus685.dll
C:WINDOWSsystem3214693zot-9-virus685.dll NOT unregistered.
C:WINDOWSsystem3214693zot-9-virus685.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem329697adz5are448.dll
C:WINDOWSsystem329697adz5are448.dll NOT unregistered.
C:WINDOWSsystem329697adz5are448.dll moved successfully.
C:WINDOWS29a1threat1645z.exe moved successfully.
LoadLibrary failed for C:WINDOWSz9e9backdoor7155.dll
C:WINDOWSz9e9backdoor7155.dll NOT unregistered.
C:WINDOWSz9e9backdoor7155.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem32373viruz591.dll
C:WINDOWSsystem32373viruz591.dll NOT unregistered.
C:WINDOWSsystem32373viruz591.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3249f6azdware2595.dll
C:WINDOWSsystem3249f6azdware2595.dll NOT unregistered.
C:WINDOWSsystem3249f6azdware2595.dll moved successfully.
C:WINDOWSsystem32985ba5zware726.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem325895t5ief938z.dll
C:WINDOWSsystem325895t5ief938z.dll NOT unregistered.
C:WINDOWSsystem325895t5ief938z.dll moved successfully.
LoadLibrary failed for C:WINDOWS908035acktozl20c.dll
C:WINDOWS908035acktozl20c.dll NOT unregistered.
C:WINDOWS908035acktozl20c.dll moved successfully.
LoadLibrary failed for C:WINDOWS68f9do5nlzader423.dll
C:WINDOWS68f9do5nlzader423.dll NOT unregistered.
C:WINDOWS68f9do5nlzader423.dll moved successfully.
C:WINDOWSsystem32c9caddzar59015.exe moved successfully.
File/Folder C:WINDOWSsystem32setup2.exe not found.
C:WINDOWSsystem321259ztr5j9a1.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem321z549ir11125.dll
C:WINDOWSsystem321z549ir11125.dll NOT unregistered.
C:WINDOWSsystem321z549ir11125.dll moved successfully.
C:WINDOWSsystem32z56sp9rse2521.exe moved successfully.
LoadLibrary failed for C:WINDOWS30z895orm5149.dll
C:WINDOWS30z895orm5149.dll NOT unregistered.
C:WINDOWS30z895orm5149.dll moved successfully.
C:Documents and SettingsUserApplication DataFieryAds moved successfully.
LoadLibrary failed for C:WINDOWS2258addwzre9252.dll
C:WINDOWS2258addwzre9252.dll NOT unregistered.
C:WINDOWS2258addwzre9252.dll moved successfully.
C:WINDOWS153wz9m325.exe moved successfully.
LoadLibrary failed for C:WINDOWS583bsparz51809.dll
C:WINDOWS583bsparz51809.dll NOT unregistered.
C:WINDOWS583bsparz51809.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3218861notza-vi9us695.dll
C:WINDOWSsystem3218861notza-vi9us695.dll NOT unregistered.
C:WINDOWSsystem3218861notza-vi9us695.dll moved successfully.
File/Folder C:WINDOWSSystem32driversdwshd.sys not found.
File/Folder C:WINDOWSsystem32driverssfc.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1UserLOCALS~1TempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempCookiesindex.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1mail[2].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5G0CJBZETmail[2].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE516C0HPEBmail[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5HZ9ZZE0Sbind[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5RORI9C9Kviewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempJET399F.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStemp~DF359E.tmp scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempcgj5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05192009_215536
Files moved on Reboot…
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1mail[2].htm not found!
C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1viewtopic[1].htm moved successfully.
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5G0CJBZETmail[2].htm not found!
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE516C0HPEBmail[1].htm not found!
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5HZ9ZZE0Sbind[1].htm not found!
C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5RORI9C9Kviewtopic[1].htm moved successfully.
File C:DOCUME~1UserLOCALS~1TempJET399F.tmp not found!
C:Documents and SettingsUserLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:WINDOWStemp~DF359E.tmp moved successfully.
C:WINDOWStempcgj5.tmp moved successfully.Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-21 19:04:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 68 GB (59%) free of 114 GB
Total RAM: 511 MB (39% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:59, on 16.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFirebirdbinibguard.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesSpyware DoctorpctsTray.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesD-Toolsdaemon.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesICQ6ICQ.exe
C:WINDOWSsystem32setup2.exe
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:Program FilesACD SystemsImageFoxImageFox.exe
C:Program FilesFirebirdbinibserver.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:WINDOWSSystem32alg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSYSTEM32NOTEPAD.EXE
C:Documents and SettingsUserРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microUser.exe
C:Program FilesX-Translator GOLDXTRAPrmtX.exe
C:Program FilesX-Translator GOLDPromtsvr.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ru/ig?hl=ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Доступ к платному контенту FieryAds v2.0.0 — {6D125299-C2A9-4DBC-BEC3-6F7124E39A41} — C:DOCUME~1UserAPPLIC~1FieryAdsFieryAds.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O3 — Toolbar: XTRANS — {DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKLM..Run: [WiniBlueSoft] C:Program FilesWiniBlueSoft SoftwareWiniBlueSoftWiniBlueSoft.exe -min
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [wsctf.exe] wsctf.exe
O4 — HKCU..Run: [AdobeUpdater] «C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe»
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [setup2.exe] C:WINDOWSsystem32setup2.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAIDraid_tool.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 — Global Startup: MultiLex Universal Hotkeys.lnk = C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
O4 — Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O4 — Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: ImageFox.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Настройки перевода — C:Program FilesX-Translator GOLDPRMTEToptions.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Перевод страницы — C:Program FilesX-Translator GOLDPRMTETtranslat.htm
O9 — Extra button: Веб-Антивирус — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) — file://C:Program FilesAutoCAD 2002AcDcToday.ocx
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) — file://C:Program FilesAutoCAD 2002InstBanr.ocx
O16 — DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) — file://C:Program FilesAutoCAD 2002InstFred.ocx
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) — file://C:Program FilesAutoCAD 2002AcPreview.ocx
O17 — HKLMSystemCCSServicesTcpip..{315A4568-AB50-4B16-8587-9023F3150455}: NameServer = 85.255.113.134 85.255.112.140
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Internet Security 6.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: IB_Backup (Service1) — Unknown owner — C:StroySoftUtilsIB_Backup.exe (file missing)
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10115 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll [2009-04-03 668656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — XTRANS — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll [2002-07-15 212992]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-27 849392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2004-09-30 4603904]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2004-09-30 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-11-30 344064]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-12-22 77824]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«»= []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-07-16 1166216][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«wsctf.exe»=wsctf.exe []
«AdobeUpdater»=C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe []
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
VIA RAID TOOL.lnk — C:Program FilesVIARAIDraid_tool.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
MultiLex Universal Hotkeys.lnk — C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
Ulead Photo Express 4.0 SE Calendar Checker .lnk — C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
Adobe Gamma Loader.exe.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
ImageFox.lnk — C:WINDOWSInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2004-12-01 94208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2006-03-24 28778][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifynbwepapf]
C:WINDOWSsystem32nbwepapf.dll [2009-05-19 16896][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe:*:Enabled:µTorrent»
«C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.ini — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1
.scr — open — C:WINDOWSNOTEPAD.EXE «%1»
.scr — install —
.scr — config —
.txt — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1======List of files/folders created in the last 1 months======
2009-05-19 21:47:18 —-A—- C:WINDOWSsystem32nbwepapf.dll
2009-05-19 21:27:08 —-HD—- C:WINDOWSPIF
2009-05-19 21:10:37 —-D—- C:_OTMoveIt
2009-05-19 20:09:11 —-RASHD—- C:autorun.inf
2009-05-16 20:40:35 —-D—- C:Program Filestrend micro
2009-05-16 20:40:24 —-D—- C:rsit
2009-05-16 19:06:07 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-05-16 19:05:54 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-05-16 19:05:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-13 13:22:09 —-A—- C:WINDOWSsystem32setup_XP.ini======List of files/folders modified in the last 1 months======
2009-05-21 18:03:38 —-A—- C:WINDOWSNeroDigital.ini
2009-05-21 14:05:16 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-19 20:46:46 —-A—- C:WINDOWSPrmtX.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-06-10 81288]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-12-01 928256]
R3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-21 17504]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2008-04-13 12800]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 vusbbus;Virtual Usb Bus Enumerator; C:WINDOWSsystem32DRIVERSvusbbus.sys [2006-08-19 52224]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSsystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-04-14 41984]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-09-30 2743840]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-12-01 425984]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-08-07 1073544]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2004-11-30 516096]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-03 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2004-09-30 127043]
S2 Service1;IB_Backup; C:StroySoftUtilsIB_Backup.exe []
S3 AVP;Kaspersky Internet Security 6.0; C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe [2006-03-24 139367]
EOF
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Combofix выдал лог файл:
ComboFix 09-05-21.08 — User 22.05.2009 21:57.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.221 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Kaspersky Internet Security 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security 6.0 *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsUserLocal SettingsTemporary Internet Files005B0CEE_9E44_4874_BB3A_AA90BF414B9B.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files01166880_8BC0_4d39_A5B3_2B79D15BD947.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files1F48DC7F-5AAB-4068-94FB-28260DD487DD.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files224C20AC-2B10-4f47-A087-071DF48FA255.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesA9C3BB22_B095_4bb9_A4FD_1CB3643AF9A0.jpg
c:documents and settingsUserLocal SettingsTemporary Internet FilesADED7C5B-E485-4485-8089-5F2E2DE42E91.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesB12B218E_7A00_457d_BC82_2757D4C18CC1.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesC82F82E3_1710_4965_ACF4_176308ED93A5.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesD0FE389E_400B_440b_9071_2587A57961E3.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesD376F538-6C5D-41ae-B596-C030BE6366B7.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesDE6B7F39_B028_48ef_8D77_5471C7278A14.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE293A409_F14F_4c04_962F_4FE36C7CDD9F.jpg
c:documents and settingsUserLocal SettingsTemporary Internet FilesE99CE768_8677_4652_B475_BA6BE092A64A.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.38
c:documents and settingsUserLocal SettingsTemporary Internet FilesF3FCCA3A_1396_4121_84BC_C7AA4524D721.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesFE560CBF_28CF_4906_A438_C86C6CA84F93.gif
c:windows10725not-z-v5rusa09.exe
c:windows10753zr9j87.dll
c:windows10814s59zbot6c9.cpl
c:windows1092downloa5er51z.ocx
c:windows10957troj5eez.ocx
c:windows11195r28z1.dll
c:windows11221wo5z9e2.ocx
c:windows1139bzckdoo51939.ocx
c:windows11z05ack9oor698.ocx
c:windows11z459orm6985.bin
c:windows11z86hackt5olac9.exe
c:windows1335spamzot1895.dll
c:windows136z2v5rus5b59.bin
c:windows1371zviru921c5.dll
c:windows144adow5zoade9515.bin
c:windows1455zspy595.bin
c:windows149z85irus53.dll
c:windows15173worm4zc9.ocx
c:windows15288not-a9virus6z3.ocx
c:windows16175hackt9oz64b.ocx
c:windows16303zor5b9.exe
c:windows1654s9arse226z.cpl
c:windows16652spzmbot549.bin
c:windows16657zpambo95f5.dll
c:windows16z0s592a6.ocx
c:windows16z45ac9door191.cpl
c:windows170c5pyzare989.cpl
c:windows17529spa9zot4a6.ocx
c:windows1790down9oaderz615.cpl
c:windows17938ha5ktzol19f.cpl
c:windows17954not-a5virus2z6.bin
c:windows18075tro539z.ocx
c:windows18150vir958ez.bin
c:windows18351noz-a-vi9us456.exe
c:windows18495wormz5c.ocx
c:windows18830tz9j3c5.cpl
c:windows1905pyware1z54.bin
c:windows19579z9rusf1.bin
c:windows1959rzj65.bin
c:windows19975viruszf9.cpl
c:windows19z83ha9ktool550.exe
c:windows1caesze59585.bin
c:windows1z185spambo59ef.bin
c:windows1z39sparse2569.cpl
c:windows206z55roj597.exe
c:windows2094zt9oj25.ocx
c:windows20bzspa5se2930.dll
c:windows210569ac5tozl3fb.cpl
c:windows21194w9zm645.cpl
c:windows21196worm5f5z.bin
c:windows214565iruz29e.exe
c:windows21619worz21e5.ocx
c:windows22215spamboz7569.ocx
c:windows22304noz5a-viruse9.ocx
c:windows223z5vir9530f.dll
c:windows22519hacktoolz58.ocx
c:windows229csp5warz1980.cpl
c:windows22c55hrea913046z.ocx
c:windows22d95hreaz20422.bin
c:windows23458t5zj903.cpl
c:windows2391zvi5us25d.bin
c:windows23c9ba59zoor1006.dll
c:windows24131not-a-virzs9b5.dll
c:windows2499sp5rse2789z.bin
c:windows25227vzrus199.ocx
c:windows254z5ha9ktool16e.ocx
c:windows25599hzcktool359.bin
c:windows2585vi9us43bz.cpl
c:windows25862spa95ot498z.cpl
c:windows259859ormz9b.exe
c:windows259z1s9y2b5.ocx
c:windows2627baczd9or4305.bin
c:windows26440no5za-v9rus434.cpl
c:windows269z5wormb9.dll
c:windows26bdstea55z09.dll
c:windows2743n9t-a-zirus16f5.dll
c:windows27455viruz69a.dll
c:windows2748vz9592.bin
c:windows27552szam9ot2ea.dll
c:windows27657ha5ktooz699.ocx
c:windows27735hacz9ool33f.ocx
c:windows27859wo9m6zd.bin
c:windows2789ztroj915.cpl
c:windows28069vi9uszcc5.ocx
c:windows285925roz59a.dll
c:windows2899stezl5262.cpl
c:windows29059trzj5c1.cpl
c:windows29158woz94bc5.exe
c:windows29195troj5zc.dll
c:windows29288viruz757.ocx
c:windows29453vi9us4za.dll
c:windows29568trojzff5.bin
c:windows295z5s5y7e39.cpl
c:windows295z9troj255.cpl
c:windows29957hackzool9f.dll
c:windows29z57spyca5.exe
c:windows2b84do9nl5ader245z.ocx
c:windows2bc4vir5z09.bin
c:windows2e5iz3291.cpl
c:windows2ec5dowzloader2901.dll
c:windows2ezfbackdoor9359.exe
c:windows2fc9add5zre1799.exe
c:windows2z059spy97e.bin
c:windows2z2espyware5393.cpl
c:windows2z559n9t-a-virus6e8.bin
c:windows2z745worm938.cpl
c:windows2z9689ot-5-virus4f6.exe
c:windows2zd49ackd5or3217.bin
c:windows305z0no9-a-vi5us2e8.cpl
c:windows30935hacktool9z.ocx
c:windows30a4zh9ef3570.bin
c:windows31151not-a-viruz5f99.bin
c:windows3136t5reat27z349.bin
c:windows315z9spy45.bin
c:windows3182szambot97d5.bin
c:windows3188zacktoo95e6.cpl
c:windows318975zambotcf.cpl
c:windows31e3stzal955.ocx
c:windows32477nzt-a-59rus7e4.ocx
c:windows32938t5ojez.exe
c:windows33a05zi9f2415.bin
c:windows35069spamz9t33.bin
c:windows3550szarse2955.ocx
c:windows3560d9wnzoa5er2587.dll
c:windows35bbsteaz9397.bin
c:windows35c8sp9rse4z5.exe
c:windows35ecspars9413z.cpl
c:windows36459parse272z.exe
c:windows3664d5znloa9er1048.ocx
c:windows3715t9zeat482.cpl
c:windows394zthreat256739.cpl
c:windows3971spyw95ez32.cpl
c:windows3a66t95eatz1969.dll
c:windows3c9aspa5se2770z.ocx
c:windows3d435ownzoader1193.ocx
c:windows3d94dowzlo5der2343.cpl
c:windows3d9zvir2354.bin
c:windows3db9hreat51z50.dll
c:windows3fe9addzare1085.bin
c:windows3z07not9a-viru5732.bin
c:windows3z169hre5t59.cpl
c:windows3z40wor5966.ocx
c:windows3z85t9ief565.dll
c:windows3z9troj530.cpl
c:windows435thi5f8z9.exe
c:windows4364spa5zot192.cpl
c:windows43b9vzr1057.bin
c:windows4465backdoorz90.bin
c:windows4558thief9527z.bin
c:windows45599azktool596.bin
c:windows4598h5zktoo9164.ocx
c:windows45d0dzwnloader35259.cpl
c:windows47zevir1596.cpl
c:windows4850not-a-v9ruszb.cpl
c:windows48a9bazkdo5r32299.cpl
c:windows49575hrzat25393.ocx
c:windows4976spzrse17255.exe
c:windows4ae7z59ware2924.bin
c:windows4b5thrz9t10730.ocx
c:windows4ba5spz9se1911.bin
c:windows4z05addware9268.dll
c:windows502zs5amb9t6b8.cpl
c:windows5066zorm975.ocx
c:windows50849azkdoor1697.ocx
c:windows5090ziru5374.bin
c:windows50z9back9oor856.ocx
c:windows515cst59l2z89.bin
c:windows51ffsparze4749.ocx
c:windows52225vi9zs4cd.ocx
c:windows524czir5914.dll
c:windows535esze5l1974.ocx
c:windows5454steaz5429.dll
c:windows5462down9oadez2556.dll
c:windows546zs5y291.ocx
c:windows5497threzt3863.bin
c:windows54a9bzckdoor1145.dll
c:windows555f9ownlzader1571.bin
c:windows55bespzrse22799.cpl
c:windows55dbspywar92z67.ocx
c:windows5696h9ck5ooz5e8.ocx
c:windows56a4downloaderz592.ocx
c:windows577ztea53291.dll
c:windows58939virusz4f.exe
c:windows5910spywaze3207.bin
c:windows593z7virus4da.exe
c:windows5944st9alz951.dll
c:windows594zsteal563.dll
c:windows5959thiez1552.dll
c:windows5970z5reat4977.exe
c:windows5971thizf2270.cpl
c:windows5980ha9ktool15z.bin
c:windows59aaddware2759z.bin
c:windows59e0addwa5e9z9.ocx
c:windows59z9spywar51970.bin
c:windows5ac65hr9at1z18.cpl
c:windows5az4t9ief2293.bin
c:windows5b39doznloa5er2575.ocx
c:windows5c1zdownloa9er5923.bin
c:windows5c29d5wnloader26z1.bin
c:windows5c4fzir23159.bin
c:windows5c55s9arse293z.ocx
c:windows5c9fdo9nloader1329z.ocx
c:windows5d66zte9l584.cpl
c:windows5d80baczdoo91257.exe
c:windows5d95downl9ader435z.ocx
c:windows5e29thr5atz5191.exe
c:windows5f249pyware1z15.bin
c:windows5f75sp9rze1841.exe
c:windows5faspar9e751z.dll
c:windows5z1429py332.cpl
c:windows5z29worm65c9.dll
c:windows5z83s5arse997.bin
c:windows607hacz59ol15.dll
c:windows6099thz5at29001.exe
c:windows619a9ownloade5z869.dll
c:windows6595s5eaz1656.cpl
c:windows675zviru5a9.exe
c:windows6903szywa5e2732.bin
c:windows6978zpambo5610.bin
c:windows6a39addwa5ez975.ocx
c:windows6c17sp5warz2769.ocx
c:windows6c7a59yware2799z.bin
c:windows6dc4tzie51392.dll
c:windows6e879ddwarz765.bin
c:windows6eze9ir1035.bin
c:windows6f6fs5yware1983z.exe
c:windows7115thze519669.cpl
c:windows71dba5kdoo9842z.cpl
c:windows7290t5ief1589z.dll
c:windows733tzreat39554.dll
c:windows740a9p5wzre2485.ocx
c:windows74z5down5oa9er3267.dll
c:windows751backdoor3z97.ocx
c:windows761zb5ckdo9r1292.dll
c:windows77909hreat20045z.ocx
c:windows779zaddwar925245.cpl
c:windows787f9ackdooz25955.ocx
c:windows79369py1z15.cpl
c:windows7956wzrm720.exe
c:windows799dspy9a5e112z.bin
c:windows79e69hiefz59.dll
c:windows7a08zh5ea917157.dll
c:windows7a99a5d9are1z47.bin
c:windows7af9baczdoor590.exe
c:windows7b7f5ddwarz1399.ocx
c:windows7e235zckdoor23109.ocx
c:windows7e5zack9oor575.dll
c:windows88zbac5doo92355.bin
c:windows8z50n9t-a-virus537.ocx
c:windows92939wzr5f.cpl
c:windows92caaddw5re75z.ocx
c:windows92zebackdoo5262.cpl
c:windows93399spamzot5a4.dll
c:windows93z65ackdoor3066.ocx
c:windows96225irus28z.ocx
c:windows9705not-a-virus2z.cpl
c:windows9738viruz15d.cpl
c:windows973zstea52174.cpl
c:windows97845ackzool9ab.cpl
c:windows98775not-azvi5us680.dll
c:windows98z18virus6fd5.cpl
c:windows99300zpy79e5.exe
c:windows99329not5azvirus612.bin
c:windows9952spz95ot571.ocx
c:windows9994addware2265z.exe
c:windows9b9thie565z.ocx
c:windows9z59hacktool743.ocx
c:windowsb8dsz5war9474.exe
c:windowsb98szarse55939.bin
c:windowsc5b5ownloadez9843.bin
c:windowsc609pa5sez793.ocx
c:windowsec55hreat11966z.dll
c:windowssystem3210373nzt-a-v9rus1ec5.bin
c:windowssystem321054thiez9593.cpl
c:windowssystem32105fszars929535.exe
c:windowssystem3211111not-a-vi5us59z.cpl
c:windowssystem321173zha9kto5l66a.cpl
c:windowssystem3211b5p9waze1806.cpl
c:windowssystem32125z49orm1.exe
c:windowssystem3212809noz9a-virus15c.cpl
c:windowssystem3212878spambo9z56.bin
c:windowssystem32128959acktzol1d2.bin
c:windowssystem321388no5-a-v9ruz6c6.ocx
c:windowssystem3213927hackt5ol7z9.dll
c:windowssystem3214582spz4739.dll
c:windowssystem3214591spa5boz49d.cpl
c:windowssystem3214596zpambot6d.exe
c:windowssystem3214949hack9zol5f.exe
c:windowssystem3214999sz55699.exe
c:windowssystem3214f0threzt93115.ocx
c:windowssystem3214z74not-5-virus792.ocx
c:windowssystem3214zabackdoor905.dll
c:windowssystem32150cst9al5036z.ocx
c:windowssystem321544vzr590.cpl
c:windowssystem32155z5ir9354.exe
c:windowssystem3215794nzt5a9virus3e.exe
c:windowssystem3216245vir9s475z.bin
c:windowssystem3216z58s9ambot755.cpl
c:windowssystem3217535hackto9l4fz.cpl
c:windowssystem321759threat25454z.bin
c:windowssystem3218z09not-a-v5ru952c.exe
c:windowssystem3219039spam5oz4de9.bin
c:windowssystem3219295zief599.ocx
c:windowssystem3219395irus11z.exe
c:windowssystem32194415orm25cz.cpl
c:windowssystem321980z95rm17c.exe
c:windowssystem32198195zoj46f.dll
c:windowssystem3219959spa9bzt98.ocx
c:windowssystem3219z2sp5rse1616.cpl
c:windowssystem321ad7vz52469.exe
c:windowssystem321af79pars5z702.ocx
c:windowssystem321b50zac9door2156.dll
c:windowssystem321dz29parse5954.dll
c:windowssystem321e5cdzwnloader9972.cpl
c:windowssystem321e9e5ir998z.exe
c:windowssystem321f73thz5at256289.ocx
c:windowssystem321f76sz5ware859.cpl
c:windowssystem321z09ir2053.bin
c:windowssystem321z5athreat15946.bin
c:windowssystem321zae5ddw9re687.bin
c:windowssystem3220149szambota35.ocx
c:windowssystem3220634no9-a-v5rus293z.bin
c:windowssystem3220851tro9516z.exe
c:windowssystem32215z5h5cktool7a9.ocx
c:windowssystem3221z5th9eat9983.ocx
c:windowssystem3221z8spambo95375.bin
c:windowssystem322283wor9z0e5.dll
c:windowssystem3222z599pambot502.bin
c:windowssystem322409zsp9355.ocx
c:windowssystem3224189virzs735.cpl
c:windowssystem3224528spzmbot19f.ocx
c:windowssystem3224z89not-a-virus1f05.ocx
c:windowssystem3224z9steal5079.ocx
c:windowssystem322511spzwa5e2990.cpl
c:windowssystem3225160zot-a5virus966.cpl
c:windowssystem3225255zackto9l3ad.exe
c:windowssystem32253z5t9oj570.exe
c:windowssystem3225525spam5zt29f.cpl
c:windowssystem3225599wzrm4a6.exe
c:windowssystem322577z5or94fc.cpl
c:windowssystem32257z8vi5us396.bin
c:windowssystem3225821woz59e5.cpl
c:windowssystem32258bad9w5re236z.cpl
c:windowssystem322594stzal2439.dll
c:windowssystem322594zhackto5l29f.cpl
c:windowssystem3225955spy1bz.ocx
c:windowssystem3225edtzr9at15966.exe
c:windowssystem3225z85s9y402.bin
c:windowssystem3226021spam5ot69az.cpl
c:windowssystem3226391zpambot57d.dll
c:windowssystem3226981hazktool5d5.ocx
c:windowssystem3227579zro5775.dll
c:windowssystem3227742v5ru9z7.exe
c:windowssystem3227ca5parz9667.ocx
c:windowssystem32284339orm1z25.cpl
c:windowssystem3228529t5oj3z.exe
c:windowssystem322865backdo9r231z.ocx
c:windowssystem3228794not-a-v5ruz34a.dll
c:windowssystem32288955zt-a-9irus8c.bin
c:windowssystem32290265acztool75a.bin
c:windowssystem3229253spamboz429.bin
c:windowssystem322953bazkdoor1116.exe
c:windowssystem3229575worz39e.dll
c:windowssystem32295athrezt31607.dll
c:windowssystem32295ethief89z.cpl
c:windowssystem322961zt59j48e.bin
c:windowssystem32297z7hac5to9l3f.bin
c:windowssystem3229915pyware357z.exe
c:windowssystem3229975ir2z05.bin
c:windowssystem322bd5addza9e2557.dll
c:windowssystem322f69thzeat28151.ocx
c:windowssystem322z679not-a-viru51bb9.exe
c:windowssystem322z685acktoolf9.bin
c:windowssystem322z795tr9j28e.bin
c:windowssystem323008sp5mbo951z.exe
c:windowssystem32304835zt-a9virus4f6.exe
c:windowssystem323056zworm12e9.ocx
c:windowssystem32305z4spy599.ocx
c:windowssystem3230zethr59t23684.exe
c:windowssystem3231298vizus652.bin
c:windowssystem323249ad5waze10299.ocx
c:windowssystem3232z35ackdoor1979.ocx
c:windowssystem32333zdownlo9der5558.cpl
c:windowssystem32334dspa5se91z.cpl
c:windowssystem323511zown9oader1572.ocx
c:windowssystem32355b9parse297z.exe
c:windowssystem32359at5rezt9776.exe
c:windowssystem32359fbackzoor3089.ocx
c:windowssystem323613sp9rs5685z.ocx
c:windowssystem3236z5ot-a-9irus160.cpl
c:windowssystem3237ab9ddw5rez182.bin
c:windowssystem3239264worm58z.bin
c:windowssystem323970tr5jz0.ocx
c:windowssystem323b5bvzr2999.bin
c:windowssystem323c8zdownload9r5810.bin
c:windowssystem323cz5spyware31609.cpl
c:windowssystem323e2viz5991.cpl
c:windowssystem323e4tz9ea5996.cpl
c:windowssystem323e5astzal2094.dll
c:windowssystem323z7avir5696.cpl
c:windowssystem323z91downloader3195.dll
c:windowssystem32415zvir927.bin
c:windowssystem324191spazbo933d5.ocx
c:windowssystem324217spywa5e217z9.cpl
c:windowssystem324328t5reat27z09.ocx
c:windowssystem324349thzef556.ocx
c:windowssystem324352doznloader2079.dll
c:windowssystem324389spyware5z12.exe
c:windowssystem3243z6st9al1615.cpl
c:windowssystem324439t5ief35z.ocx
c:windowssystem324467not-a-v95us58z.exe
c:windowssystem3244eevzr25829.cpl
c:windowssystem3245z9vir245.exe
c:windowssystem324615th9efz539.exe
c:windowssystem324621z5ief1739.dll
c:windowssystem32473add5a9e1205z.ocx
c:windowssystem324794spambzt6d95.dll
c:windowssystem324b2e5parsz389.bin
c:windowssystem324c49downz5ad9r531.cpl
c:windowssystem324c75addwaze1096.dll
c:windowssystem324e5ebackdozr5968.ocx
c:windowssystem324z3eaddw95e1105.dll
c:windowssystem325057zhreat92545.bin
c:windowssystem325112spywar915z1.cpl
c:windowssystem32515zspyware20759.dll
c:windowssystem325169addwzre1320.bin
c:windowssystem32519fbackd9oz2549.exe
c:windowssystem3252063zot-a-virus4f9.ocx
c:windowssystem325241hac5tool98ez.cpl
c:windowssystem3253zc9ownloade51758.ocx
c:windowssystem3253zf5d9ware1843.dll
c:windowssystem32540d5py9are1122z.ocx
c:windowssystem325488viruz2479.bin
c:windowssystem325492th5ez718.exe
c:windowssystem3254za95dware1239.cpl
c:windowssystem325566dowzloader5699.dll
c:windowssystem32584z9hief1155.exe
c:windowssystem32589zsteal9959.bin
c:windowssystem3258zst9al5276.ocx
c:windowssystem32593zt95eat12568.ocx
c:windowssystem3259759zdwar51964.cpl
c:windowssystem32599addwzre3165.dll
c:windowssystem3259cbvirz15.ocx
c:windowssystem3259d7zhief1554.cpl
c:windowssystem3259e9sp9waze58.cpl
c:windowssystem325aa5downloader1z94.cpl
c:windowssystem325bz5spars92047.bin
c:windowssystem325c0fth5zat31439.bin
c:windowssystem325c85stzal1979.cpl
c:windowssystem325cb5spa5se9z45.exe
c:windowssystem325cc4do9nlozd5r901.dll
c:windowssystem325d05sparsez169.dll
c:windowssystem325d55th9ef20z1.cpl
c:windowssystem325e93backdozr918.ocx
c:windowssystem325ezbackdo9r477.cpl
c:windowssystem325f70vi923z35.exe
c:windowssystem325z837n9t-a-virus55c.bin
c:windowssystem325za1s5ea92184.bin
c:windowssystem3260caaddwaze905.ocx
c:windowssystem326199spazs52794.cpl
c:windowssystem32619b5oznloader161.dll
c:windowssystem3262b6zo59loader3121.ocx
c:windowssystem326515zackd9or795.exe
c:windowssystem32656z9ir1538.dll
c:windowssystem326589spzware2247.dll
c:windowssystem326659wor921z.cpl
c:windowssystem3266be9pazse1955.ocx
c:windowssystem326701vizus9d5.cpl
c:windowssystem326806zte5l9288.ocx
c:windowssystem326887a5dwa9z1098.dll
c:windowssystem326914dowz9oader3050.exe
c:windowssystem3269ba5zware951.cpl
c:windowssystem326cfeba9kdoor222z5.exe
c:windowssystem326db1spyw9re145z.dll
c:windowssystem326z3ft9ief215.cpl
c:windowssystem326z59th59at15773.exe
c:windowssystem32703b9zy5are2045.cpl
c:windowssystem32705eadd5are9z95.dll
c:windowssystem3272b7s5a9se92z.exe
c:windowssystem3272f15ac9doorz224.cpl
c:windowssystem327345baczdoor9366.ocx
c:windowssystem327435thzef9535.cpl
c:windowssystem32752cvzr5359.bin
c:windowssystem32752spyz759.exe
c:windowssystem327623addwarz2159.dll
c:windowssystem327794spyzar92185.exe
c:windowssystem327963spyware5185z.ocx
c:windowssystem327993baczd5or51.bin
c:windowssystem327995worm7z2.bin
c:windowssystem327a52thze5t2397.ocx
c:windowssystem327b95steaz995.dll
c:windowssystem327f0cthreat2z925.bin
c:windowssystem327fces9arsz32145.ocx
c:windowssystem327zb9pywar51647.bin
c:windowssystem328189zir5s39c.cpl
c:windowssystem32839zteal405.exe
c:windowssystem32853s9yz55.ocx
c:windowssystem328541not-a-viruz9b2.dll
c:windowssystem3285595ot-z-virus9c8.exe
c:windowssystem328559ha5ktozl693.ocx
c:windowssystem328663not5a-vzrus5869.dll
c:windowssystem3289305irus9dz.ocx
c:windowssystem329097spa9zot485.cpl
c:windowssystem32912eaddwaze5135.cpl
c:windowssystem32917845rojzf9.exe
c:windowssystem329253threat2175z.dll
c:windowssystem329254zteal984.ocx
c:windowssystem329297szea53156.bin
c:windowssystem329354zs5y7a1.ocx
c:windowssystem329534wor9z4.bin
c:windowssystem329552zirus570.dll
c:windowssystem3295743spz4ab.bin
c:windowssystem3295bthrzat14991.exe
c:windowssystem3295e0szarse936.exe
c:windowssystem3295z17wor5105.dll
c:windowssystem3297863zirus725.dll
c:windowssystem329793spambotzf55.cpl
c:windowssystem329999zhacktoo57be.ocx
c:windowssystem329a9thief3z125.cpl
c:windowssystem329c7dsza5se2159.cpl
c:windowssystem329dz0sparse563.dll
c:windowssystem329z11spa5bot9bb.cpl
c:windowssystem329za9addwa5e2604.bin
c:windowssystem32a0zba95door779.cpl
c:windowsSystem32bfytrqya.dll
c:windowssystem32cc35hreatz7099.ocx
c:windowssystem32cc459dwarz2309.dll
c:windowssystem32d59spyw9rz2866.cpl
c:windowssystem32f5addwar910z8.exe
c:windowssystem32fa2vz91645.bin
c:windowssystem32nbwepapf.dll
c:windowssystem32TDSSosvd.dat
c:windowssystem32z24edow5loader1952.cpl
c:windowssystem32z266s5ar9e3006.exe
c:windowssystem32z2750vi5us179.ocx
c:windowssystem32z2907worm359.cpl
c:windowssystem32z3572w9rm106.exe
c:windowssystem32z3954virus4e1.dll
c:windowssystem32z41509orm195.bin
c:windowssystem32z50downl9a5er1949.ocx
c:windowssystem32z5299h5ef2092.cpl
c:windowssystem32z5335w9rm6ca.ocx
c:windowssystem32z5488hac9too5323.exe
c:windowssystem32z575steal4299.bin
c:windowssystem32z59fthreat15154.ocx
c:windowssystem32z5a1downlo9der572.ocx
c:windowssystem32z659spy586.dll
c:windowssystem32z65thie92515.exe
c:windowssystem32z6659spy72.ocx
c:windowssystem32z8599ot-a-vi5us674.exe
c:windowssystem32z85ad9wnloader1194.bin
c:windowssystem32z9666spa5bot4f8.exe
c:windowssystem32zc6bthief29495.bin
c:windowssystem32zd3v9r5256.cpl
c:windowssystem32zebf5py9are2764.dll
c:windowswiaserviv.log
c:windowsz02spywar59110.cpl
c:windowsz06t5r9at28200.exe
c:windowsz0adb5ckdoor319.dll
c:windowsz2260tr9j5a85.cpl
c:windowsz22905ot-a9virus12a.bin
c:windowsz3cspy9a5e1787.exe
c:windowsz572addware27519.cpl
c:windowsz6509spa95ot768.ocx
c:windowsz7648tr9j15e.cpl
c:windowsz7852no9-a-viru52ba.dll
c:windowsz93ct5ief928.bin
c:windowsz95755ro92a5.exe
c:windowsz9595s9567e.cpl
c:windowsza2ad5wnloader1972.bin
c:windowszd549hief218.cplInfected copy of c:windowssystem32sfcfiles.dll was found and disinfected
Restored copy from — c:windows$NtServicePackUninstall$sfcfiles.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_POWERMANAGER
Legacy_SFC
Legacy_TCPSR
Legacy_TDSSSERV.SYS
Legacy_WS2_32SIK
Service_tcpsr
Service_Wofgeybhkoc((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.2009-05-19 17:27 . 2009-05-19 17:27
d—h—w c:windowsPIF
2009-05-19 17:10 . 2009-05-19 17:10
d
w C:_OTMoveIt
2009-05-16 16:40 . 2009-05-16 16:40
d
w c:program filestrend micro
2009-05-16 16:40 . 2009-05-16 16:40
d
w C:rsit
2009-05-16 15:06 . 2009-05-16 15:06
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-05-16 15:05 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-05-16 15:05 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:program filesMalwarebytes’ Anti-Malware
2009-05-02 13:38 . 2009-05-02 13:38 1878984 —-a-w c:documents and settingsUserApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateplfpupdatepl.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 18:02 . 2007-04-16 18:45 611353376 —sha-w c:windowssystem32driversfidbox.dat
2009-05-22 18:02 . 2007-04-16 18:45 588416 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-22 18:02 . 2007-04-16 18:45 176160 —sha-w c:windowssystem32driversfidbox2.dat
2009-05-22 18:02 . 2007-04-16 18:45 15919664 —sha-w c:windowssystem32driversfidbox.idx
2009-05-19 16:52 . 2009-05-05 16:13 87489 —-a-w c:documents and settingsUserApplication Datafieryads.dat
2009-04-04 10:17 . 2009-04-04 10:17
d
w c:documents and settingsUserApplication DataMedia Player Classic
2009-04-04 09:54 . 2009-04-04 09:54
d
w c:program filesK-Lite Codec Pack
2009-03-22 10:24 . 2009-01-13 18:31 32768 —-a-w c:windowssystem32driversati1fkxx.sys
2009-03-02 18:10 . 2009-04-04 09:54 67584 —-a-w c:windowssystem32ff_vfw.dll
2009-02-26 20:47 . 2009-04-04 09:54 2255360 —-a-w c:windowssystem32x264vfw.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«ICQ»=»c:program filesICQ6ICQ.exe» [2008-09-01 173304][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2004-09-30 4603904]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2004-09-30 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-11-30 344064]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» [2004-08-22 81920]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-09-30 921600]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2004-12-22 77824][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
VIA RAID TOOL.lnk — c:program filesVIARAIDraid_tool.exe [2005-10-9 581632]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-2-17 65588]
MultiLex Universal Hotkeys.lnk — c:program filesMediaLinguaMultiLex 4.0HKML_SRV.exe [2006-3-7 118784]
Ulead Photo Express 4.0 SE Calendar Checker .lnk — c:program filesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe [2005-10-11 69632]
Adobe Gamma Loader.exe.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-1-13 113664]
ImageFox.lnk — c:windowsInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe [2007-1-13 3310][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8208:TCP»= 8208:TCP:laorvR0 ati1fkxx;ati1fkxx;c:windowssystem32Driversati1fkxx.sys —> c:windowssystem32Driversati1fkxx.sys [?]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [18.08.2003 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21.02.2009 20:28 356920]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
kyuci
EZvziy
.
Contents of the ‘Scheduled Tasks’ folder2009-05-22 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-21 09:02]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-AdobeUpdater — c:program filesCommon FilesAdobeUpdater5AdobeUpdater.exe
HKCU-Run-wsctf.exe — wsctf.exe.
Supplementary Scan
.
uStart Page = hxxp://www.google.ru/ig?hl=ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Настройки перевода — c:program filesX-Translator GOLDPRMTEToptions.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Перевод страницы — c:program filesX-Translator GOLDPRMTETtranslat.htm
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfiles2xinqeaq.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF — prefs.js: browser.search.selectedEngine — Web Search
FF — prefs.js: browser.startup.homepage — hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q=
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava11.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava12.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava131_06.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava32.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPOJI600.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 22:04
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(948)
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll— — — — — — — > ‘explorer.exe'(2396)
c:program filesACD SystemsImageFoxIFOXDLL.dll
.
Other Running Processes
.
c:windowsSYSTEM32ATI2EVXX.EXE
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesFIREBIRDBINIBGUARD.EXE
c:program filesACD SYSTEMSIMAGEFOXIMAGEFOX.EXE
c:program filesFirebirdbinibserver.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-05-22 22:06 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 18:06Pre-Run: 70 960 807 936 байт свободно
Post-Run: 71 242 088 448 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect768 — E O F — 2008-11-23 09:45
Combofix удалил множество паразитов, но нужно ещё немножко подчистить.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
ati1fkxx
Registry::
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
NetSvc::
kyuci
EZvziy
File::
c:windowssystem32Driversati1fkxx.sysЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-05-25.01 — User 25.05.2009 22:27.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.218 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столCFScript.txt
AV: Kaspersky Internet Security 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security 6.0 *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FILE ::
c:windowssystem32Driversati1fkxx.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run
.
c:windowssystem32Driversati1fkxx.sys.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ATI1FKXX
Service_ati1fkxx((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.2009-05-19 17:27 . 2009-05-19 17:27
d—h—w c:windowsPIF
2009-05-19 17:10 . 2009-05-19 17:10
d
w C:_OTMoveIt
2009-05-16 16:40 . 2009-05-16 16:40
d
w c:program filestrend micro
2009-05-16 16:40 . 2009-05-16 16:40
d
w C:rsit
2009-05-16 15:06 . 2009-05-16 15:06
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-05-16 15:05 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-05-16 15:05 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:program filesMalwarebytes’ Anti-Malware
2009-05-02 13:38 . 2009-05-02 13:38 1878984 —-a-w c:documents and settingsUserApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateplfpupdatepl.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 18:15 . 2007-04-16 18:45 611353376 —sha-w c:windowssystem32driversfidbox.dat
2009-05-25 18:15 . 2007-04-16 18:45 588416 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-25 18:15 . 2007-04-16 18:45 176160 —sha-w c:windowssystem32driversfidbox2.dat
2009-05-25 18:15 . 2007-04-16 18:45 15919664 —sha-w c:windowssystem32driversfidbox.idx
2009-05-19 16:52 . 2009-05-05 16:13 87489 —-a-w c:documents and settingsUserApplication Datafieryads.dat
2009-04-04 10:17 . 2009-04-04 10:17
d
w c:documents and settingsUserApplication DataMedia Player Classic
2009-04-04 09:54 . 2009-04-04 09:54
d
w c:program filesK-Lite Codec Pack
2009-03-02 18:10 . 2009-04-04 09:54 67584 —-a-w c:windowssystem32ff_vfw.dll
2009-02-26 20:47 . 2009-04-04 09:54 2255360 —-a-w c:windowssystem32x264vfw.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«ICQ»=»c:program filesICQ6ICQ.exe» [2008-09-01 173304][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2004-09-30 4603904]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2004-09-30 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-11-30 344064]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» [2004-08-22 81920]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-09-30 921600]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2004-12-22 77824][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
VIA RAID TOOL.lnk — c:program filesVIARAIDraid_tool.exe [2005-10-9 581632]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-2-17 65588]
MultiLex Universal Hotkeys.lnk — c:program filesMediaLinguaMultiLex 4.0HKML_SRV.exe [2006-3-7 118784]
Ulead Photo Express 4.0 SE Calendar Checker .lnk — c:program filesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe [2005-10-11 69632]
Adobe Gamma Loader.exe.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-1-13 113664]
ImageFox.lnk — c:windowsInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe [2007-1-13 3310][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=»»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8208:TCP»= 8208:TCP:laorvR3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [18.08.2003 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21.02.2009 20:28 356920]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
.
Contents of the ‘Scheduled Tasks’ folder2009-05-25 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-21 09:02]
.
— — — — ORPHANS REMOVED — — — —SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = hxxp://www.google.ru/ig?hl=ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Настройки перевода — c:program filesX-Translator GOLDPRMTEToptions.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Перевод страницы — c:program filesX-Translator GOLDPRMTETtranslat.htm
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfiles2xinqeaq.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF — prefs.js: browser.search.selectedEngine — Web Search
FF — prefs.js: browser.startup.homepage — hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q=
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava11.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava12.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava131_06.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava32.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPOJI600.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 22:29
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(940)
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll— — — — — — — > ‘explorer.exe'(1612)
c:program filesACD SystemsImageFoxIFOXDLL.dll
.
Completion time: 2009-05-25 22:31
ComboFix-quarantined-files.txt 2009-05-25 18:31
ComboFix2.txt 2009-05-22 18:06Pre-Run: 71 034 077 184 байт свободно
Post-Run: 71 016 087 552 байт свободно145 — E O F — 2008-11-23 09:45
Рад вам помочь 🙂
Несколько завершающих действий.
1. Обновите ваши программы.
Обновите Java, у вас устаревшая версия. Прочитайте эту инструкцию: Как обновить Java.Зайдите на сайт update.microsoft.com и обновите Windows.
2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.3. Подойдите к защите вашего компьютера более серьёзно.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую использовать только Оперу или Firefox.4. Создайте новую точку восстановления и удалите все старые.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
5. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
