SPYWARE-RU.COM

Созданные ответы форума

Просмотр 8 сообщений - с 1 по 8 (из 8 всего)

Автор

Сообщения
30 мая, 2009 в 2:59 пп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23967
1arkady1
Participant
- Темы:1
- Сообщений:9
Спасибо Вам. Всё сделал, как кажется.
28 мая, 2009 в 11:32 дп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23965
1arkady1
Participant
- Темы:1
- Сообщений:9
@Valeri wrote:

Закройте Firefox, если он запущен.
Удалите эту папку F:Program Filesmozilla firefoxextensions{9CF826EF-2211-4747-ACD8-711F744C2424}
в ней находится паразит, показывающий рекламу.
Запустите Firefox и поверьте его в работе.

Спасибо большое, всё нормально! И BB-code заработал. А то ведь эта тварь его блокировала!!! 😀
25 мая, 2009 в 7:44 пп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23963
1arkady1
Participant
- Темы:1
- Сообщений:9
С небольшим перекрытием. Ибо я неопытный пользователь:

O18 — ProtocolHandlerabout {3050F406-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlercdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerdvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} — F:WINDOWSsystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerfile {79eac9e7-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlergopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlergrooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} — F:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttp {79eac9e2-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerhttps {79eac9e5-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerjavascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerlocal {79eac9e7-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlermailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlermk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} — F:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 — ProtocolHandlerres {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlersysimage {76E67A63-06E9-11D2-A840-006008059382} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlertv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} — F:WINDOWSsystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolHandlervbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — Class Install Handler — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — deflate — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — gzip — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — lzdhtml — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — text/webviewhtml — F:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — text/xml — F:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
O20 — HKLM Winlogon: Shell — (Explorer.exe) — F:WINDOWSExplorer.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: UserInit — (F:WINDOWSsystem32userinit.exe) — F:WINDOWSsystem32userinit.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: UIHost — (logonui.exe) — F:WINDOWSsystem32logonui.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: VMApplet — (rundll32 shell32) — F:WINDOWSSystem32shell32.dll (Корпорация Майкрософт)
O20 — HKLM Winlogon: VMApplet — (Control_RunDLL «sysdm.cpl») — F:WINDOWSsystem32sysdm.cpl (Корпорация Майкрософт)
O20 — WinlogonNotifycrypt32chain: DllName — crypt32.dll — F:WINDOWSsystem32crypt32.dll (Корпорация Майкрософт)
O20 — WinlogonNotifycscdll: DllName — cscdll.dll — F:WINDOWSsystem32cscdll.dll (Корпорация Майкрософт)
O20 — WinlogonNotifyScCertProp: DllName — wlnotify.dll — F:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifySchedule: DllName — wlnotify.dll — F:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifysclgntfy: DllName — sclgntfy.dll — F:WINDOWSsystem32sclgntfy.dll (Корпорация Майкрософт)
O20 — WinlogonNotifySensLogn: DllName — WlNotify.dll — F:WINDOWSsystem32WlNotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifytermsrv: DllName — wlnotify.dll — F:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifywlballoon: DllName — wlnotify.dll — F:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
O21 — SSODL: CDBurn — {fbeb8a05-beee-4442-804e-409d6c4515e9} — F:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)
O21 — SSODL: PostBootReminder — {7849596a-48ea-486e-8937-a2a3009f31a9} — F:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)
O21 — SSODL: SysTray — {35CEC8A3-2BE6-11D2-8773-92E220524153} — F:WINDOWSsystem32stobject.dll (Корпорация Майкрософт)
O21 — SSODL: WebCheck — {E6FB5E20-DE35-11CF-9C87-00AA005127ED} — F:WINDOWSsystem32webcheck.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} — Предзагрузчик Browseui — F:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} — Демон кэша категорий компонентов — F:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O28 — HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} — F:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)
O28 — HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} — F:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O29 — HKLM SecurityProviders — (digest.dll) — F:WINDOWSsystem32digest.dll (Корпорация Майкрософт)
O29 — HKLM SecurityProviders — (msnsspc.dll) — F:WINDOWSsystem32msnsspc.dll (Корпорация Майкрософт)
O31 — SafeBoot: AlternateShell — cmd.exe
O32 — HKLM CDRom: AutoRun — 1
O34 — HKLM BootExecute: (autocheck) — File not found
O34 — HKLM BootExecute: (autochk) — F:WINDOWSSystem32autochk.exe (Microsoft Corporation)
O34 — HKLM BootExecute: (*) — * [2009.05.25 22:41:20 | 00,000,000 | —D | M]

========== Files/Folders — Created Within 30 Days ==========

[1 F:WINDOWSSystem32*.tmp files]
[4 F:WINDOWS*.tmp files]
[2009.05.20 16:44:15 | 00,000,000 | —D | C] — F:Пикник
[2009.05.20 12:31:17 | 00,000,000 | -HSD | C] — F:RECYCLER
[2009.05.19 21:20:22 | 00,000,000 | —D | C] — F:Avenger
[2009.05.18 21:08:40 | 00,000,000 | —D | C] — F:WINDOWStemp
[2009.05.18 21:08:40 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyLocal Settingstemp
[2009.05.18 21:03:10 | 00,000,213 | —- | C] () — F:Boot.bak
[2009.05.18 21:03:07 | 00,260,272 | —- | C] () — F:cmldr
[2009.05.18 21:03:00 | 00,000,000 | RHSD | C] — F:cmdcons
[2009.05.18 21:01:41 | 00,000,000 | —D | C] — F:WINDOWSERDNT
[2009.05.18 20:55:32 | 04,608,744 | —- | C] (Microsoft Corporation) — F:Documents and SettingsArkadyРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009.05.17 12:38:17 | 00,000,000 | —D | C] — F:Documents and SettingsAll UsersApplication DataAshampoo
[2009.05.17 12:38:15 | 00,001,848 | —- | C] () — F:Documents and SettingsAll UsersРабочий столDrag & Drop Deinstallation.lnk
[2009.05.17 12:38:15 | 00,000,806 | —- | C] () — F:Documents and SettingsAll UsersРабочий столAshampoo UnInstaller 3.lnk
[2009.05.17 12:38:09 | 00,000,000 | —D | C] — F:Program FilesAshampoo
[2009.05.17 11:56:29 | 00,000,482 | —- | C] () — F:WINDOWStasksMalwarebytes’ Scheduled Update for Arkady.job
[2009.05.17 11:55:55 | 00,000,496 | —- | C] () — F:WINDOWStasksMalwarebytes’ Scheduled Scan for Arkady.job
[2009.05.17 10:15:27 | 00,000,000 | —D | C] — F:Program Filestrend micro
[2009.05.17 10:15:26 | 00,000,000 | —D | C] — F:rsit
[2009.05.17 10:14:39 | 00,781,909 | —- | C] () — F:Documents and SettingsArkadyРабочий столRSIT.exe
[2009.05.17 09:21:22 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyApplication DataMalwarebytes
[2009.05.17 09:21:18 | 00,015,504 | —- | C] (Malwarebytes Corporation) — F:WINDOWSSystem32driversmbam.sys
[2009.05.17 09:21:16 | 00,038,496 | —- | C] (Malwarebytes Corporation) — F:WINDOWSSystem32driversmbamswissarmy.sys
[2009.05.17 09:21:14 | 00,000,000 | —D | C] — F:Documents and SettingsAll UsersApplication DataMalwarebytes
[2009.05.17 09:21:13 | 00,000,000 | —D | C] — F:Program FilesMalwarebytes’ Anti-Malware
[2009.05.16 14:09:11 | 00,000,892 | —- | C] () — F:Documents and SettingsArkadyРабочий столDVDVideoSoft Free Studio.lnk
[2009.05.16 14:09:10 | 00,344,064 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32msvcr70.dll
[2009.05.16 14:09:10 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyМои документыDVDVideoSoft
[2009.05.16 14:08:40 | 00,000,000 | —D | C] — F:Program FilesCommon FilesDVDVideoSoft
[2009.05.16 14:08:38 | 00,000,000 | —D | C] — F:Program FilesDVDVideoSoft
[2009.05.16 13:04:55 | 00,000,760 | —- | C] () — F:Documents and SettingsArkadyРабочий столVirtualDubMod.lnk
[2009.05.16 13:04:50 | 00,000,000 | —D | C] — F:Program FilesVirtualDubMod
[2009.05.14 00:41:09 | 00,000,589 | —- | C] () — F:Documents and SettingsArkadyРабочий столCounter-Strike 1.6.lnk
[2009.05.14 00:22:03 | 00,000,000 | —SD | C] — F:Documents and SettingsArkadyМои документыМои видеозаписи
[2009.05.10 09:16:52 | 00,014,131 | —- | C] () — F:Для Вани.docx
[2009.05.08 22:04:25 | 00,000,000 | —D | C] — F:Program FilesGoogle
[2009.05.04 19:12:34 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyApplication DataYandex
[2009.05.01 16:48:07 | 00,000,000 | —D | C] — F:Program FilesCommon FilesDirectX
[2009.04.28 02:58:27 | 00,011,960 | —- | C] () — F:Рецензия.docx
[2009.04.28 02:36:20 | 00,013,772 | —- | C] () — F:Последнее.rar
[2009.04.27 13:51:02 | 14,987,643 | —- | C] () — F:Джанна Наннини.rar
[2009.04.26 22:11:45 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyМои документыMultisoft
[2009.04.26 20:36:45 | 00,000,000 | —D | C] — F:WINDOWSRegisteredPackages
[2009.04.26 20:35:27 | 00,047,104 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachewstdecod.dll
[2009.04.26 20:35:27 | 00,030,208 | —- | C] () — F:WINDOWSSystem32psisrndr.ax
[2009.04.26 20:35:27 | 00,030,208 | —- | C] () — F:WINDOWSSystem32dllcachepsisrndr.ax
[2009.04.26 20:35:27 | 00,018,688 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driverswstcodec.sys
[2009.04.26 20:35:27 | 00,018,688 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachewstcodec.sys
[2009.04.26 20:35:27 | 00,014,976 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversstreamip.sys
[2009.04.26 20:35:27 | 00,014,976 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachestreamip.sys
[2009.04.26 20:35:27 | 00,010,880 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversslip.sys
[2009.04.26 20:35:27 | 00,010,880 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheslip.sys
[2009.04.26 20:35:26 | 01,230,336 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachemsvidctl.dll
[2009.04.26 20:35:26 | 00,354,816 | —- | C] () — F:WINDOWSSystem32psisdecd.dll
[2009.04.26 20:35:26 | 00,354,816 | —- | C] () — F:WINDOWSSystem32dllcachepsisdecd.dll
[2009.04.26 20:35:26 | 00,285,696 | —- | C] (Корпорация Майкрософт) — F:WINDOWSSystem32kstvtune.ax
[2009.04.26 20:35:26 | 00,285,696 | —- | C] (Корпорация Майкрософт) — F:WINDOWSSystem32dllcachekstvtune.ax
[2009.04.26 20:35:26 | 00,226,304 | —- | C] (Корпорация Майкрософт) — F:WINDOWSSystem32kswdmcap.ax
[2009.04.26 20:35:26 | 00,226,304 | —- | C] (Корпорация Майкрософт) — F:WINDOWSSystem32dllcachekswdmcap.ax
[2009.04.26 20:35:26 | 00,083,968 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversnabtsfec.sys
[2009.04.26 20:35:26 | 00,083,968 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachenabtsfec.sys
[2009.04.26 20:35:26 | 00,052,224 | —- | C] () — F:WINDOWSSystem32msdvbnp.ax
[2009.04.26 20:35:26 | 00,052,224 | —- | C] () — F:WINDOWSSystem32dllcachemsdvbnp.ax
[2009.04.26 20:35:26 | 00,052,096 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversmsdv.sys
[2009.04.26 20:35:26 | 00,052,096 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachemsdv.sys
[2009.04.26 20:35:26 | 00,039,424 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32ksxbar.ax
[2009.04.26 20:35:26 | 00,039,424 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheksxbar.ax
[2009.04.26 20:35:26 | 00,016,896 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachebdaplgin.ax
[2009.04.26 20:35:26 | 00,016,896 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32bdaplgin.ax
[2009.04.26 20:35:26 | 00,016,384 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversccdecode.sys
[2009.04.26 20:35:26 | 00,016,384 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheccdecode.sys
[2009.04.26 20:35:26 | 00,015,104 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversmpe.sys
[2009.04.26 20:35:26 | 00,015,104 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachempe.sys
[2009.04.26 20:35:26 | 00,014,848 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32ipsink.ax
[2009.04.26 20:35:26 | 00,014,848 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheipsink.ax
[2009.04.26 20:35:26 | 00,011,392 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversbdasup.sys
[2009.04.26 20:35:26 | 00,011,392 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachebdasup.sys
[2009.04.26 20:35:26 | 00,010,112 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversndisip.sys
[2009.04.26 20:35:26 | 00,010,112 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachendisip.sys
[2009.04.26 20:35:25 | 00,005,504 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32driversmstee.sys
[2009.04.26 20:35:25 | 00,005,504 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachemstee.sys
[2009.04.26 20:35:24 | 00,012,288 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32ksolay.ax
[2009.04.26 20:35:23 | 01,798,144 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheqedit.dll
[2009.04.26 20:35:23 | 00,733,184 | —- | C] () — F:WINDOWSSystem32dllcacheqedwipes.dll
[2009.04.26 20:35:23 | 00,470,528 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheqdvd.dll
[2009.04.26 20:35:23 | 00,324,096 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachemswebdvd.dll
[2009.04.26 20:35:23 | 00,316,928 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheqdv.dll
[2009.04.26 20:35:23 | 00,257,024 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheqcap.dll
[2009.04.26 20:35:23 | 00,173,056 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheqasf.dll
[2009.04.26 20:35:23 | 00,013,312 | —- | C] () — F:WINDOWSSystem32dllcachemsdmo.dll
[2009.04.26 20:35:22 | 00,136,192 | —- | C] () — F:WINDOWSSystem32dllcachempg2splt.ax
[2009.04.26 20:35:22 | 00,132,608 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedevenum.dll
[2009.04.26 20:35:22 | 00,064,512 | —- | C] () — F:WINDOWSSystem32dllcacheamstream.dll
[2009.04.26 20:35:22 | 00,034,304 | —- | C] () — F:WINDOWSSystem32dllcachemciqtz32.dll
[2009.04.26 20:35:21 | 00,181,248 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmime.dll
[2009.04.26 20:35:21 | 00,122,880 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmusic.dll
[2009.04.26 20:35:21 | 00,100,864 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmsynth.dll
[2009.04.26 20:35:21 | 00,098,816 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmstyle.dll
[2009.04.26 20:35:21 | 00,058,368 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmcompos.dll
[2009.04.26 20:35:21 | 00,033,280 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmloader.dll
[2009.04.26 20:35:20 | 01,201,152 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcached3d8.dll
[2009.04.26 20:35:20 | 00,667,648 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedinput8.dll
[2009.04.26 20:35:20 | 00,076,800 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmscript.dll
[2009.04.26 20:35:20 | 00,027,136 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedmband.dll
[2009.04.26 20:35:20 | 00,018,432 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedswave.dll
[2009.04.26 20:35:19 | 00,974,848 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedxdiag.exe
[2009.04.26 20:35:19 | 00,491,520 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedsdmoprp.dll
[2009.04.26 20:35:19 | 00,381,952 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpvoice.dll
[2009.04.26 20:35:19 | 00,186,880 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedsdmo.dll
[2009.04.26 20:35:19 | 00,112,128 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpvvox.dll
[2009.04.26 20:35:19 | 00,080,896 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpvsetup.exe
[2009.04.26 20:35:19 | 00,063,696 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dxdllreg.exe
[2009.04.26 20:35:19 | 00,019,968 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpvacm.dll
[2009.04.26 20:35:19 | 00,016,896 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpnsvr.exe
[2009.04.26 20:35:19 | 00,003,072 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpnlobby.dll
[2009.04.26 20:35:18 | 01,294,336 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedsound3d.dll
[2009.04.26 20:35:18 | 01,189,888 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedx8vb.dll
[2009.04.26 20:35:18 | 00,797,184 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcached3dim700.dll
[2009.04.26 20:35:18 | 00,723,968 | —- | C] (Корпорация Майкрософт (Microsoft Corporation)) — F:WINDOWSSystem32dllcachedpnet.dll
[2009.04.26 20:35:18 | 00,648,704 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedinput.dll
[2009.04.26 20:35:18 | 00,602,624 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedx7vb.dll
[2009.04.26 20:35:18 | 00,381,952 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedsound.dll
[2009.04.26 20:35:18 | 00,292,864 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheddraw.dll
[2009.04.26 20:35:18 | 00,230,400 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedplayx.dll
[2009.04.26 20:35:18 | 00,208,896 | —- | C] (Корпорация Майкрософт) — F:WINDOWSSystem32dllcachejoy.cpl
[2009.04.26 20:35:18 | 00,079,360 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpwsockx.dll
[2009.04.26 20:35:18 | 00,077,824 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpmodemx.dll
[2009.04.26 20:35:18 | 00,068,096 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpnhupnp.dll
[2009.04.26 20:35:18 | 00,032,768 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpnhpast.dll
[2009.04.26 20:35:18 | 00,031,744 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachepid.dll
[2009.04.26 20:35:18 | 00,028,160 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedplaysvr.exe
[2009.04.26 20:35:18 | 00,024,064 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcacheddrawex.dll
[2009.04.26 20:35:18 | 00,008,192 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcached3d8thk.dll
[2009.04.26 20:35:18 | 00,003,072 | —- | C] (Microsoft Corporation) — F:WINDOWSSystem32dllcachedpnaddr.dll
[2009.04.26 20:34:53 | 00,000,000 | —D | C] — F:Program FilesXviD
[2009.04.26 14:59:05 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyМои документыGTA Vice City User Files
[2009.04.26 14:48:46 | 00,000,000 | —D | C] — F:Program Filesasd
[2009.04.26 00:43:53 | 00,000,000 | —D | C] — F:Documents and SettingsArkadyМои документыKOEI
[2009.04.25 23:28:37 | 00,000,000 | —D | C] — F:Program Files1C
[2009.04.25 23:27:59 | 00,000,000 | —D | C] — F:WINDOWSSystem32AGEIA
[2009.04.25 23:27:59 | 00,000,000 | —D | C] — F:Program FilesAGEIA Technologies
[2009.04.25 23:27:18 | 00,000,000 | —D | C] — F:Program FilesCommon FilesWise Installation Wizard
[2009.04.16 07:49:05 | 00,021,840 | —- | C] () — F:WINDOWSSystem32SIntfNT.dll
[2009.04.16 07:49:04 | 00,017,212 | —- | C] () — F:WINDOWSSystem32SIntf32.dll
[2009.04.16 07:49:03 | 00,012,067 | —- | C] () — F:WINDOWSSystem32SIntf16.dll
[2009.03.16 16:16:45 | 00,717,296 | —- | C] () — F:WINDOWSSystem32driverssptd.sys
[2009.02.02 17:04:53 | 00,010,752 | —- | C] () — F:WINDOWSSystem32BASSMOD.dll
[2008.12.31 15:37:56 | 00,000,394 | —- | C] () — F:WINDOWSODBC.INI
[2008.12.31 11:27:16 | 00,015,863 | —- | C] () — F:WINDOWSwwdslcfg.ini
[2008.12.31 11:07:48 | 00,164,352 | —- | C] () — F:WINDOWSSystem32unrar.dll
[2008.12.31 11:07:47 | 00,000,038 | —- | C] () — F:WINDOWSavisplitter.ini
[2008.12.31 11:07:45 | 03,596,288 | —- | C] () — F:WINDOWSSystem32qt-dx331.dll
[2008.12.31 11:07:45 | 00,795,648 | —- | C] () — F:WINDOWSSystem32xvidcore.dll
[2008.12.31 11:07:45 | 00,130,048 | —- | C] () — F:WINDOWSSystem32xvidvfw.dll
[2008.12.31 11:07:44 | 00,000,547 | —- | C] () — F:WINDOWSSystem32ff_vfw.dll.manifest
[2008.12.31 11:07:43 | 00,057,344 | —- | C] () — F:WINDOWSSystem32ff_vfw.dll
[2008.12.31 10:46:23 | 00,034,816 | —- | C] ( ) — F:WINDOWSSystem32a3d.dll
[2008.12.31 10:46:22 | 00,077,824 | —- | C] () — F:WINDOWSSystem32ctmmactl.dll
[2008.12.31 10:46:22 | 00,043,520 | —- | C] () — F:WINDOWSSystem32CTBurst.dll
[2008.12.31 10:46:22 | 00,000,054 | —- | C] () — F:WINDOWSSystem32ctzapxx.ini
[2008.12.31 10:46:21 | 00,101,603 | —- | C] () — F:WINDOWSSystem32instwdm.ini
[2008.12.31 10:46:20 | 00,000,307 | —- | C] () — F:WINDOWSSystem32kill.ini
[2008.06.11 09:02:34 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelKorean.dll
[2008.06.11 09:02:32 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelGerman.dll
[2008.06.11 09:02:32 | 00,058,648 | —- | C] () — F:WINDOWSSystem32AgCPanelFrench.dll
[2008.06.05 08:58:26 | 00,197,912 | —- | C] () — F:WINDOWSSystem32physxcudart_20.dll
[2006.10.22 13:22:00 | 01,662,976 | —- | C] () — F:WINDOWSSystem32nvwdmcpl.dll
[2006.10.22 13:22:00 | 01,470,464 | —- | C] () — F:WINDOWSSystem32nview.dll
[2006.10.22 13:22:00 | 01,019,904 | —- | C] () — F:WINDOWSSystem32nvwimg.dll
[2006.10.22 13:22:00 | 00,581,632 | —- | C] () — F:WINDOWSSystem32nvhwvid.dll
[2006.10.22 13:22:00 | 00,466,944 | —- | C] () — F:WINDOWSSystem32nvshell.dll
[2006.10.22 13:22:00 | 00,286,720 | —- | C] () — F:WINDOWSSystem32nvnt4cpl.dll
[2006.10.22 13:22:00 | 00,212,992 | —- | C] () — F:WINDOWSSystem32nvapi.dll
[2004.08.18 16:00:00 | 00,000,552 | —- | C] () — F:WINDOWSwin.ini
[2004.08.18 16:00:00 | 00,000,435 | —- | C] () — F:WINDOWSsystem.ini

========== Files — Modified Within 30 Days ==========

[1 F:WINDOWSSystem32*.tmp files]
[4 F:WINDOWS*.tmp files]
[2009.05.25 16:52:12 | 00,088,566 | —- | M] () — F:WINDOWSSystem32nvapps.xml
[2009.05.25 16:52:01 | 00,000,062 | -HS- | M] () — F:Documents and SettingsArkadyLocal Settingsdesktop.ini
[2009.05.25 16:52:01 | 00,000,006 | -H— | M] () — F:WINDOWStasksSA.DAT
[2009.05.25 16:51:58 | 00,002,048 | —S- | M] () — F:WINDOWSbootstat.dat
[2009.05.25 16:51:57 | 53,639,9872 | -HS- | M] () — F:hiberfil.sys
[2009.05.25 10:16:02 | 00,002,206 | —- | M] () — F:WINDOWSSystem32wpa.dbl
[2009.05.25 04:00:00 | 00,000,496 | —- | M] () — F:WINDOWStasksMalwarebytes’ Scheduled Scan for Arkady.job
[2009.05.25 03:00:00 | 00,000,482 | —- | M] () — F:WINDOWStasksMalwarebytes’ Scheduled Update for Arkady.job
[2009.05.20 10:39:39 | 00,000,435 | —- | M] () — F:WINDOWSsystem.ini
[2009.05.18 21:03:10 | 00,000,284 | RHS- | M] () — F:boot.ini
[2009.05.18 20:55:33 | 04,608,744 | —- | M] (Microsoft Corporation) — F:Documents and SettingsArkadyРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009.05.18 06:13:12 | 00,000,671 | —- | M] () — F:Documents and SettingsArkadyApplication Datavso_ts_preview.xml
[2009.05.17 12:38:15 | 00,001,848 | —- | M] () — F:Documents and SettingsAll UsersРабочий столDrag & Drop Deinstallation.lnk
[2009.05.17 12:38:15 | 00,000,806 | —- | M] () — F:Documents and SettingsAll UsersРабочий столAshampoo UnInstaller 3.lnk
[2009.05.17 10:13:23 | 00,781,909 | —- | M] () — F:Documents and SettingsArkadyРабочий столRSIT.exe
[2009.05.17 07:01:29 | 00,000,552 | —- | M] () — F:WINDOWSwin.ini
[2009.05.16 14:09:11 | 00,000,892 | —- | M] () — F:Documents and SettingsArkadyРабочий столDVDVideoSoft Free Studio.lnk
[2009.05.16 13:04:55 | 00,000,760 | —- | M] () — F:Documents and SettingsArkadyРабочий столVirtualDubMod.lnk
[2009.05.14 11:05:13 | 00,099,292 | —- | M] () — F:Это книжка моя.rar
[2009.05.14 11:05:04 | 00,396,800 | —- | M] () — F:Это книжка моя.doc
[2009.05.14 00:41:09 | 00,000,589 | —- | M] () — F:Documents and SettingsArkadyРабочий столCounter-Strike 1.6.lnk
[2009.05.10 12:03:56 | 00,014,131 | —- | M] () — F:Для Вани.docx
[2009.05.07 00:16:30 | 24,699,336 | —- | M] (Microsoft Corporation) — F:WINDOWSSystem32MRT.exe
[2009.04.28 03:00:24 | 00,011,960 | —- | M] () — F:Рецензия.docx
[2009.04.28 02:36:22 | 00,013,772 | —- | M] () — F:Последнее.rar
[2009.04.27 13:51:15 | 14,987,643 | —- | M] () — F:Джанна Наннини.rar

========== Alternate Data Streams ==========

@Alternate Data Stream — 204 bytes -> F:Documents and SettingsAll UsersApplication DataTEMP:B3D74A13
25 мая, 2009 в 7:39 пп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23962
1arkady1
Participant
- Темы:1
- Сообщений:9
Ещё раз пробую: всё, понял, количество знаков. Засылаю в два захода.

OTListIt logfile created on: 25.05.2009 23:12:07 — Run 3
OTListIt2 by OldTimer — Version 2.0.15.8 Folder = F:Distributives 5
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

511,48 Mb Total Physical Memory | 137,33 Mb Available Physical Memory | 26,85% Memory free
1,22 Gb Paging File | 0,83 Gb Available in Paging File | 67,98% Paging File free
Paging file location(s): F:pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:WINDOWS | %ProgramFiles% = F:Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 115,03 Gb Total Space | 15,73 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 25,06 Gb Free Space | 8,97% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEZUMNY-D91A125
Current User Name: Arkady
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC — [2008.04.14 20:11:09 | 00,050,688 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32smss.exe
PRC — [2008.04.14 20:11:13 | 00,509,440 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32winlogon.exe
PRC — [2008.04.14 20:11:08 | 00,109,056 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32services.exe
PRC — [2007.12.21 09:21:16 | 00,468,224 | —- | M] (ESET) — F:Program FilesESETESET Smart Securityekrn.exe
PRC — [2009.04.06 15:32:48 | 00,179,856 | —- | M] (Malwarebytes Corporation) — F:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
PRC — [2003.06.20 00:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — F:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
PRC — [2008.04.14 20:10:56 | 01,034,240 | —- | M] (Корпорация Майкрософт) — F:WINDOWSExplorer.EXE
PRC — [2006.10.22 13:22:00 | 00,159,810 | —- | M] (NVIDIA Corporation) — F:WINDOWSsystem32nvsvc32.exe
PRC — [2008.02.21 00:58:44 | 00,019,456 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTHELPER.EXE
PRC — [2005.01.12 17:52:05 | 00,344,064 | —- | M] (D-Link Inc) — F:Program FilesD-LinkDSL-200dslstat.exe
PRC — [2005.01.12 17:52:05 | 00,065,536 | —- | M] () — F:Program FilesD-LinkDSL-200dslagent.exe
PRC — [2006.10.27 01:47:42 | 00,031,016 | —- | M] (Microsoft Corporation) — F:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
PRC — [2008.10.24 21:50:00 | 01,451,264 | —- | M] (ESET) — F:Program FilesESETESET Smart Securityegui.exe
PRC — [2005.07.16 01:48:33 | 00,479,232 | —- | M] (Google Inc.) — F:Program FilesGoogleGmail Notifiergnotify.exe
PRC — [2009.04.06 15:32:48 | 00,401,040 | —- | M] (Malwarebytes Corporation) — F:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe
PRC — [2008.12.31 18:41:42 | 00,219,952 | —- | M] () — F:Program FilesuTorrentuTorrent.exe
PRC — [2008.08.12 10:13:56 | 03,508,568 | —- | M] (ashampoo GmbH & Co. KG) — F:Program FilesAshampooAshampoo UnInstaller 3UIWatcher.exe
PRC — [2009.04.28 11:50:42 | 00,307,704 | —- | M] (Mozilla Corporation) — F:Program FilesMozilla Firefoxfirefox.exe
PRC — [2004.08.18 16:00:00 | 00,119,808 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32winmine.exe
PRC — [2009.05.25 22:36:17 | 00,501,248 | —- | M] (OldTimer Tools) — F:Distributives 5OTListIt2.exe
PRC — [2008.04.14 20:11:04 | 00,069,120 | —- | M] (Корпорация Майкрософт) — F:WINDOWSnotepad.exe

========== Win32 Services (SafeList) ==========

SRV — [2008.04.14 20:10:33 | 00,171,008 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32appmgmts.dll — (AppMgmt [On_Demand | Stopped])
SRV — [2008.04.14 20:10:43 | 00,409,088 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32qmgr.dll — (BITS [On_Demand | Stopped])
SRV — [2008.04.14 20:10:35 | 00,126,464 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32dhcpcsvc.dll — (Dhcp [Auto | Running])
SRV — [2008.04.14 20:10:35 | 00,024,064 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32dmserver.dll — (dmserver [Auto | Running])
SRV — [2008.04.14 20:10:35 | 00,045,568 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32dnsrslvr.dll — (Dnscache [Auto | Running])
SRV — [2008.10.24 21:56:30 | 00,019,200 | —- | M] (ESET) — F:Program FilesESETESET Smart SecurityEHttpSrv.exe — (EhttpSrv [On_Demand | Stopped])
SRV — [2007.12.21 09:21:16 | 00,468,224 | —- | M] (ESET) — F:Program FilesESETESET Smart Securityekrn.exe — (ekrn [Auto | Running])
SRV — [2008.04.14 20:11:08 | 00,109,056 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32services.exe — (Eventlog [Auto | Running])
SRV — [2008.04.14 20:10:44 | 00,135,680 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32shsvcs.dll — (FastUserSwitchingCompatibility [On_Demand | Running])
SRV — [2008.04.14 20:10:43 | 00,038,400 | —- | M] (Microsoft Corporation) — F:WINDOWSPCHealthHelpCtrBinariespchsvc.dll — (helpsvc [Auto | Running])
SRV — [2008.04.14 20:10:58 | 00,150,528 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32imapi.exe — (ImapiService [On_Demand | Stopped])
SRV — [2009.04.06 15:32:48 | 00,179,856 | —- | M] (Malwarebytes Corporation) — F:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe — (MBAMService [Auto | Running])
SRV — [2003.06.20 00:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — F:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE — (MDM [Auto | Running])
SRV — [2006.10.27 01:47:54 | 00,065,824 | —- | M] (Microsoft Corporation) — F:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe — (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV — [2008.04.14 20:11:00 | 00,032,768 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32mnmsrvc.exe — (mnmsrvc [On_Demand | Stopped])
SRV — [2008.04.14 20:11:04 | 00,113,664 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32netdde.exe — (NetDDE [Disabled | Stopped])
SRV — [2008.04.14 20:11:04 | 00,113,664 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32netdde.exe — (NetDDEdsdm [Disabled | Stopped])
SRV — [2008.04.14 20:10:41 | 00,198,144 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32netman.dll — (Netman [On_Demand | Running])
SRV — [2008.06.20 21:48:23 | 00,247,296 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32mswsock.dll — (Nla [On_Demand | Running])
SRV — [2008.04.14 20:10:42 | 00,436,736 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32ntmssvc.dll — (NtmsSvc [On_Demand | Stopped])
SRV — [2006.10.22 13:22:00 | 00,159,810 | —- | M] (NVIDIA Corporation) — F:WINDOWSsystem32nvsvc32.exe — (NVSvc [Auto | Running])
SRV — [2006.10.26 20:49:34 | 00,441,136 | —- | M] (Microsoft Corporation) — F:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE — (odserv [On_Demand | Stopped])
SRV — [2006.10.26 15:03:08 | 00,145,184 | —- | M] (Microsoft Corporation) — F:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
SRV — [2008.04.14 20:11:08 | 00,109,056 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32services.exe — (PlugPlay [Auto | Running])
SRV — [2008.04.14 20:11:08 | 00,141,824 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32sessmgr.exe — (RDSessMgr [On_Demand | Stopped])
SRV — [2008.04.14 20:11:07 | 00,096,768 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32SCardSvr.exe — (SCardSvr [On_Demand | Stopped])
SRV — [2008.04.14 20:10:44 | 00,193,024 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32schedsvc.dll — (Schedule [Auto | Running])
SRV — [2008.04.14 20:10:44 | 00,018,944 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32seclogon.dll — (seclogon [Auto | Running])
SRV — [2008.04.14 20:10:38 | 00,331,264 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32ipnathlp.dll — (SharedAccess [Auto | Running])
SRV — [2008.04.14 20:10:44 | 00,135,680 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32shsvcs.dll — (ShellHWDetection [Auto | Running])
SRV — [2008.04.14 20:10:45 | 00,171,008 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32srsvc.dll — (srservice [Auto | Running])
SRV — [2008.04.14 20:10:46 | 00,333,824 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32wiaservc.dll — (stisvc [On_Demand | Stopped])
SRV — [2008.04.14 20:11:09 | 00,091,648 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32smlogsvc.exe — (SysmonLog [On_Demand | Stopped])
SRV — [2008.04.14 20:10:45 | 00,249,856 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32tapisrv.dll — (TapiSrv [On_Demand | Running])
SRV — [2008.04.14 20:10:45 | 00,295,936 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32termsrv.dll — (TermService [On_Demand | Running])
SRV — [2008.04.14 20:10:44 | 00,135,680 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32shsvcs.dll — (Themes [Auto | Running])
SRV — [2008.04.14 20:11:11 | 00,073,216 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32tlntsvr.exe — (TlntSvr [Disabled | Stopped])
SRV — [2008.04.14 20:10:46 | 00,186,368 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32upnphost.dll — (upnphost [On_Demand | Stopped])
SRV — [2008.04.14 20:11:12 | 00,290,304 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32vssvc.exe — (VSS [On_Demand | Stopped])
SRV — [2008.04.14 20:10:46 | 00,175,616 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32w32time.dll — (W32Time [Auto | Running])
SRV — [2008.04.14 20:10:46 | 00,145,408 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32wbemWMIsvc.dll — (winmgmt [Auto | Running])
SRV — [2008.04.14 20:10:33 | 00,687,616 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32advapi32.dll — (Wmi [On_Demand | Stopped])
SRV — [2008.04.14 20:11:13 | 00,126,464 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32wbemwmiapsrv.exe — (WmiApSrv [On_Demand | Stopped])
SRV — [2008.04.14 20:10:48 | 00,483,840 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32wzcsvc.dll — (WZCSVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV — [2008.04.14 19:37:37 | 00,188,288 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSACPI.sys — (ACPI [Boot | Running])
DRV — [2004.08.18 16:00:00 | 00,011,776 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driversacpiec.sys — (ACPIEC [Disabled | Stopped])
DRV — [2008.02.25 13:40:52 | 00,098,328 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32COMMONFX.DLL — (COMMONFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:44 | 00,170,520 | —- | M] (Creative Technology Ltd.) — F:WINDOWSsystem32CT20XUT.DLL — (CT20XUT.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:43:16 | 00,511,000 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32driversctac32k.sys — (ctac32k [On_Demand | Stopped])
DRV — [2008.02.25 13:43:24 | 00,524,312 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32driversctaud2k.sys — (ctaud2k [On_Demand | Stopped])
DRV — [2008.02.25 13:40:56 | 00,551,960 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTAUDFX.DLL — (CTAUDFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:06 | 00,174,104 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTEAPSFX.DLL — (CTEAPSFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:10 | 00,286,232 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTEDSPFX.DLL — (CTEDSPFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:18 | 00,134,680 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTEDSPIO.DLL — (CTEDSPIO.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:28 | 00,329,240 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTEDSPSY.DLL — (CTEDSPSY.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:14 | 00,100,888 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTERFXFX.DLL — (CTERFXFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:36 | 01,323,544 | —- | M] (Creative Technology Ltd.) — F:WINDOWSsystem32CTEXFIFX.DLL — (CTEXFIFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:41:50 | 00,072,728 | —- | M] (Creative Technology Ltd.) — F:WINDOWSsystem32CTHWIUT.DLL — (CTHWIUT.DLL [On_Demand | Stopped])
DRV — [2001.08.18 00:19:20 | 00,003,712 | —- | M] (Creative Technology Ltd.) — F:WINDOWSsystem32DRIVERSctljystk.sys — (ctljystk [On_Demand | Stopped])
DRV — [2008.02.25 13:44:00 | 00,014,360 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32driversctprxy2k.sys — (ctprxy2k [On_Demand | Stopped])
DRV — [2008.02.25 13:41:02 | 00,566,296 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32CTSBLFX.DLL — (CTSBLFX.DLL [On_Demand | Stopped])
DRV — [2008.02.25 13:44:08 | 00,157,208 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32driversctsfm2k.sys — (ctsfm2k [On_Demand | Stopped])
DRV — [2008.10.24 21:45:32 | 00,039,944 | —- | M] (ESET) — F:WINDOWSsystem32DRIVERSeamon.sys — (eamon [Auto | Running])
DRV — [2008.10.24 21:46:24 | 00,053,256 | —- | M] (ESET) — F:WINDOWSsystem32DRIVERSeasdrv.sys — (easdrv [System | Running])
DRV — [2008.02.25 13:44:22 | 00,092,696 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32driversemupia2k.sys — (emupia [On_Demand | Stopped])
DRV — [2008.10.24 21:53:20 | 00,073,224 | —- | M] (ESET) — F:WINDOWSsystem32DRIVERSepfw.sys — (epfw [Auto | Running])
DRV — [2008.10.24 21:53:24 | 00,031,240 | —- | M] (ESET) — F:WINDOWSsystem32DRIVERSEpfwndis.sys — (Epfwndis [On_Demand | Running])
DRV — [2008.10.24 21:53:26 | 00,054,280 | —- | M] (ESET) — F:WINDOWSsystem32DRIVERSepfwtdi.sys — (epfwtdi [System | Running])
DRV — [2008.04.14 19:41:12 | 00,044,544 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driversfips.sys — (Fips [System | Running])
DRV — [2004.08.18 16:00:00 | 00,125,440 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSftdisk.sys — (Ftdisk [Boot | Running])
DRV — [2008.04.13 22:45:29 | 00,010,624 | —- | M] (Microsoft Corporation) — F:WINDOWSsystem32DRIVERSgameenum.sys — (gameenum [On_Demand | Running])
DRV — [2008.02.25 13:44:30 | 00,797,720 | —- | M] (Creative Technology Ltd) — F:WINDOWSsystem32driversha10kx2k.sys — (ha10kx2k [On_Demand | Stopped])
DRV — [2008.04.14 19:44:08 | 00,053,120 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSi8042prt.sys — (i8042prt [System | Running])
DRV — [2008.04.14 19:46:17 | 00,005,504 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSintelide.sys — (IntelIde [Boot | Running])
DRV — [2008.04.14 19:47:15 | 00,037,504 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSisapnp.sys — (isapnp [Boot | Running])
DRV — [2008.04.14 19:47:55 | 00,024,832 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSkbdclass.sys — (Kbdclass [System | Running])
DRV — [2003.08.19 02:27:54 | 00,510,592 | —- | M] (Eugene Gavrilov) — F:WINDOWSsystem32driverskx.sys — (kxwdmdrv [On_Demand | Running])
DRV — [2009.04.06 15:32:46 | 00,015,504 | —- | M] (Malwarebytes Corporation) — F:WINDOWSsystem32driversmbam.sys — (MBAMProtector [On_Demand | Running])
DRV — [2008.04.14 19:37:37 | 00,030,208 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driversmodem.sys — (Modem [On_Demand | Running])
DRV — [2001.08.18 01:57:38 | 00,016,128 | —- | M] (Microsoft Corporation) — F:WINDOWSsystem32driversMODEMCSA.sys — (MODEMCSA [On_Demand | Running])
DRV — [2008.04.14 19:37:43 | 00,023,296 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSmouclass.sys — (Mouclass [System | Running])
DRV — [2006.10.22 13:22:00 | 03,994,624 | —- | M] (NVIDIA Corporation) — F:WINDOWSsystem32DRIVERSnv4_mini.sys — (nv [On_Demand | Running])
DRV — [2008.02.25 13:43:56 | 00,127,000 | —- | M] (Creative Technology Ltd.) — F:WINDOWSsystem32driversctoss2k.sys — (ossrv [On_Demand | Stopped])
DRV — [2008.04.14 19:52:21 | 00,080,128 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSparport.sys — (Parport [On_Demand | Running])
DRV — [2004.08.18 16:00:00 | 00,006,912 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driversparvdm.sys — (ParVdm [Auto | Running])
DRV — [2008.04.14 19:52:28 | 00,068,480 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSpci.sys — (PCI [Boot | Running])
DRV — [2004.08.18 16:00:00 | 00,003,328 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driverspciide.sys — (PCIIde [Boot | Running])
DRV — [2008.04.14 19:52:30 | 00,120,192 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driverspcmcia.sys — (Pcmcia [Disabled | Stopped])
DRV — [2008.12.31 11:08:21 | 00,047,360 | —- | M] (VSO Software) — F:WINDOWSSystem32Driverspcouffin.sys — (pcouffin [On_Demand | Running])
DRV — [2004.08.18 16:00:00 | 00,017,792 | —- | M] (Parallel Technologies, Inc.) — F:WINDOWSsystem32DRIVERSptilink.sys — (Ptilink [On_Demand | Running])
DRV — [2008.04.14 19:41:47 | 00,058,368 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSredbook.sys — (redbook [System | Running])
DRV — [2004.08.04 02:31:34 | 00,020,992 | —- | M] (Realtek Semiconductor Corporation) — F:WINDOWSsystem32DRIVERSRTL8139.SYS — (rtl8139 [On_Demand | Running])
DRV — [2008.04.13 20:39:17 | 00,020,480 | —- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) — F:WINDOWSsystem32DRIVERSsecdrv.sys — (Secdrv [On_Demand | Stopped])
DRV — [2008.04.14 19:44:00 | 00,065,024 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSserial.sys — (Serial [System | Running])
DRV — [2006.06.14 19:10:38 | 00,058,232 | —- | M] (Protection Technology (StarForce)) — F:WINDOWSSystem32driverssfdrv01.sys — (sfdrv01 [Boot | Running])
DRV — [2006.06.14 18:56:56 | 00,013,680 | —- | M] (Protection Technology (StarForce)) — F:WINDOWSSystem32driverssfhlp02.sys — (sfhlp02 [Boot | Running])
DRV — [2006.06.15 13:27:00 | 00,027,032 | —- | M] (Protection Technology) — F:WINDOWSSystem32driverssfsync02.sys — (sfsync02 [Boot | Running])
DRV — [2009.04.02 00:02:14 | 00,717,296 | —- | M] () — F:WINDOWSSystem32Driverssptd.sys — (sptd [Boot | Running])
DRV — [2008.04.14 19:52:45 | 00,073,472 | —- | M] (Корпорация Майкрософт) — F:WINDOWSsystem32DRIVERSsr.sys — (sr [Boot | Running])
DRV — [2008.04.14 19:40:08 | 00,051,968 | —- | M] (Корпорация Майкрософт) — F:WINDOWSSystem32driversvolsnap.sys — (VolSnap [Boot | Running])
DRV — [2005.01.12 17:52:03 | 00,153,388 | —- | M] (Conexant Systems Inc.) — F:WINDOWSsystem32DRIVERSgwausb.sys — (wanusb [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE — HKLMSOFTWAREMicrosoftInternet ExplorerSearch,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE — HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE — HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE — HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE — HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE — HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE — HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftInternet ExplorerMain,Local Page = F:WINDOWSsystem32blank.htm
IE — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
IE — HKUS-1-5-21-796845957-484763869-725345543-1003S-1-5-21-796845957-484763869-725345543-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

========== FireFox ==========

FF — prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF — prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF — prefs.js..extensions.enabledItems: {9CF826EF-2211-4747-ACD8-711F744C2424}:1.0
FF — prefs.js..extensions.enabledItems: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}:2.0.1.20
FF — prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF — HKLMsoftwaremozillaMozilla Firefox 3.0.10extensions\Components: F:PROGRAM FILESMOZILLA FIREFOXCOMPONENTS [2009.05.01 01:18:34 | 00,000,000 | —D | M]
FF — HKLMsoftwaremozillaMozilla Firefox 3.0.10extensions\Plugins: F:PROGRAM FILESMOZILLA FIREFOXPLUGINS [2009.04.28 11:50:49 | 00,000,000 | —D | M]

[2008.12.31 11:33:52 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaExtensions
[2008.12.31 11:33:52 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.05.25 12:04:47 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaFirefoxProfilescgkuhzkg.defaultextensions
[2009.03.05 04:40:56 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaFirefoxProfilescgkuhzkg.defaultextensions{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2009.05.20 12:00:12 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaFirefoxProfilescgkuhzkg.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.01.01 20:36:27 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaFirefoxProfilescgkuhzkg.defaultextensionsim@adcentria
[2009.05.04 19:12:21 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaFirefoxProfilescgkuhzkg.defaultextensionsyasearch@yandex.ru
[2009.05.04 19:12:20 | 00,000,000 | —D | M] — F:Documents and SettingsArkadyApplication DatamozillaFirefoxProfilescgkuhzkg.defaultextensionsyasearch@yandex.ruchromeskinextensions-hacks
[2009.04.02 00:06:05 | 00,002,921 | —- | M] () — F:Documents and SettingsArkadyApplication DataMozillaFireFoxProfilescgkuhzkg.defaultsearchpluginsdaemon-search.xml
[2009.05.25 12:04:47 | 00,000,000 | —D | M] — F:Program Filesmozilla firefoxextensions
[2009.04.28 11:50:49 | 00,000,000 | —D | M] — F:Program Filesmozilla firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.05.16 23:30:58 | 00,000,000 | —D | M] — F:Program Filesmozilla firefoxextensions{9CF826EF-2211-4747-ACD8-711F744C2424}
[2009.04.28 11:50:41 | 00,023,032 | —- | M] (Mozilla Foundation) — F:Program Filesmozilla firefoxcomponentsbrowserdirprovider.dll
[2009.04.28 11:50:41 | 00,134,648 | —- | M] (Mozilla Foundation) — F:Program Filesmozilla firefoxcomponentsbrwsrcmp.dll
[2008.04.16 08:08:20 | 00,001,706 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginsgoogle.xml
[2009.03.05 04:41:53 | 00,001,435 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginsmailru.xml
[2008.02.22 20:20:12 | 00,001,122 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginspriceru.xml
[2008.02.10 16:18:02 | 00,002,395 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginsrambler.xml
[2008.04.08 19:54:28 | 00,001,945 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginstorgmailru.xml
[2008.03.29 19:24:40 | 00,001,304 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginswikipedia-ru.xml
[2008.01.09 23:49:44 | 00,004,072 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginsyandex-slovari.xml
[2008.10.22 20:58:02 | 00,004,244 | —- | M] () — F:Program Filesmozilla firefoxsearchpluginsyandex.xml

O1 HOSTS File: (914 bytes) — F:WINDOWSSystem32driversetcHosts
O1 — Hosts: 127.0.0.1 localhost
O1 — Hosts: 127.0.0.1 http://www.ursoftware.com
O1 — Hosts: 127.0.0.1 http://www.ursoftware.com/support
O1 — Hosts: 127.0.0.1 http://www.ursoftware.com/order.php
O1 — Hosts: 127.0.0.1 http://www.ursoftware.com/buy_yu
O2 — BHO: (AcroIEHlprObj Class) — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — F:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 — BHO: (Groove GFS Browser Helper) — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — F:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O2 — BHO: (MailRuBHO Class) — {8984B388-A5BB-4DF7-B274-77B879E179DB} — f:program filesmail.rusputnikMailRuSputnik.dll (@Mail.Ru)
O2 — BHO: (IE 4.x-6.x BHO for Download Master) — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — F:Program FilesDownload Masterdmiehlp.dll (WestByte)
O3 — HKLM..Toolbar: (Спутник@Mail.Ru) — {09900DE8-1DCA-443F-9243-26FF581438AF} — f:program filesmail.rusputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKUS-1-5-21-796845957-484763869-725345543-1003..ToolbarShellBrowser: (no name) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — F:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O3 — HKUS-1-5-21-796845957-484763869-725345543-1003..ToolbarWebBrowser: (no name) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — F:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O3 — HKUS-1-5-21-796845957-484763869-725345543-1003..ToolbarWebBrowser: (no name) — {09900DE8-1DCA-443F-9243-26FF581438AF} — f:program filesmail.rusputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKUS-1-5-21-796845957-484763869-725345543-1003..ToolbarWebBrowser: (no name) — {0E5CBF21-D15F-11D0-8301-00AA005B4383} — F:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)
O4 — HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:Program FilesGoogleGmail Notifiergnotify.exe (Google Inc.)
O4 — HKLM..Run: [AsioReg] REGSVR32 /S CTASIO.DLL (Корпорация Майкрософт)
O4 — HKLM..Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 — HKLM..Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 — HKLM..Run: [DSLAGENTEXE] F:Program FilesD-LinkDSL-200dslagent.exe ()
O4 — HKLM..Run: [DSLSTATEXE] F:Program FilesD-LinkDSL-200dslstat.exe icon (D-Link Inc)
O4 — HKLM..Run: [egui] «F:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice (ESET)
O4 — HKLM..Run: [GrooveMonitor] «F:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe» (Microsoft Corporation)
O4 — HKLM..Run: [Malwarebytes’ Anti-Malware] «F:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe» /starttray (Malwarebytes Corporation)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE F:WINDOWSsystem32NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE F:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 — HKUS-1-5-21-796845957-484763869-725345543-1003..Run: [OM2_Monitor] «F:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe» -NoStart (OLYMPUS IMAGING CORP.)
O4 — HKUS-1-5-21-796845957-484763869-725345543-1003..Run: [UIWatcher] F:Program FilesAshampooAshampoo UnInstaller 3UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 — HKUS-1-5-21-796845957-484763869-725345543-1003..Run: [uTorrent] «F:Program FilesuTorrentuTorrent.exe» ()
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: dontdisplaylastusername = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticecaption =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticetext =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: shutdownwithoutlogon = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: undockwithoutlogon = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableRegistryTools = 0
O7 — HKU.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-18SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-19SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-19_ClassesSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-20SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-20_ClassesSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-796845957-484763869-725345543-1003SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 — HKUS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableRegistryTools = 0
O7 — HKUS-1-5-21-796845957-484763869-725345543-1003_ClassesSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://F:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 (Microsoft Corporation)
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — F:Program FilesDownload Masterdmieall.htm ()
O8 — Extra context menu item: Закачать при помощи Download Master — F:Program FilesDownload Masterdmie.htm ()
O8 — Extra context menu item: Поиск@Mail.Ru — res://f:program filesmail.rusputnikMailRuSputnik.dll/282 (@Mail.Ru)
O8 — Extra context menu item: Словари@Mail.Ru — res://f:program filesmail.rusputnikMailRuSputnik.dll/283 (@Mail.Ru)
O9 — Extra Button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — F:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — F:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 — Extra Button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — F:Program FilesDownload Masterdmaster.exe (WestByte)
O9 — Extra ‘Tools’ menuitem : &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — F:Program FilesDownload Masterdmaster.exe (WestByte)
O9 — Extra Button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — F:Program FilesMicrosoft OfficeOffice12REFIEBAR.DLL (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — F:WINDOWSNetwork Diagnosticxpnetdiag.exe (Microsoft Corporation)
O9 — Extra Button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — F:Program FilesMessengermsmsgs.exe (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — F:Program FilesMessengermsmsgs.exe (Microsoft Corporation)
O10 — NameSpace_Catalog5Catalog_Entries00000000001 [TCP/IP] — F:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — NameSpace_Catalog5Catalog_Entries00000000003 [Пространство имен службы сетевого расположения (NLA)] — F:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000001 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000002 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000003 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000004 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000005 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000006 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000007 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000008 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000009 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000010 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000011 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000012 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000013 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000014 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000015 — F:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O15 — HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230715610461 (WUWebControl Class)
O18 — ProtocolHandlerabout {3050F406-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlercdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerdvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} — F:WINDOWSsystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerfile {79eac9e7-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlergopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlergrooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} — F:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttp {79eac9e2-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerhttps {79eac9e5-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerjavascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlerlocal {79eac9e7-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlermailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlermk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — F:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 — ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} — F:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 — ProtocolHandlerres {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlersysimage {76E67A63-06E9-11D2-A840-006008059382} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolHandlertv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} — F:WINDOWSsystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolHandlervbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} — F:WINDOWSsystem32mshtml.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — Class Install Handler — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — deflate — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — gzip — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — lzdhtml — F:WINDOWSsystem32urlmon.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — text/webviewhtml — F:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)
O18 — ProtocolFilter: — text/xml — F:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
25 мая, 2009 в 7:27 пп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23961
1arkady1
Participant
- Темы:1
- Сообщений:9
А второй лог-файл я уже три раза засылал безуспешно. Я засылаю — и вижу: сообщений 6. Хотя их хоть как должно быть 7. Не знаю в чём здесь дело.
25 мая, 2009 в 6:43 пп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23960
1arkady1
Participant
- Темы:1
- Сообщений:9
Первый лог:

OTListIt Extras logfile created on: 25.05.2009 22:38:44 — Run 1
OTListIt2 by OldTimer — Version 2.0.15.8 Folder = F:Distributives 5
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

511,48 Mb Total Physical Memory | 161,63 Mb Available Physical Memory | 31,60% Memory free
1,22 Gb Paging File | 0,85 Gb Available in Paging File | 69,74% Paging File free
Paging file location(s): F:pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:WINDOWS | %ProgramFiles% = F:Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 115,03 Gb Total Space | 15,73 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 25,06 Gb Free Space | 8,97% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEZUMNY-D91A125
Current User Name: Arkady
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.cpl [@ = cplfile] — rundll32.exe shell32.dll,Control_RunDLL «%1»,%*
.hlp [@ = hlpfile] — F:WINDOWSSystem32winhlp32.exe (Корпорация Майкрософт)
.html [@ = htmlfile] — F:Program FilesInternet ExplorerIEXPLORE.EXE (Корпорация Майкрософт)
.inf [@ = inffile] — F:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)
.ini [@ = inifile] — F:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)
.url [@ = InternetShortcut] — rundll32.exe shdocvw.dll,OpenURL %l
.reg [@ = regfile] — F:WINDOWSregedit.exe (Корпорация Майкрософт)
.txt [@ = txtfile] — F:WINDOWSsystem32NOTEPAD.EXE (Корпорация Майкрософт)

[HKEY_CURRENT_USERSOFTWAREClasses]
.html [@ = FirefoxHTML] — F:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

[HKEY_USERSS-1-5-21-796845957-484763869-725345543-1003SOFTWAREClasses]
.html [@ = FirefoxHTML] — F:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled» = 1
«AntiVirusDisableNotify» = 0
«FirewallDisableNotify» = 0
«UpdatesDisableNotify» = 0
«AntiVirusOverride» = 0
«FirewallOverride» = 0
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile
«EnableFirewall» = 0

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
«EnableFirewall» = 0
«DisableNotifications» = 0
«DoNotAllowExceptions» = 0

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2008.04.14 20:11:08 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008.04.13 22:53:32 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2008.04.14 20:11:08 | 00,141,824 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008.12.31 18:41:42 | 00,219,952 | —- | M] () — F:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent
[2006.10.27 16:16:48 | 12,813,096 | —- | M] (Microsoft Corporation) — F:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006.10.27 16:37:44 | 00,338,216 | —- | M] (Microsoft Corporation) — F:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006.10.27 16:03:04 | 01,018,664 | —- | M] (Microsoft Corporation) — F:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008.04.13 22:53:32 | 00,558,080 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009.04.16 15:36:36 | 24,264,488 | —- | M] (Skype Technologies S.A.) — G:GameSkypePortableAppSkypePhoneSkype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{0228e555-4f9c-4e35-a3ec-b109a192b4c2}» = Google Gmail Notifier
«{04825DC3-7443-4701-A423-D6255C74B425}» = Крещенный Кровью
«{12B60D3B-90B4-4175-BB90-FCE19ACD9B02}» = CUE Splitter
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}» = WebFldrs XP
«{3FADAA19-E595-44CA-A072-58B6B0851768}» = Norton Security Scan
«{45FCADDB-0B29-457E-83A1-D245C62A716C}» = OLYMPUS Master 2
«{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}» = ESET Smart Security
«{6815FCDD-401D-481E-BA88-31B4754C2B46}» = Macromedia Flash Player 8
«{716E0306-8318-4364-8B8F-0CC4E9376BAC}» = MSXML 4.0 SP2 Parser and SDK
«{76C24F39-B161-498F-BD8B-C64789812D13}_is1» = ConvertXtoDVD 3.3.3.104
«{870F1750-BA89-11DA-A94D-0800200C9A66}_is1» = VSO CopyToDVD 4
«{8714A232-DD3A-49EE-9E22-0E0C5667D593}_is1» = “1С Мобильные игры” (Только Удаление)
«{90120000-0010-0419-0000-0000000FF1CE}» = Microsoft Software Update for Web Folders (Russian) 12
«{90120000-0015-0419-0000-0000000FF1CE}» = Microsoft Office Access MUI (Russian) 2007
«{90120000-0016-0419-0000-0000000FF1CE}» = Microsoft Office Excel MUI (Russian) 2007
«{90120000-0018-0419-0000-0000000FF1CE}» = Microsoft Office PowerPoint MUI (Russian) 2007
«{90120000-0019-0419-0000-0000000FF1CE}» = Microsoft Office Publisher MUI (Russian) 2007
«{90120000-001A-0419-0000-0000000FF1CE}» = Microsoft Office Outlook MUI (Russian) 2007
«{90120000-001B-0419-0000-0000000FF1CE}» = Microsoft Office Word MUI (Russian) 2007
«{90120000-001F-0407-0000-0000000FF1CE}» = Microsoft Office Proof (German) 2007
«{90120000-001F-0409-0000-0000000FF1CE}» = Microsoft Office Proof (English) 2007
«{90120000-001F-0419-0000-0000000FF1CE}» = Microsoft Office Proof (Russian) 2007
«{90120000-001F-0422-0000-0000000FF1CE}» = Microsoft Office Proof (Ukrainian) 2007
«{90120000-0020-0419-0000-0000000FF1CE}» = Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office
«{90120000-002C-0419-0000-0000000FF1CE}» = Microsoft Office Proofing (Russian) 2007
«{90120000-0030-0000-0000-0000000FF1CE}» = Microsoft Office Enterprise 2007
«{90120000-0044-0419-0000-0000000FF1CE}» = Microsoft Office InfoPath MUI (Russian) 2007
«{90120000-006E-0419-0000-0000000FF1CE}» = Microsoft Office Shared MUI (Russian) 2007
«{90120000-00A1-0419-0000-0000000FF1CE}» = Microsoft Office OneNote MUI (Russian) 2007
«{90120000-00BA-0419-0000-0000000FF1CE}» = Microsoft Office Groove MUI (Russian) 2007
«{A49F249F-0C91-497F-86DF-B2585E8E76B7}» = Microsoft Visual C++ 2005 Redistributable
«{A7E07C2B-2220-4415-87E3-784D5814BC93}» = NVIDIA PhysX v8.09.04
«{AC76BA86-7AD7-1049-7B44-A70000000000}» = Adobe Reader 7.0 — Russian
«{C0D6B01A-3ECE-44E5-A721-CAEB1EA47A78}» = «Стритрейсер»
«{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}» = QuickTime
«284BF7ED0C73637415D40EE7E3BA66EA2236B6CC» = Пакет драйверов Windows — Creative MEDIA (08/25/2006 )
«7C8CCF1AA00F7E54E86BA079871FC2152DC40D30» = Пакет драйверов Windows — Creative (ossrv) MEDIA (02/22/2008 6.0.01.1304)
«Adobe Flash Player Plugin» = Adobe Flash Player 10 Plugin
«Adobe Shockwave Player» = Adobe Shockwave Player 11
«AnyReader» = AnyReader 2.1
«Ashampoo UnInstaller 3_is1» = Ashampoo UnInstaller 3.10
«AviInfo» = AviInfo 3.1.0
«DAEMON Tools Toolbar» = DAEMON Tools Toolbar
«Dicto_is1» = Dicto 2.1.5.2
«D-Link DSL-200 USB Modem» = D-Link DSL-200 USB Modem
«Download Master_is1» = Download Master version 5.5.7.1145
«DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1» = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2
«Easy CD-DA Extractor 12» = Easy CD-DA Extractor 12
«ENTERPRISE» = Microsoft Office Enterprise 2007
«Free Video to Mp3 Converter_is1» = Free Video to Mp3 Converter version 3.1
«GameSpy Arcade» = GameSpy Arcade
«GTA — Ментовский беспредел_is1» = GTA — Ментовский беспредел
«HijackThis» = HijackThis 2.0.2
«iCF Skin Pack» = iCF Skin Pack
«iColorFolder» = iColorFolder
«IsoBuster_is1» = IsoBuster 2.4
«KLiteCodecPack_is1» = K-Lite Mega Codec Pack 4.4.2
«Lacrimosa — Lichtgestalt Screensaver» = Lacrimosa — Lichtgestalt Screensaver
«Lacrimosa Screensaver Screensaver» = Lacrimosa Screensaver Screensaver
«MailRuSputnik» = Mail.Ru Спутник 2.0.1.78
«Malwarebytes’ Anti-Malware_is1» = Malwarebytes’ Anti-Malware
«Monkey’s Audio_is1» = Monkey’s Audio
«Mozilla Firefox (3.0.10)» = Mozilla Firefox (3.0.10)
«MyCentria» = Интернет помощник MyCentria
«NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}» = Norton Security Scan (Symantec Corporation)
«NVIDIA Drivers» = NVIDIA Drivers
«pdd_multisoft_is1» = 3D Инструктор. Учебный автосимулятор
«‘Rappelz. Власть Драконов.’_is1» = ‘Rappelz’
«STDU Viewer_is1» = STDU Viewer version 1.5.221.0
«TagScanner_is1» = TagScanner 5.0 build 525
«The KMPlayer» = The KMPlayer (remove only)
«Total Commander» = Total Commander 7.04 PowerPack
«UltraISO_is1» = UltraISO Premium V9.32
«Uninstall_is1» = Uninstall 1.0.0.1
«Unlocker» = Unlocker 1.8.5
«VirtualDubMod 1.5.10.2» = VirtualDubMod 1.5.10.2
«Windows XP Service Pack» = Windows XP Service Pack 3
«WinRAR archiver» = Архиватор WinRAR
«XviD» = XviD MPEG-4 Codec
«Your Uninstaller! 2008_is1» = Your Uninstaller! 2008 Version 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«uTorrent» = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-796845957-484763869-725345543-1003SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«uTorrent» = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error — 10.05.2009 3:59:23 | Computer Name = BEZUMNY-D91A125 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module comctl32.dll, version 6.0.2900.5512, stamp 48038185, debug? 0,
fault address 0x00061ce5.

Error — 10.05.2009 3:59:24 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение WINWORD.EXE, версия 12.0.4518.1014, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 12.05.2009 11:44:24 | Computer Name = BEZUMNY-D91A125 | Source = Application Error | ID = 1000
Description = Ошибка приложения sframe.exe, версия 0.0.0.0, модуль , версия 0.0.0.0,
адрес 0x00000000.

Error — 12.05.2009 12:47:41 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение winmine.exe, версия 5.1.2600.0, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 16.05.2009 5:27:39 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение KMPlayer.exe, версия 2.9.4.1434, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 17.05.2009 5:47:59 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение explorer.exe, версия 6.0.2900.5512, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 17.05.2009 22:57:17 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение rundll32.exe, версия 5.1.2600.5512, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 17.05.2009 22:57:44 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение notepad.exe, версия 5.1.2600.5512, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 23.05.2009 16:46:26 | Computer Name = BEZUMNY-D91A125 | Source = Application Hang | ID = 1002
Description = Зависшее приложение UnInstaller.exe, версия 3.1.0.0, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error — 24.05.2009 22:37:01 | Computer Name = BEZUMNY-D91A125 | Source = Application Error | ID = 1000
Description = Ошибка приложения abriv.exe, версия 0.0.0.0, модуль unknown, версия
0.0.0.0, адрес 0x05f76840.

[ OSession Events ]
Error — 01.02.2009 15:28:56 | Computer Name = BEZUMNY-D91A125 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 233
seconds with 60 seconds of active time. This session ended with a crash.

Error — 10.04.2009 6:35:47 | Computer Name = BEZUMNY-D91A125 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 394
seconds with 360 seconds of active time. This session ended with a crash.

Error — 10.05.2009 3:59:08 | Computer Name = BEZUMNY-D91A125 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 411
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error — 20.05.2009 18:15:44 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7031
Description = Служба Eset Service была неожиданно завершена. Это произошло 1 раз(а).
Следующее корректирующее действие будет предпринято через 0 мсек: Перезапуск службы.

Error — 20.05.2009 22:22:46 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126

Error — 22.05.2009 0:08:04 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126

Error — 23.05.2009 10:08:26 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126

Error — 23.05.2009 11:59:29 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126

Error — 23.05.2009 11:59:56 | Computer Name = BEZUMNY-D91A125 | Source = DCOM | ID = 10010
Description = Регистрация сервера {E60687F7-01A1-40AA-86AC-DB1CBF673334} DCOM не
прошла за отведенное время ожидания.

Error — 25.05.2009 2:16:12 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126

Error — 25.05.2009 7:16:08 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7034
Description = Служба «MBAMService» неожиданно прервана. Это произошло (раз): 1.

Error — 25.05.2009 7:17:23 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126

Error — 25.05.2009 8:52:09 | Computer Name = BEZUMNY-D91A125 | Source = Service Control Manager | ID = 7023
Description = Служба «Автоматическое обновление» завершена из-за ошибки %%126
21 мая, 2009 в 4:21 дп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23958
1arkady1
Participant
- Темы:1
- Сообщений:9
Mozilla Firefox 3.0.10. Но я Adblock Plus поставил, после чего вручную этот баннер убрал. Но ведь, как понимаю, это только его отображение перекрывает, а так-то, совсем и не устраняет его? Ибо, как только через этот аддон запрет снимаю — он снова выныривает…
18 мая, 2009 в 5:25 пп в ответ на: Наглый информер-вымогатель порно-сайта sexvideorussia.com #23956
1arkady1
Participant
- Темы:1
- Сообщений:9
Сделал всё в строгом соответствии с Вашими инструкциями. Вплоть до удаления Combofix. Гадость пока не исчезла. Прилагаю лог-файл:

ComboFix 09-05-17.08 — Arkady 18.05.2009 21:04.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.284 [GMT 4:00]
Running from: f:documents and settingsArkadyРабочий столComboFix.exe
Command switches used :: f:documents and settingsArkadyРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Персональный файервол ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:documents and settingsArkadyApplication Datainst.exe
f:windowsIE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 03:32 . 2009-05-18 03:32 61440 —-a-w f:windowssystem32driversxyednknz.sys
2009-05-17 12:47 . 2009-05-17 12:47

d

w f:documents and settingsArkadyDoctorWeb
2009-05-17 08:38 . 2009-05-17 08:38

d

w f:documents and settingsAll UsersApplication DataAshampoo
2009-05-17 08:38 . 2009-05-17 08:38

d

w f:program filesAshampoo
2009-05-17 06:15 . 2009-05-17 06:16

d

w f:program filestrend micro
2009-05-17 06:15 . 2009-05-17 06:16

d

w F:rsit
2009-05-17 05:21 . 2009-05-17 05:21

d

w f:documents and settingsArkadyApplication DataMalwarebytes
2009-05-17 05:21 . 2009-04-06 11:32 15504 —-a-w f:windowssystem32driversmbam.sys
2009-05-17 05:21 . 2009-04-06 11:32 38496 —-a-w f:windowssystem32driversmbamswissarmy.sys
2009-05-17 05:21 . 2009-05-17 05:21

d

w f:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-17 05:21 . 2009-05-17 05:21

d

w f:program filesMalwarebytes’ Anti-Malware
2009-05-16 10:09 . 2002-01-05 11:37 344064 —-a-w f:windowssystem32msvcr70.dll
2009-05-16 10:08 . 2009-05-16 10:09

d

w f:program filesCommon FilesDVDVideoSoft
2009-05-16 10:08 . 2009-05-16 10:08

d

w f:program filesDVDVideoSoft
2009-05-16 09:04 . 2009-05-16 09:08

d

w f:program filesVirtualDubMod
2009-05-13 20:22 . 2009-05-13 20:35

d

w f:documents and settingsArkadyLocal SettingsApplication DataWMTools Downloaded Files
2009-05-08 18:04 . 2009-05-08 18:04

d

w f:program filesGoogle
2009-05-04 15:12 . 2009-05-04 15:12

d

w f:documents and settingsArkadyApplication DataYandex
2009-05-01 12:48 . 2009-05-02 09:24

d

w f:documents and settingsArkadyLocal SettingsApplication DataNFS Underground 2
2009-05-01 12:48 . 2009-05-01 12:48

d

w f:program filesCommon FilesDirectX
2009-04-26 16:39 . 2009-04-26 16:39

d

w f:documents and settingsArkadyLocal SettingsApplication DataRadonLabs
2009-04-26 16:34 . 2009-04-26 16:34

d

w f:program filesXviD
2009-04-26 10:48 . 2009-04-26 10:48

d

w f:program filesasd
2009-04-25 19:28 . 2009-04-25 19:28

d

w f:program files1C
2009-04-25 19:27 . 2009-04-25 19:27

d

w f:windowssystem32AGEIA
2009-04-25 19:27 . 2009-04-25 19:28

d

w f:program filesAGEIA Technologies
2009-04-25 19:27 . 2009-04-25 19:27

d

w f:program filesCommon FilesWise Installation Wizard
2009-04-20 09:40 . 2009-04-20 09:40 1870915 —-a-w f:windowssystem32Lichtgestalt.scr
2009-04-20 09:39 . 2009-04-20 09:40

d

w f:program filesHall Of Sermon GmbH
2009-04-20 09:39 . 2009-04-20 09:39 1868667 —-a-w f:windowssystem32Lacrimosa.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 03:32 . 2009-05-18 03:32 128 —-a-w f:program filesipjo.txt
2009-05-18 02:48 . 2009-01-01 07:59

d

w f:program filesThe KMPlayer
2009-04-30 06:59 . 2009-01-08 08:27

d—h—w f:program filesInstallShield Installation Information
2009-04-26 01:31 . 2009-01-08 08:02

d

w f:program filesCommon FilesInstallShield
2009-04-22 18:31 . 2009-01-19 16:41

d

w f:program filesUnlocker
2009-04-16 03:49 . 2009-04-16 03:49 21840 —-a-w f:windowssystem32SIntfNT.dll
2009-04-16 03:49 . 2009-04-16 03:49 17212 —-a-w f:windowssystem32SIntf32.dll
2009-04-16 03:49 . 2009-04-16 03:49 12067 —-a-w f:windowssystem32SIntf16.dll
2009-04-12 05:38 . 2009-02-02 13:04

d

w f:program filesAnyReader
2009-04-12 01:07 . 2008-12-31 15:01

d

w f:program filesCommon FilesSymantec Shared
2009-04-12 01:00 . 2008-12-31 15:01

d

w f:program filesNorton Security Scan
2009-04-03 15:44 . 2009-04-01 20:06

d

w f:program filesDAEMON Tools Lite
2009-04-01 20:06 . 2009-04-01 20:06

d

w f:program filesDAEMON Tools Toolbar
2009-04-01 20:02 . 2009-03-16 12:16 717296 —-a-w f:windowssystem32driverssptd.sys
2009-03-29 06:15 . 2004-08-18 12:00 50206 —-a-w f:windowssystem32perfc019.dat
2009-03-29 06:15 . 2004-08-18 12:00 349224 —-a-w f:windowssystem32perfh019.dat
2009-03-27 11:38 . 2009-03-27 11:38

d

w f:program filesSTDU Viewer
2009-03-27 11:38 . 2009-03-27 11:38

d

w f:program filesCommon FilesSTDUtility
2009-03-16 12:20 . 2009-03-16 12:20 98304 —-a-w f:windowssystem32CmdLineExt.dll
2009-03-16 12:16 . 2008-12-31 06:47 86016 —-a-w f:windowssystem32OpenAL32.dll
2009-03-06 16:35 . 2008-12-31 10:57 69232 —-a-w f:documents and settingsArkadyLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»f:windowssystem32ctfmon.exe» [2008-04-14 15360]
«uTorrent»=»f:program filesuTorrentuTorrent.exe» [2008-12-31 219952]
«OM2_Monitor»=»f:program filesOLYMPUSOLYMPUS Master 2MMonitor.exe» [2007-09-04 95536]
«UIWatcher»=»f:program filesAshampooAshampoo UnInstaller 3UIWatcher.exe» [2008-08-12 3508568]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«DSLSTATEXE»=»f:program filesD-LinkDSL-200dslstat.exe» [2005-01-12 344064]
«DSLAGENTEXE»=»f:program filesD-LinkDSL-200dslagent.exe» [2005-01-12 65536]
«GrooveMonitor»=»f:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NvCplDaemon»=»f:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«NvMediaCenter»=»f:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«egui»=»f:program filesESETESET Smart Securityegui.exe» [2008-10-24 1451264]
«{0228e555-4f9c-4e35-a3ec-b109a192b4c2}»=»f:program filesGoogleGmail Notifiergnotify.exe» [2005-07-15 479232]
«Malwarebytes’ Anti-Malware»=»f:program filesMalwarebytes’ Anti-Malwarembamgui.exe» [2009-04-06 401040]
«AsioReg»=»CTASIO.DLL» — f:windowssystem32ctasio.dll [2008-02-20 46592]
«CTHelper»=»CTHELPER.EXE» — f:windowssystem32CtHelper.exe [2008-02-20 19456]
«CTxfiHlp»=»CTXFIHLP.EXE» — f:windowssystem32Ctxfihlp.exe [2008-02-20 19968]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»f:windowssystem32CTFMON.EXE» [2008-04-14 15360]

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32
«wave»= serwvdrv.dll

[HKLM~startupfolderF:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
path=f:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаTotal Commander.lnk
backup=f:windowspssTotal Commander.lnkCommon Startup

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«f:\Program Files\uTorrent\uTorrent.exe»=
«f:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«f:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«f:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«g:\Game\SkypePortable\App\Skype\Phone\Skype.exe»=

R2 ekrn;Eset Service;f:program filesESETESET Smart Securityekrn.exe [21.12.2007 9:21 468224]
R2 MBAMService;MBAMService;f:program filesMalwarebytes’ Anti-Malwarembamservice.exe [17.05.2009 9:21 179856]
R3 kxwdmdrv;kX WDM Driver Service;f:windowssystem32driverskx.sys [19.08.2003 2:27 510592]
R3 MBAMProtector;MBAMProtector;f:windowssystem32driversmbam.sys [17.05.2009 9:21 15504]

— Other Services/Drivers In Memory —

*Deregistered* — dump_wmimmc
.
Contents of the ‘Scheduled Tasks’ folder

2009-05-18 f:windowsTasksMalwarebytes’ Scheduled Scan for Arkady.job
— f:program filesMalwarebytes’ Anti-Malwarembam.exe [2009-05-17 11:32]

2009-05-17 f:windowsTasksMalwarebytes’ Scheduled Update for Arkady.job
— f:program filesMalwarebytes’ Anti-Malwarembam.exe [2009-05-17 11:32]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.apeha.ru
IE: &Экспорт в Microsoft Excel — f:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — f:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — f:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — f:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — f:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — f:program filesDownload Masterdmaster.exe
FF — ProfilePath — f:documents and settingsArkadyApplication DataMozillaFirefoxProfilescgkuhzkg.default
FF — component: f:program filesDAEMON Tools ToolbarFirefoxDTTcomponentsDTToolbarFF.dll
FF — plugin: f:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: f:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 21:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-18 21:08
ComboFix-quarantined-files.txt 2009-05-18 17:08

Pre-Run: 10 059 309 056 байт свободно
Post-Run: 10 391 007 232 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
f:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect

161 — E O F — 2009-05-13 23:01
Автор

Сообщения