SPYWARE-RU.COM

Созданные ответы форума

Просмотр 3 сообщений - с 1 по 3 (из 3 всего)

Автор

Сообщения
2 августа, 2009 в 8:51 пп в ответ на: Рекламные и порно баннеры атакуют #25149
EMZ1T
Participant
- Темы:1
- Сообщений:4
Зашел в Мозиллу Фаерфокс, оттуда порно баннеры никуда не исчезли, хотя при переключении на Оперу (сижу с нее) они пропадают, да и на рабочем столе они больше не появляются
Если возможно-подскажите как вылечить и Мозиллу, поскольку как дополнительный браузер она очень хороша
2 августа, 2009 в 8:28 пп в ответ на: Рекламные и порно баннеры атакуют #25147
EMZ1T
Participant
- Темы:1
- Сообщений:4
Использовал Флеш Дезенфектор, перезагрузил, затем использовал комбофикс с текстовым файлом, получил лог:

ComboFix 08-12-14.05 — Admin 2009-08-02 22:10:05.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.3007.2316 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —

FILE ::
c:program filesAdobeadrouter.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesAdobeadrouter.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-01 20:51 . 2009-08-01 20:51 d

C:Panda Software
2009-08-01 19:07 . 2009-08-01 19:07 d

C:rsit
2009-08-01 19:07 . 2009-08-01 22:17 d

c:program filestrend micro
2009-08-01 17:30 . 2009-08-01 17:30 d

c:documents and settingsAdminApplication DataPCToolsFirewallPlus
2009-08-01 17:25 . 2009-08-01 17:56 d

c:program filesSpyware Doctor
2009-08-01 17:25 . 2009-08-01 20:53 d

c:program filesCommon FilesPC Tools
2009-08-01 17:25 . 2009-08-01 17:25 d

c:documents and settingsAll UsersApplication DataPC Tools
2009-08-01 17:25 . 2009-08-01 17:25 d

c:documents and settingsAdminApplication DataPC Tools
2009-08-01 17:25 . 2008-12-11 08:38 159,600 —a

c:windowssystem32driverspctgntdi.sys
2009-08-01 17:25 . 2009-04-03 10:18 130,936 —a

c:windowssystem32driversPCTCore.sys
2009-08-01 17:25 . 2008-12-18 11:16 73,840 —a

c:windowssystem32driversPCTAppEvent.sys
2009-08-01 17:25 . 2008-12-10 11:36 64,392 —a

c:windowssystem32driverspctplsg.sys
2009-07-31 03:50 . 2009-07-03 18:49 15,688 —a

c:windowssystem32lsdelete.exe
2009-07-31 02:36 . 2009-07-03 18:49 64,160 —a

c:windowssystem32driversLbd.sys
2009-07-31 02:35 . 2009-07-31 02:35 d

c:program filesLavasoft
2009-07-31 02:35 . 2009-07-31 02:35 d

c:documents and settingsAll UsersApplication DataLavasoft
2009-07-31 02:35 . 2009-07-31 02:35 d—h-c— c:documents and settingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-31 02:26 . 2009-07-31 02:53 d

c:program filesGoogle
2009-07-31 01:28 . 2009-07-31 01:38 d

c:program filesAd Muncher
2009-07-31 01:28 . 2009-07-31 01:36 d

c:documents and settingsAll UsersApplication DataAd Muncher
2009-07-30 20:43 . 2009-07-30 22:02 d

c:documents and settingsAdminGoogle
2009-07-26 00:49 . 2009-08-02 22:07 13,880 —a

c:windowssystem32driversCOMFiltr.sys
2009-07-26 00:47 . 2009-08-02 14:11 252,676 —a

c:windowssystem32driversAPPFCONT.DAT.bck
2009-07-26 00:47 . 2009-08-02 14:11 252,676 —a

c:windowssystem32driversAPPFCONT.DAT
2009-07-26 00:47 . 2008-06-18 16:06 193,792 —a

c:windowssystem32driversidsflt.sys
2009-07-26 00:47 . 2008-07-11 14:58 158,848 —a

c:windowssystem32driversNETFLTDI.SYS
2009-07-26 00:47 . 2008-04-28 17:35 84,024 —a

c:windowssystem32driverspavdrv51.sys
2009-07-26 00:47 . 2008-06-25 15:42 73,728 —a

c:windowssystem32driversAPPFLT.SYS
2009-07-26 00:47 . 2008-06-18 16:06 52,992 —a

c:windowssystem32driversdsaflt.sys
2009-07-26 00:47 . 2008-06-18 16:06 46,720 —a

c:windowssystem32driverswnmflt.sys
2009-07-26 00:47 . 2008-03-28 11:25 22,072 —a

c:windowssystem32driversfnetmon.sys
2009-07-26 00:47 . 2009-08-02 22:07 1,132 —a

c:windowssystem32driversAPPFLTR.CFG.bck
2009-07-26 00:47 . 2009-08-02 22:07 1,132 —a

c:windowssystem32driversAPPFLTR.CFG
2009-07-26 00:47 . 2009-07-26 00:47 261 —a

c:windowssystem32PavCPL.dat
2009-07-26 00:46 . 2009-07-26 00:46 d

c:windowssystem32PAV
2009-07-26 00:46 . 2009-07-26 00:46 d

c:documents and settingsAll UsersApplication DataPanda Security
2009-07-26 00:46 . 2009-07-26 00:46 d

c:documents and settingsAdminApplication DataPanda Security
2009-07-26 00:46 . 2008-06-18 18:03 520,448 —a

c:windowssystem32PavSHook.dll
2009-07-26 00:46 . 2003-10-22 18:23 446,464 —a

c:windowssystem32HHActiveX.dll
2009-07-26 00:46 . 2008-06-26 11:25 197,888 —a

c:windowssystem32driversneti1634.sys
2009-07-26 00:46 . 2008-06-24 14:48 193,280 —a

c:windowssystem32TpUtil.dll
2009-07-26 00:46 . 2007-02-08 11:53 107,568 —a

c:windowssystem32SYSTOOLS.DLL
2009-07-26 00:46 . 2009-03-17 19:07 87,296 —a

c:windowssystem32PavLspHook.dll
2009-07-26 00:46 . 2008-03-18 16:58 58,672 —a

c:windowssystem32avldr.dll
2009-07-26 00:46 . 2008-06-18 18:03 55,552 —a

c:windowssystem32pavipc.dll
2009-07-26 00:46 . 2007-03-15 19:38 54,832 —a

c:windowssystem32pavcpl.cpl
2009-07-26 00:46 . 2008-06-19 17:24 28,544 —a

c:windowssystem32driverspavboot.sys
2009-07-26 00:45 . 2009-07-26 00:45 d

c:program filesCommon FilesPanda Security
2009-07-26 00:45 . 2008-02-07 12:03 179,640 —a

c:windowssystem32driversPavProc.sys
2009-07-26 00:45 . 2008-03-04 15:59 41,144 —a

c:windowssystem32driversShlDrv51.sys
2009-07-23 12:02 . 2009-07-23 12:02 d

c:documents and settingsAll UsersApplication DataAdobe Systems
2009-07-23 11:59 . 2009-07-23 11:59 d

c:program filesCommon FilesAdobe Systems Shared
2009-07-22 20:10 . 2009-07-22 20:10 d

c:documents and settingsanimcktfMes documents
2009-07-22 20:10 . 2009-07-22 20:10 d

c:documents and settingsanimcktf
2009-07-21 22:43 . 2009-07-21 22:43 d

c:program filesRambler Assistant
2009-07-21 22:43 . 2009-07-21 22:43 d

c:documents and settingsAdminApplication Datarambler.ru
2009-07-21 22:36 . 2009-07-21 22:47 d

c:program filesICQ6.5
2009-07-05 03:01 . 2009-07-05 03:50 23 —a

c:windowsBlendSettings.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 18:07

d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-08-01 16:00

d

w c:program filesWindows Sidebar
2009-08-01 16:00

d

w c:program filesTotal Commander
2009-08-01 16:00

d

w c:program filesSkype
2009-07-27 16:39

d

w c:documents and settingsAdminApplication DataAny DVD Converter Professional
2009-07-25 20:46

d—h—w c:program filesInstallShield Installation Information
2009-07-25 20:46

d

w c:program filesPanda Security
2009-07-23 07:59

d

w c:program filesCommon FilesAdobe
2009-07-21 18:37

d

w c:program filesICQ6
2009-07-02 21:58

d

w c:program filesAudiograbber
2009-06-25 10:50

d

w c:program filesUnlocker
2009-06-20 19:35

d

w c:documents and settingsAdminApplication DataSkype
2009-06-20 19:34

d

w c:documents and settingsAdminApplication DataskypePM
2009-06-13 08:43 66,872 —-a-w c:windowssystem32PnkBstrA.exe
2009-06-13 08:43 22,328 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-06-13 08:43 103,736 —-a-w c:windowssystem32PnkBstrB.exe
2009-06-08 16:31

d

w c:program filesDump.Ru
2009-06-05 17:05

d

w c:program filesCommon FilesWise Installation Wizard
2009-05-22 23:37 98,304 —-a-w c:windowssystem32qttask.exe
2009-05-14 18:10 87,608 —-a-w c:documents and settingsAdminApplication Datainst.exe
2009-05-14 18:10 47,360 —-a-w c:documents and settingsAdminApplication Datapcouffin.sys
2009-05-05 22:31 2,402,304 —-a-w c:windowssystem32x264vfw.dll
2008-08-03 16:29 1,840,488 —-a-w c:program filesUTool.exe
2006-06-23 06:48 32,768 —-a-r c:windowsinfUpdateUSB.exe
2008-04-14 18:40 161,513 —sha-r c:windowssystem32uibudqew.dll
2009-02-10 17:21 7,248 —sha-r c:windowsXPLifeBackupZeroold1.reg
2009-02-10 17:21 32,454 —sha-r c:windowsXPLifeBackupZeroold2.reg
2008-04-14 18:40 1,571,840 —sha-r c:windowsXPLifeBackupZerosfcfiles.dll
2008-04-14 18:40 219,648 —sha-r c:windowsXPLifeBackupZerouxtheme.dll
2008-04-14 18:38 1,054,208 —sha-r c:windowsXPLifeComBackupcomctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-07-17 1266992]

[HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2009-02-10 30208]
«Sidebar»=»c:program filesWindows SidebarSidebar.exe» [2008-12-15 1272320]
«UberIcon»=»c:windowsXPLifeProgramsUberIconUberIcon.exe» [2008-12-15 167936]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-07-25 3271680]
«DumpRuUploader»=»c:program filesDump.RuDumpRuUploader.exe» [2009-06-08 296448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2006-05-01 843776]
«ioCentre»=»c:geniusioCentregTaskBar.exe» [2006-12-08 241664]
«RemoteControl8″=»c:program filesCyberLinkPowerDVD8PDVD8Serv.exe» [2008-03-20 83240]
«PDVD8LanguageShortcut»=»c:program filesCyberLinkPowerDVD8LanguageLanguage.exe» [2007-12-14 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2008-05-19 91432]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.21RivaTuner.exe» [2008-12-10 2732032]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-12 148888]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-05-01 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-05-01 13750272]
«APVXDWIN»=»c:program filesPanda SecurityPanda Global Protection 2009APVXDWIN.EXE» [2009-07-15 881920]
«SCANINICIO»=»c:program filesPanda SecurityPanda Global Protection 2009Inicio.exe» [2008-07-07 50432]
«Ad Muncher»=»c:program filesAd MuncherAdMunch.exe» [2009-01-27 834560]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2009-07-22 1181064]
«nwiz»=»nwiz.exe» [2009-05-01 c:windowssystem32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2009-02-10 30208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2008-09-17 09:05 210168 c:program filesStardockObject DesktopWindowBlindsWbSrv.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2008-03-18 16:58 58672 c:windowssystem32avldr.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=wbsys.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.hfyu»= huffyuv.dll
«msacm.sl_anet»= c:progra~1ACEMEG~1SystemSsl_anet.acm
«msacm.divxa32″= divxa32.acm
«vidc.iyuv»= c:progra~1ACEMEG~1SystemSInteliyuv_32.dll
«vidc.yvu9″= c:progra~1ACEMEG~1SystemSIntelIyvu9_32.dll
«vidc.uyvy»= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«vidc.yuy2″= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«vidc.yvyu»= c:progra~1ACEMEG~1SystemSMICROS~1msyuv.dll
«msacm.msaudio1″= c:progra~1ACEMEG~1SystemSMICROS~1msaud32.acm
«vidc.3ivx»= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv0″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv1″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3iv2″= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«vidc.3ivd»= c:progra~1ACEMEG~1SystemS3ivx3IVXVF~1.DLL
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«d:\Games 2\Grand Theft Auto IV\LaunchGTAIV.exe»=
«d:\Games 2\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Golden FTP Server Pro\GFTPpro.exe»=
«c:\Program Files\KVIrc\kvirc.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\Program Files\Cerberus\Cerberus.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«4020:TCP»= 4020:TCP:deamhkeq

R0 DigiFilter;DigiFilter;c:windowssystem32driversDigiFilt.sys [2009-03-31 16384]
R0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys [2009-07-31 64160]
R0 pavboot;Panda boot driver;c:windowssystem32Driverspavboot.sys [2009-07-26 28544]
R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-08-01 130936]
R1 appdrv01;Application Driver (01);c:windowssystem32Driversappdrv01.sys [2009-04-24 3110512]
R1 APPFLT;App Filter Plugin;??c:windowssystem32DriversAPPFLT.SYS [2009-07-26 73728]
R1 DSAFLT;DSA Filter Plugin;??c:windowssystem32DriversDSAFLT.SYS [2009-07-26 52992]
R1 FNETMON;NetMon Filter Plugin;??c:windowssystem32Driversfnetmon.SYS [2009-07-26 22072]
R1 IDSFLT;Ids Filter Plugin;??c:windowssystem32DriversIDSFLT.SYS [2009-07-26 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];??c:windowssystem32DriversNETFLTDI.SYS [2009-07-26 00:47:03 158848]
R1 pctgntdi;pctgntdi;??c:windowssystem32driverspctgntdi.sys [2009-08-01 159600]
R1 ShldDrv;Panda File Shield Driver;c:windowssystem32DRIVERSShlDrv51.sys [2009-07-26 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;??c:windowssystem32DriversWNMFLT.SYS [2009-07-26 46720]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};??c:program filesCyberLinkPowerDVD8000.fcl [2008-05-15 13:07:00 61424]
R2 Gwmsrv;Panda Goodware Cache Manager;c:windowssystem32svchost -k Panda []
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;»c:program filesLavasoftAd-AwareAAWService.exe» [2009-07-03 1029456]
R2 PavProc;Panda Process Protection Driver;??c:windowssystem32DRIVERSPavProc.sys [2009-07-26 179640]
R2 PskSvcRetail;Panda PSK service;»c:program filesPanda SecurityPanda Global Protection 2009PskSvc.exe» [2009-07-26 28928]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2009-08-01 348752]
R3 AvFlt;Antivirus Filter Driver;c:windowssystem32driversav5flt.sys []
R3 gHidPnp;USB Device Enhanced Function Driver;c:windowssystem32DriversgHidPnp.Sys [2008-12-26 14848]
R3 gMouUsb;USB Mouse Device Drv;c:windowssystem32DRIVERSgMouUsb.sys [2008-12-26 9984]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:windowssystem32DRIVERSneti1634.sys [2009-07-26 197888]
R3 PavSRK.sys;PavSRK.sys;??c:windowssystem32PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;??c:windowssystem32PavTPK.sys []
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc []
S2 gupdate1ca1164cae9936c;Google Update Service (gupdate1ca1164cae9936c);»c:program filesGoogleUpdateGoogleUpdate.exe» /svc [2009-07-31 133104]
S2 kbrrna;Security Center;c:windowssystem32svchost.exe -k netsvcs [2004-08-18 14336]
S2 ocxobwf;Installer Support;c:windowssystem32svchost.exe -k netsvcs [2004-08-18 14336]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-11-13 9216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
panda REG_MULTI_SZ Gwmsrv

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ocxobwf

*Newly Created Service* — CATCHME
.
Contents of the ‘Scheduled Tasks’ folder

2009-07-30 c:windowsTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-07-03 18:49]

2009-08-02 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-31 02:26]

2009-08-02 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-31 02:26]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.yandex.ru?clid=27130
mStart Page = hxxp://www.yandex.ru?clid=27130
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Перевести — c:program filesArsenal CompanySOCRAT InternetHTMLWSocrat.js
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_frame
IE: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_image
IE: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_link
IE: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=5B945HXJ&id=menu_ie_report
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU5090.dll/dic.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe —
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — {A3400175-12F9-4220-83BF-A7210CA4003E} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
TCP: {E85B15CC-E148-49DF-B86A-2FFE78AFE8F6} = 172.16.0.4 172.16.0.2
FF — ProfilePath — c:documents and settingsAdminApplication DataMozillaFirefoxProfiles9vf96daw.default
FF — prefs.js: browser.search.selectedEngine — Rambler
FF — prefs.js: browser.startup.homepage — http://www.yandex.ru
FF — plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 22:10:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(1236)
c:windowssystem32avldr.dll
c:windowssystem32cscui.dll
c:program filesStardockObject DesktopWindowBlindswbsrv.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(1292)
c:windowssystem32relog_ap.dll
.
Completion time: 2009-08-02 22:11:13
ComboFix-quarantined-files.txt 2009-08-02 18:11:06
ComboFix2.txt 2009-08-01 17:58:09

Pre-Run: 3 451 559 936 байт свободно
Post-Run: 3,440,336,896 байт свободно

302

комбофикс все вылечил, спасибо вам и вашему сайту за помощь!
1 августа, 2009 в 6:18 пп в ответ на: Рекламные и порно баннеры атакуют #25145
EMZ1T
Participant
- Темы:1
- Сообщений:4
Нашел сейчас в корневом каталоге файл info.txt

info.txt logfile of random’s system information tool 1.06 2009-08-01 19:07:46

======Uninstall list======

«Oblivion — Knights of the Nine» версии 1.00.0000—>»E:GamesDataKotnunins000.exe»
«Oblivion — Shivering Isles» версии 1.2.0416—>»E:GamesShIslesunins000.exe»
—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {10B5F4EF-C4DC-47AF-913B-EAF05C69C852}
—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}
—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {00E877D5-CDF8-4DDC-9AE0-E541B4BB6487}
—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {2A33A0C2-2B09-446E-9022-1508A85ECD2D}
—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3520B304-0EF8-475D-8C52-47ABCCC75FC6}
—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5C395839-FBA5-49C5-923A-787665D5E128}
—>MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A74354BF-086F-40D7-AB20-DB8703FC92C0}Setup.exe» -l0x19
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
50 FREE MP3s +1 Free Audiobook!—>»C:Program FilesWinampeMusicUninst-eMusic-promotion.exe»
ACE Mega CoDecS Pack—>»C:Program FilesACE Mega CoDecS Packunins000.exe»
Acronis True Image Home—>MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Ad Muncher v4.72 Build 30400—>»C:Program FilesAd MuncherAM-Install.exe» /P «InstallerAction=Uninstall» /P «InstallTarget=C:Program FilesAd Muncher»
Ad-Aware—>»C:Documents and SettingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}Ad-AwareAE.exe» REMOVE=TRUE MODIFY=FALSE
Ad-Aware—>C:Documents and SettingsAll UsersApplication Data{EF63305C-BAD7-4144-9208-D65528260864}Ad-AwareAE.exe
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0—>msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11—>C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AdStopper 1.17—>»C:Program FilesAdStopperunins000.exe»
Alky for Applications—>MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Antares Autotune VST RTAS TDM v5.08—>»C:Program FilesAntares Audio Technologiesunins000.exe»
Antares Autotune VST v5.09—>»C:Program FilesAntares Audio TechnologiesUninstallunins000.exe»
Any DVD Converter Professional 3.5.3—>»C:Program FilesAny DVD Converter Professionalunins000.exe»
ASIO4ALL—>C:Program FilesASIO4ALL v2uninstall.exe
AsusUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}setup.exe» -l0x9
AusLogics BoostSpeed—>»C:Program FilesAuslogicsAusLogics BoostSpeedunins000.exe»
Cerberus FTP Server—>MsiExec.exe /I{6C978B4D-5819-4D13-85BC-89527A7F665E}
Collab—>C:Program FilesImage-LineCollabuninstall.exe
CPU-Z and GPU-Z—>C:Program FilesCPU-ZUninstall.exe
CyberLink PowerDVD 8—>»C:Program FilesInstallShield Installation Information{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}setup.exe» /z-uninstall
Daemon Tools Lite—>rundll32.exe advpack.dll,LaunchINFSection dtools.inf,Uninstall
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
DEVIL MAY CRY 4—>MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
Digidesign Free Bomb Factory Plug-Ins 7.4—>C:Program FilesInstallShield Installation Information{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Pro Tools M-Powered 7.4cs2—>C:Program FilesInstallShield Installation Information{14AA664E-9BFA-44C4-A083-83A2998679BA}setup.exe -runfromtemp -l0x0009 -removeonly
Digidesign Shared Plug-Ins 7.4—>C:Program FilesInstallShield Installation Information{AFE354A5-640F-4A23-94C8-0B441E8967CA}Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Double Vibration Controller 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E22F239F-953C-4C6C-8CAC-2CE1C26CCB2D}Setup.exe» -l0x9
Download Master 5.5.5.1135—>»C:Program FilesDownload Masterunins000.exe»
Dump.ru file uploader—>C:Program FilesDump.RuDumpRuUploader.exe -uninstall
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.0—>»C:Program FilesDVDFab 5unins000.exe»
Fallout 3 v1.0—>»D:Games 2Fallout 3unins000.exe»
Fast Audio Converter version 1.4—>»C:Program FilesLitexMediaFast Audio Converterunins000.exe»
FL Studio 8—>C:Program FilesImage-LineFL Studio 8uninstall.exe
Flash Player Pro—>C:Program FilesFlash Player ProUninstall.exe
Fraps—>»C:Frapsuninstall.exe»
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV—>»C:Program FilesInstallShield Installation Information{579BA58C-F33D-4970-9953-B94B43768AC3}setup.exe» -runfromtemp -l0x0019 -removeonly
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
IL Download Manager—>C:Program FilesImage-LineDownloaderuninstall.exe
Interlok driver setup x32—>MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
ioCentre—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}Setup.exe» -l0x19
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 4.8.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
KVIrc—>»C:Program FilesKVIrcuninstall.exe»
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office Access 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ACCESS /dll OSETUP.DLL
Microsoft Office Access 2007—>MsiExec.exe /X{90120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007—>MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OUTLOOK /dll OSETUP.DLL
Microsoft Office Outlook 2007—>MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007—>MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio MUI (Russian) 2007—>MsiExec.exe /X{90120000-0054-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007—>MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Профессиональный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Word 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007—>MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8 Lite v8.3.6.0—>»C:Program FilesNerounins000.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite—>MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
Norton Security Scan (Symantec Corporation)—>»C:Program FilesCommon FilesSymantec SharedNSSSetup{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0NSSSetup.exe» /X
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Oblivion mod manager 1.1.11—>»E:Gamesobmmuninstallunins000.exe»
Oblivion—>C:Program FilesInstallShield Installation Information{7EE1AAD4-0E84-4A90-8614-AA6E4E9764D4}setup.exe
Opera 9.64—>MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Panda Global Protection 2009—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{81A25967-DB85-4B48-A8A7-D25AC191DEE4}SETUP.exe» -l0x19 -removeonly
PC Connectivity Solution—>MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PC Tools Firewall Plus 5.0—>C:Program FilesPC Tools Firewall Plusunins000.exe /LOG
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PoiZone—>C:Program FilesImage-LinePoiZoneuninstall.exe
Prince of Persia—>»D:Games 2Prince of Persiaunins000.exe»
Rainlendar2 (remove only)—>»C:Program FilesRainlendar2uninst.exe»
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
Real Desktop 1.42 Light—>»C:Program FilesReal Desktopunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
RivaTuner v2.21—>»C:Program FilesRivaTuner v2.21uninstall.exe»
River Past Wave@MP3—>C:WINDOWSWave@MP3 Uninstaller.exe
Rockstar Games Social Club—>»C:Program FilesInstallShield Installation Information{08B3869E-D282-424C-9AFC-870E04A4BA14}setup.exe» -runfromtemp -l0x0019 -removeonly
Skype—>C:Program FilesSkypeUninstall.exe
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x19 -removeonly
Spyware Doctor 6.1—>C:Program FilesSpyware Doctorunins000.exe /LOG
TL Space Native 7.4—>C:Program FilesInstallShield Installation Information{A09ABB28-33D6-4662-8282-C46D480BE863}setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Total Commander—>C:Program FilesTotal CommanderUninstall.exe
Toxic Biohazard—>C:Program FilesImage-LineToxic Biohazarduninstall.exe
UltraISO Premium (only 32bit) v9.3.0.2612—>»C:Program FilesUltraISOunins000.exe»
Unlocker—>C:Program FilesUnlockeruninst.exe
Visual C++ 2008 x86 Runtime — (v9.0.30729)—>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime — v9.0.30729.01—>C:WINDOWSsystem32msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=»»
VKLife 1.7.2—>»C:Program FilesVKLifeunins000.exe»
VKLife 1.9—>»C:VKLifeunins000.exe»
VKontakte IE Toolbar 0.1—>»C:Program FilesVKontakte IE Toolbarunins000.exe»
VLC—>C:Program FilesVLCUninstall.exe
Warp VST V1.0—>C:PROGRA~1VSTPLU~1WARPVS~1.0UNWISE.EXE C:PROGRA~1VSTPLU~1WARPVS~1.0INSTALL.LOG
Winamp Remote—>»C:Program FilesWinamp Remoteuninstall.exe»
Winamp Toolbar for Firefox—>»extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}uninstall.exe»
Winamp Toolbar for Internet Explorer—>»C:Program FilesWinamp Toolbaruninstall.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Ведьмак: Дополненное издание — Побочные эффекты—>»C:Program FilesInstallShield Installation Information{6D93BD2D-BA71-491A-926C-37FE1580CEE0}setup.exe» -runfromtemp -l0x0019 -removeonly
Ведьмак: Дополненное издание — Цена нейтралитета—>»C:Program FilesInstallShield Installation Information{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}setup.exe» -runfromtemp -l0x0019 -removeonly
Ведьмак—>»C:Program FilesInstallShield Installation Information{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}setup.exe» -runfromtemp -l0x0019 -removeonly
Интернет помощник MyCentria—>C:Program FilesMyCentriaMyCentriaUninstall.exe
Пакет драйверов Windows — Nokia Modem (05/22/2008 3.8)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181Enokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (05/22/2008 7.00.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9nokbtmdm.inf
Пакет драйверов Windows — Nokia pccsmcfd (10/12/2007 6.85.4.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175pccsmcfd.inf
С.Т.А.Л.К.Е.Р. — Чистое Небо [v1.0009]—>»E:GamesС.Т.А.Л.К.Е.Р. — Чистое Небоunins000.exe»
СОКРАТ Интернет 3.0 Полиглот—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1CE8874-17FC-4646-81F5-BA704330CD72}setup.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Удаление драйвера Xerox WorkCentre 3119 Series—>»C:WINDOWSXeroxWC3119setup.exe» /UNINSTALL /L0019
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»

======Hosts File======

127.0.0.1 xxxruzone.com
0.0.0.0 popunder.ru awq.popunder.ru

======Security center information======

AV: Panda Global Protection 2009
FW: PC Tools Firewall Plus
FW: Panda Personal Firewall 2009

======System event log======

Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.

Record Number: 357
Source Name: Service Control Manager
Time Written: 20090623201925.000000+240
Event Type: информация
User:

Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.

Record Number: 356
Source Name: Service Control Manager
Time Written: 20090623201919.000000+240
Event Type: информация
User:

Computer Name: EMZ1T
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».

Record Number: 355
Source Name: Service Control Manager
Time Written: 20090623201919.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.

Record Number: 354
Source Name: Service Control Manager
Time Written: 20090623200802.000000+240
Event Type: информация
User:

Computer Name: EMZ1T
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.

Record Number: 353
Source Name: Service Control Manager
Time Written: 20090623200756.000000+240
Event Type: информация
User:

=====Application event log=====

Computer Name: EMZ1T
Event Code: 64192
Message: Unexpected failure scanning file C:WINDOWSSYSTEM32DRIVERSAV5FLT.SYS.

If the problem persists, please contact with support.

Record Number: 1343
Source Name: Sentinel
Time Written: 20090129204107.000000+180
Event Type: ошибка
User:

Computer Name: EMZ1T
Event Code: 4000
Message: The Panda Anti-virus Service has started successfully.

Record Number: 1342
Source Name: Sentinel
Time Written: 20090129204056.000000+180
Event Type: информация
User:

Computer Name: EMZ1T
Event Code: 0
Message:
Record Number: 1341
Source Name: Panda Software Controller
Time Written: 20090129204038.000000+180
Event Type: информация
User:

Computer Name: EMZ1T
Event Code: 1000
Message: Ошибка приложения , версия 0.0.0.0, модуль unknown, версия 0.0.0.0, адрес 0x00000000.

Record Number: 1340
Source Name: Application Error
Time Written: 20090129203756.000000+180
Event Type: ошибка
User:

Computer Name: EMZ1T
Event Code: 1004
Message: Ошибка приложения svchost.exe, версия 0.0.0.0, модуль unknown, версия 0.0.0.0, адрес 0x00000000.

Record Number: 1339
Source Name: Application Error
Time Written: 20090129194536.000000+180
Event Type: ошибка
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:PROGRAM FILESPC CONNECTIVITY SOLUTION;%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESALKY FOR APPLICATIONSLIBRARIES;C:Program FilesPanda SecurityPanda Global Protection 2009
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=0f06
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«RGSCLauncher»=C:Program FilesRockstar GamesRockstar Games Social Club
«RGSC»=C:Program FilesRockstar GamesRockstar Games Social Club1_0_0_0

EOF
Автор

Сообщения

Просмотр 3 сообщений - с 1 по 3 (из 3 всего)

EMZ1T

Созданные ответы форума

Добро пожаловать

Поиск

Важные инструкции

Как удалить всплывающие окна

Удалить вирус, всплывающие окна и рекламу в Mac OS X

Какой лучший антивирус ? Как выбрать антивирус ?

Удалить всплывающие окна, рекламу, уведомления в Chrome

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки