• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало
Adguard
 

klimst

  • Профиль
  • Начатые темы
  • Созданные ответы
  • Engagements
  • Избранное

Созданные ответы форума

Просмотр 7 сообщений - с 1 по 7 (из 7 всего)
  • Автор
    Сообщения
  • 26 февраля, 2009 в 9:43 пп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22152
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Спасибо форуму.

    На компьютере были обнаружены:
    Virus.Win32.Sality.aa — Самый тяжкий из них.
    backdoor.win32.IRCBot.htv
    Trojan.Win32.Buzus.amjn
    HEUR:Trojan.Win32.Generic
    Packed.Win32.Klone.bj
    Backdoor.win32.Bifrose.zzv
    Virus.Win32.AutoRun.ezt
    Trojan-Spy.Win32.Goldun.bin
    Trojan-Mailfinder.Win32.Agent.ym
    Trojan-Downloader.Win32.Agent.bfiv
    HackTool.Win32.Kiser
    Trojan-GameThief.Win32.Magania.asvp

    Лечение было произведено при помощи утилиты KIS 2009. Для чего зараженный хард диск был подключен к здоровому компьютеру и пролечен антивирусом.

    25 февраля, 2009 в 9:48 дп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22150
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    А вот еще лог с СomboFix.

    ComboFix 09-02-24.02 — Shtefan 2009-02-25 12:27:04.2 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.478.246 [GMT 3:00]
    Running from: c:documents and settingsShtefanРабочий столComboFix.exe
    AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
    FW: Kaspersky Internet Security *disabled*

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:windowssystemsvhost.exe
    c:windowssystem32driverssysdrv32.sys
    c:windowssystem32sysmgr.exe
    c:windowsTemp63.exe
    F:autorun.inf . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Legacy_SYSDRV32

    Service_sysdrv32

    ((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
    .

    2009-03-21 13:33 . 2009-02-23 17:06

    d

    c:program filestrend micro
    2009-03-21 12:15 . 2009-03-21 12:15     d

    c:documents and settingsAll UsersApplication DataAgnitum
    2009-02-25 12:14 . 2009-02-25 12:14 134,638 —a

    c:documents and settingsShtefan123555324917012.exe
    2009-02-25 11:03 . 2009-02-25 11:03 134,638 —a

    c:documents and settingsShtefan123554899316468.exe
    2009-02-25 08:16 . 2009-02-25 08:16 102,403 —a

    c:windowssystem32msvcrt2.dll
    2009-02-23 22:13 . 2009-02-23 22:13     d

    c:program filesPunto Switcher
    2009-02-23 20:42 . 2009-02-23 20:42     d

    c:program filesWebTransporter Demo
    2009-02-23 17:24 . 2009-02-25 12:22 7,168 —a

    c:windowssystem32driversuti4njyy.sys
    2009-02-23 17:09 . 2009-02-23 17:10     d

    C:AppServ
    2009-02-21 15:40 . 2009-02-21 15:40 250 —a

    c:windowsgmer.ini
    2009-02-21 00:08 . 2009-03-21 14:39     d

    c:program filesXoftSpySE
    2009-02-20 23:00 . 2009-02-20 23:00 121 —a

    c:windowsrootkitno.ini
    2009-02-20 22:35 . 2009-02-20 22:35 (2) -rahs-ot- c:windowswinstart.bat
    2009-02-20 22:34 . 2009-02-21 14:51     d

    c:program filesUnHackMe
    2009-02-20 20:21 . 2009-02-20 20:21 138,734 —a

    c:documents and settingsShtefan123515048615936.exe
    2009-02-20 19:58 . 2009-02-20 19:58 142,830 —a

    c:documents and settingsShtefan123514913617348.exe
    2009-02-20 19:43 . 2009-02-20 19:43 26,624 —a

    c:windowssystem3258.scr
    2009-02-20 19:30 . 2009-02-20 19:30 146,926 —a

    c:documents and settingsShtefan123514743916168.exe
    2009-02-20 19:25 . 2009-02-20 19:25 134,638 —a

    c:documents and settingsShtefan123514715715916.exe
    2009-02-20 19:19 . 2009-02-20 19:19 134,638 —a

    c:documents and settingsShtefan123514679715680.exe
    2009-02-20 19:10 . 2009-02-20 19:10 134,638 —a

    c:documents and settingsShtefan123514621015932.exe
    2009-02-20 18:43 . 2009-02-20 18:43 26,624 —a

    c:windowssystem3225.scr
    2009-02-20 18:38 . 2009-02-20 18:38 26,624 —a

    c:windowssystem3265.scr
    2009-02-20 18:23 . 2009-02-20 18:23 26,624 —a

    c:windowssystem3213.scr
    2009-02-20 18:06 . 2009-02-20 18:06 26,624 —a

    c:windowssystem3208.scr
    2009-02-20 17:43 . 2009-02-20 17:43 26,624 —a

    c:windowssystem3231.scr
    2009-02-20 15:44 . 2001-08-17 21:52 18,688 —a—c— c:windowssystem32dllcachecdaudio.sys
    2009-02-20 15:28 . 2009-02-20 15:28     d

    c:program filesKaspersky Lab
    2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox2.idx
    2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox2.dat
    2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox.idx
    2009-02-20 15:28 . 2009-02-20 15:35 32 —ahs—- c:windowssystem32driversfidbox.dat
    2009-02-20 15:24 . 2009-02-20 15:24     d

    c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
    2009-02-20 01:13 . 2009-02-20 01:13 26,624 —a

    c:windowssystem3253.scr
    2009-02-20 01:05 . 2009-02-20 01:05 26,624 —a

    c:windowssystem3235.scr
    2009-02-20 01:02 . 2009-02-20 01:02 26,624 —a

    c:windowssystem3255.scr
    2009-02-18 22:30 . 2009-02-18 22:30     d—h

    c:windowsPIF
    2009-02-18 17:14 . 2009-02-18 17:14     d—h

    c:windowssystem32GroupPolicy
    2009-02-18 17:01 . 2009-02-18 17:01 26,624 —a

    c:windowssystem3267.scr
    2009-02-18 16:56 . 2009-02-18 16:56 26,624 —a

    c:windowssystem3260.scr
    2009-02-18 16:27 . 2009-02-18 16:27 26,624 —a

    c:windowssystem3286.scr
    2009-02-18 16:11 . 2009-02-18 16:11 26,624 —a

    c:windowssystem3222.scr
    2009-02-18 16:07 . 2009-02-18 16:07 25,983 —a

    c:windowssystem3207.scr
    2009-02-18 13:52 . 2009-02-18 13:52 25,983 —a

    c:windowssystem3248.scr
    2009-02-18 13:46 . 2009-02-18 13:46 25,311 —a

    c:windowssystem3283.scr
    2009-02-18 01:12 . 1998-11-21 22:17 12,800 —a

    c:windowssystem32Wing32.dll
    2009-02-18 01:11 . 2009-02-18 01:11     d

    c:program filesHeroes
    2009-02-17 23:47 . 2009-02-17 23:47 716,272 —a

    c:windowssystem32driverssptd.sys
    2009-02-15 23:15 . 2009-03-21 12:04     d

    c:documents and settingsShtefanApplication DataEltima Software
    2009-02-13 20:43 . 2009-02-16 16:07 10 —a

    c:windowsZendOptimizer.MemoryBase@Shtefan
    2009-02-13 16:27 . 2009-02-23 17:24 9,216 —a

    c:windowssystem32driversuji4njyy.sys
    2009-02-11 00:27 . 2009-02-11 00:27     d

    c:documents and settingsShtefanApplication DataApple Computer
    2009-02-06 01:35 . 2009-02-06 01:41     d

    c:documents and settingsAll UsersApplication DataGlobalSCAPE
    2009-02-06 01:28 . 2009-02-06 14:22     d

    c:program filesGlobalSCAPE
    2009-02-06 01:28 . 2009-02-06 01:41     d

    c:documents and settingsShtefanApplication DataGlobalSCAPE
    2009-02-02 22:28 . 2009-02-02 22:28     d

    c:program filesРуссобит-М
    2009-02-02 17:17 . 2009-02-02 17:17     d

    c:program filesCommon FilesICQ
    2009-02-02 17:17 . 2009-02-23 20:04     d

    c:documents and settingsShtefanApplication DataICQ
    2009-02-02 17:16 . 2009-02-02 17:18     d

    c:program filesICQLite
    2009-01-30 13:27 . 2009-01-30 13:27     d

    c:program filesCommon FilesBcgsoft
    2009-01-28 19:30 . 2009-01-28 19:30     d

    c:program filesMonopoly
    2009-01-26 23:38 . 2009-01-26 23:38 3,041 —a

    C:default
    2009-01-25 16:35 . 2009-01-25 16:35     d

    c:program filesMustek 1200 UB PLUS
    2009-01-25 16:35 . 2000-06-01 14:11 176,128 —a

    c:windowssystem32PuzzSaver.scr
    2009-01-25 16:35 . 2000-06-01 14:10 172,032 —a

    c:windowssystem32SpotSaver.scr
    2009-01-25 16:35 . 1999-12-26 17:35 135,168 —a

    c:windowssystem32ParaSaver.scr
    2009-01-25 16:35 . 2000-08-18 13:57 17,524 —a

    c:windowssystem32driversgt680x.sys
    2009-01-25 16:35 . 2001-11-07 10:10 7,821 —a

    c:windowssystem32driversSBfw.usb
    2009-01-25 15:23 . 2009-01-25 15:23 0 —a

    c:windowsWATCH.INI
    2009-01-25 15:16 . 1995-05-23 00:00 776,240 —a

    c:windowssystemLead52.dll
    2009-01-25 15:16 . 2001-06-18 10:53 57,344 —a

    c:windowssystembpenhan.dll
    2009-01-25 15:16 . 2000-10-24 18:09 19,552 —a

    c:windowssystem32SBUSD.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-25 09:18

    d

    w c:program filessDC++
    2009-02-24 13:12

    d

    w c:documents and settingsShtefanApplication DataSkype
    2009-02-24 13:11

    d

    w c:documents and settingsShtefanApplication DataskypePM
    2009-02-23 17:50

    d

    w c:program filesOpera
    2009-02-23 14:02

    d

    w c:program filesKerio
    2009-02-21 11:52

    d

    w c:program filesQIP
    2009-02-11 12:06

    d—h—w c:program filesInstallShield Installation Information
    2009-01-25 12:35

    d

    w c:program filesiriver
    2009-01-25 12:34

    d

    w c:program filesCommon FilesYandex
    2009-01-23 22:11 1,629 —-a-w c:windowssystem32driversfwdrv.err
    2009-01-12 16:35

    d

    w c:program filescfgame.ru
    2008-12-29 21:26

    d

    w c:program filesKwyshell
    2008-12-25 21:34

    d

    w c:program filesCommon FilesInstallShield
    2008-12-25 17:15 22,131 —-a-w c:windowssystem32ctlsys.dll
    2008-12-06 13:05 410,984 —-a-w c:windowssystem32deploytk.dll
    .

    Sigcheck


    2004-09-17 14:16 503808 a975a70fcefe2a224412214320c89ded c:windowssystem32winlogon.exe

    2004-08-17 14:04 93184 a90929e13ed8753245cd75f5bd1389e2 c:windowssystem32ctfmon.exe
    2004-08-17 14:04 15360 cdc69c55cf6c39162451685020cf6f06 c:windowssystem32dllcachectfmon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 93184]
    «TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2008MemOptimizer.exe» [2007-12-24 198912]
    «Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-06-10 413696]
    «Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 109424]
    «SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-06 210328]
    «GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 100648]
    «SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowsSOUNDMAN.EXE]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 93184]

    c:documents and settingsSunnyrainѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
    clrav.com [2009-02-19 3568672]

    [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciessystem]
    «DisableTaskMgr»= 1 (0x1)
    «DisableRegistryTools»= 1 (0x1)

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
    «WinampAgent»=»c:program filesWinampwinampa.exe»

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    «AntiVirusDisableNotify»=dword:00000001
    «UpdatesDisableNotify»=dword:00000001
    «AntiVirusOverride»=dword:00000001
    «FirewallOverride»=dword:00000001
    «UacDisableNotify»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
    «AntiVirusOverride»=dword:00000001
    «AntiVirusDisableNotify»=dword:00000001
    «FirewallDisableNotify»=dword:00000001
    «FirewallOverride»=dword:00000001
    «UpdatesDisableNotify»=dword:00000001
    «UacDisableNotify»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
    «EnableFirewall»= 0 (0x0)

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
    «c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
    «c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
    «c:\Program Files\QIP Infium\infium.exe»=
    «c:\Program Files\sDC++\StrongDC.exe»=
    «c:\Program Files\Opera\opera.exe»=
    «c:\Program Files\Raymarine\Raymarine RayTech Navigator\raytechnavigator.exe»=
    «c:\Program Files\ICQLite\ICQ.exe»=
    «c:\Program Files\Skype\Phone\Skype.exe»=
    «c:\AppServ\Apache2.2\bin\httpd.exe»=
    «c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe»=
    «c:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe»=
    «c:\WINDOWS\SOUNDMAN.EXE»=
    «c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe»=
    «c:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE»=
    «c:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe»=
    «c:\WINDOWS\System32\58.scr»=
    «c:\WINDOWS\system32\Ati2evxx.exe»=
    «c:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe»=
    «c:\WINDOWS\System32\25.scr»=

    R2 Apache2.2;Apache2.2;c:appservApache2.2binhttpd.exe [2008-01-17 98363]
    R3 abp470n5;abp470n5;??c:windowssystem32driverslllqni.sys —> c:windowssystem32driverslllqni.sys [?]
    R3 W840ND;Winbond W89C840 Based PCI Fast Ethernet адаптер;c:windowssystem32driversW840ND.sys [2008-10-18 19528]
    S2 WindowsTelephony;Windows Telephony;»c:windowssystemsvhost.exe» —> c:windowssystemsvhost.exe [?]
    S3 AVPsys;AVPsys;??c:windowssystem32driverscdaudio.sys —> c:windowssystem32driverscdaudio.sys [?]
    S3 uji4njyy;AVZ-SG Kernel Driver;c:windowssystem32driversuji4njyy.sys [2009-02-13 9216]
    S3 uti4njyy;AVZ Kernel Driver;c:windowssystem32driversuti4njyy.sys [2009-02-23 7168]

    — Other Services/Drivers In Memory —

    *Deregistered* — sfc

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
    UxTuneUp
    .
    Contents of the ‘Scheduled Tasks’ folder

    2009-02-20 c:windowsTasks1-Click Maintenance.job
    — c:program filesTuneUp Utilities 2008OneClick.exe [2007-12-24 08:13]
    .
    — — — — ORPHANS REMOVED — — — —

    HKLM-Run-Microsoft(R) System Manager — c:windowssystem32sysmgr.exe

    .

    Supplementary Scan

    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://search.qip.ru
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
    IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
    IE: Скачать сайт при помощи WebTransporter — c:program filesWebTransporter Demomenu.htm
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-25 12:34:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .

    DLLs Loaded Under Running Processes


    — — — — — — — > ‘winlogon.exe'(560)
    c:windowssystem32Ati2evxx.dll
    .

    Other Running Processes

    .
    c:windowssystem32ati2evxx.exe
    c:windowssystem32ati2evxx.exe
    c:program filesJavajre6binjqs.exe
    c:appservMySQLbinmysqld.exe
    c:windowssystem32wdfmgr.exe
    c:windowssystem32wbemwmiapsrv.exe
    .
    **************************************************************************
    .
    Completion time: 2009-02-25 12:40:49 — machine was rebooted [Shtefan]
    ComboFix-quarantined-files.txt 2009-02-25 09:40:42

    Pre-Run: 9,191,018,496 байт свободно
    Post-Run: 9,171,808,256 байт свободно

    237

    25 февраля, 2009 в 9:17 дп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22149
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    что скажете?

    23 февраля, 2009 в 11:25 дп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22148
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    А вот лог RSIT

    23 февраля, 2009 в 11:07 дп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22147
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Все сделал так как сказали.
    Вот лог от OTMoveIt:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Unable to stop service abp470n5 .
    Unable to stop service sfc .
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FBC934E6-6F95-4742-B6BC-F6E8D854C25D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyctlsys\ deleted successfully.
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableRegistryTools»|0 /E : value set successfully!
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableTaskMgr»|0 /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinrrdfe.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwintotj.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinwgmlb.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempbcvf.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinsbeogw.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinalevc.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxpbg.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinijrh.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempqcwb.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:Program FilesPunto Switcherpunto.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinwjxd.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinigli.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinxwnbq.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Temppudq.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempvkklr.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempnlhvhm.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxuin.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystemsvhost.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempbbyhmj.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinxyvor.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinfjjhxs.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempftxjg.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3286.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3260.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwintvyoh.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxgqs.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwingynbx.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinmvun.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempocyhf.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3267.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxmgewh.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinjlhuqm.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempfofnm.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempmyqu.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempsmcmni.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinfcfkix.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempfxls.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinpbdkjt.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempdidyg.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempsfxkbm.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3255.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3235.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3253.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3285.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwingwobsb.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwylijy.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinqybmio.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempxuucg.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempcggnh.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempfwdwa.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinhwta.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinkbgw.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinbcyphh.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempsdpna.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempnpecmp.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinqgkw.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3231.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem328.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinocxyx.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempdjua.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinoqirh.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3213.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3265.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSSystem3225.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwingwastd.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinjundst.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinppdp.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32sysmgr.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinudmwhq.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempvfrdsb.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:DOCUME~1ShtefanLOCALS~1Tempwinyokhvm.exe deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1ade2b37-9ed8-11dd-b27a-008048db0b36}\ deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{53d26d24-ba36-11dd-b2c0-008048db0b36}\ deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{81711b40-de7b-11dd-b316-008048db0b36}\ deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{af3f22b4-9e06-11dd-b275-008048db0b36}\ deleted successfully.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd8fe6b4-b959-11dd-b2bc-008048db0b36}\ not found.
    ========== FILES ==========
    File/Folder C:WINDOWSsystem32driverssfc.sys not found.
    File/Folder C:WINDOWSsystem32driverslllqni.sys not found.
    File/Folder c:Recycled not found.
    File/Folder E:Recycled not found.
    File/Folder E:3wcxx91.cmd not found.
    File/Folder F:cv22.cmd not found.
    ========== COMMANDS ==========
    File delete failed. C:DOCUME~1ShtefanLOCALS~1Tempkqfr.exe scheduled to be deleted on reboot.
    File delete failed. C:DOCUME~1ShtefanLOCALS~1Tempwinsngvy.exe scheduled to be deleted on reboot.
    User’s Temp folder emptied.
    User’s Temporary Internet Files folder emptied.
    User’s Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:WINDOWStempPerflib_Perfdata_684.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx-j scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004md.dat-j scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004url.ax-j scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004w.ax-j scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps004wb.vx-j scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsShtefanLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
    Opera cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02232009_135018

    21 февраля, 2009 в 12:51 пп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22145
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Просканировал GMER:

    GMER 1.0.14.14536 — http://www.gmer.net
    Rootkit scan 2009-02-21 15:49:11
    Windows 5.1.2600 Service Pack 2

    —- System — GMER 1.0.14 —-

    SSDT SystemRootsystem32driversfwdrv.sys ZwCreateFile [0xF4C7E780]
    SSDT spfl.sys ZwCreateKey [0xF77520E0]
    SSDT SystemRootsystem32driversfwdrv.sys ZwCreateProcess [0xF4C7F2E0]
    SSDT SystemRootsystem32driversfwdrv.sys ZwCreateProcessEx [0xF4C7F210]
    SSDT SystemRootsystem32driversfwdrv.sys ZwCreateThread [0xF4C7F540]
    SSDT spfl.sys ZwEnumerateKey [0xF776FCA2]
    SSDT spfl.sys ZwEnumerateValueKey [0xF7770030]
    SSDT spfl.sys ZwOpenKey [0xF77520C0]
    SSDT spfl.sys ZwQueryKey [0xF7770108]
    SSDT spfl.sys ZwQueryValueKey [0xF776FF88]
    SSDT SystemRootsystem32driversfwdrv.sys ZwResumeThread [0xF4C7F590]
    SSDT spfl.sys ZwSetValueKey [0xF777019A]

    INT 0x62 ? 8538CBF8
    INT 0x73 ? 85222BF8
    INT 0x73 ? 85222BF8
    INT 0x73 ? 85222BF8
    INT 0x73 ? 85222BF8

    —- Kernel code sections — GMER 1.0.14 —-

    ? spfl.sys Не удается найти указанный файл. !
    PAGENDSM NDIS.sys!NdisMIndicateStatus F75B5A5F 6 Bytes JMP F4C7AE90 SystemRootsystem32driversfwdrv.sys
    .text USBPORT.SYS!DllUnload F744762C 5 Bytes JMP 852221D8
    ? C:WINDOWSsystem32driverslllqni.sys Не удается найти указанный файл. !

    —- Kernel IAT/EAT — GMER 1.0.14 —-

    IAT WINDOWSSystem32DriversSCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 853912D8
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7753040] spfl.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775313C] spfl.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F77530BE] spfl.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F77537FC] spfl.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F77536D2] spfl.sys
    IAT SystemRootsystem32DRIVERSUSBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 852222D8
    IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F4C7ADA0] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSirda.sys[NDIS.SYS!NdisDeregisterProtocol] [F4C7ADA0] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F4C7AD70] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F4C7ADA0] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4C7AD00] SystemRootsystem32driversfwdrv.sys
    IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4C7AD20] SystemRootsystem32driversfwdrv.sys

    —- Devices — GMER 1.0.14 —-

    Device FileSystemNtfs Ntfs 8538A1F8
    Device FileSystemFastfat FatCdrom 84F86500

    AttachedDevice DriverTcpip DeviceIp fwdrv.sys
    AttachedDevice DriverTcpip DeviceIp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)

    Device Driverusbohci DeviceUSBPDO-0 852211F8
    Device Driverdmio DeviceDmControlDmIoDaemon 8538D1F8
    Device Driverdmio DeviceDmControlDmConfig 8538D1F8
    Device Driverdmio DeviceDmControlDmPnP 8538D1F8
    Device Driverdmio DeviceDmControlDmInfo 8538D1F8
    Device Driverusbohci DeviceUSBPDO-1 852211F8
    Device Driverusbehci DeviceUSBPDO-2 8520A1F8

    AttachedDevice DriverTcpip DeviceTcp fwdrv.sys
    AttachedDevice DriverTcpip DeviceTcp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)

    Device DriverNetBT DeviceNetBT_Tcpip_{01C01F3C-AF9D-49E3-9D90-2993EF3D3D6E} 8501C500
    Device DriverFtdisk DeviceHarddiskVolume1 8538E1F8
    Device DriverCdrom DeviceCdRom0 851FE500
    Device Driveratapi DeviceIdeIdePort0 8538C1F8
    Device Driveratapi DeviceIdeIdeDeviceP0T0L0-4 8538C1F8
    Device Driveratapi DeviceIdeIdePort1 8538C1F8
    Device Driveratapi DeviceIdeIdeDeviceP0T1L0-c 8538C1F8
    Device DriverUSBSTOR Device0000068 84F78500
    Device DriverUSBSTOR Device0000069 84F78500
    Device DriverNetBT DeviceNetBt_Wins_Export 8501C500
    Device DriverNetBT DeviceNetbiosSmb 8501C500

    AttachedDevice DriverTcpip DeviceUdp fwdrv.sys
    AttachedDevice DriverTcpip DeviceUdp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)
    AttachedDevice DriverTcpip DeviceRawIp fwdrv.sys
    AttachedDevice DriverTcpip DeviceRawIp ntoskrnl.exe (Системный модуль ядра NT/Корпорация Майкрософт)

    Device Driverusbohci DeviceUSBFDO-0 852211F8
    Device Driverusbohci DeviceUSBFDO-1 852211F8
    Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 85197500
    Device Driverusbehci DeviceUSBFDO-2 8520A1F8
    Device FileSystemMRxSmb DeviceLanmanRedirector 85197500
    Device DriverFtdisk DeviceFtControl 8538E1F8
    Device FileSystemFastfat Fat 84F86500
    Device FileSystemCdfs Cdfs 84F94500

    —- Registry — GMER 1.0.14 —-

    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
    Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@304324-?4>4@4B4 1?
    Reg HKLMSYSTEMCurrentControlSetServiceslanmanserverShares@374@484=4B0454@4 CSCFlags=0?MaxUses=4294967295?Path=????????? ? OneNote 2007,LocalsplOnly?Permissions=0?Remark=????????? ? OneNote 2007?Type=1?
    Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
    Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
    Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@304324-?4>4@4B4 1?
    Reg HKLMSYSTEMControlSet002ServiceslanmanserverShares@374@484=4B0454@4 CSCFlags=0?MaxUses=4294967295?Path=????????? ? OneNote 2007,LocalsplOnly?Permissions=0?Remark=????????? ? OneNote 2007?Type=1?
    Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@DeviceNotSelectedTimeout 15
    Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@GDIProcessHandleQuota 10000
    Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@Spooler yes
    Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@swapdisk
    Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@TransmissionRetryTimeout 90
    Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@USERProcessHandleQuota 10000

    —- EOF — GMER 1.0.14 —-

    21 февраля, 2009 в 10:38 дп в ответ на: Помогите! Все запрещено! Дисп.файлов, измен.реестр, антивир. #22144
    klimst
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Скачал снова RSIT Он запустился. Прикрепляю логи.

  • Автор
    Сообщения
Просмотр 7 сообщений - с 1 по 7 (из 7 всего)

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Важные инструкции

вредоносные программы
Как удалить вредоносные программы, лучшие утилиты
Как запустить компьютер в безопасном режиме (Safe Mode)
Нет доступа в интернет после удаления вируса — Как восстановить
Как удалить всплывающие окна
Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)