SPYWARE-RU.COM

Созданные ответы форума

Просмотр 1 сообщения - с 1 по 1 (всего 1)

Автор

Сообщения
22 апреля, 2009 в 6:13 пп в ответ на: порно реклама #23354
makar125@mail.ru
Participant
- Темы:1
- Сообщений:2
Лог от OTMoveIt3 by OldTimer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{068119DB-00E9-416A-AC2E-9F837E6FB3C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAF01C24-2681-4FE6-9EDC-F7772F810E73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DB3645BA-5C28-4E2D-8C99-41DC53D19B7C}\ deleted successfully.
========== FILES ==========
File/Folder C:Documents and SettingsAll UsersApplication Datayvqdiqu.dll not found.
File/Folder C:Documents and SettingsAll UsersApplication Datasowwrqu.dll not found.
File/Folder C:Documents and SettingsAll UsersApplication Dataeurrvqu.dll not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1DE29~1LOCALS~1Temp9.doc scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1DE29~1LOCALS~1Tempetilqs_rWu2Zog31MK78V31QQ9L scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1DE29~1LOCALS~1Temp~DF1D6F.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1DE29~1LOCALS~1Temp~DF20EF.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsЕленаLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultXUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04222009_224955

Files moved on Reboot…
C:DOCUME~1DE29~1LOCALS~1Temp9.doc moved successfully.
File C:DOCUME~1DE29~1LOCALS~1Tempetilqs_rWu2Zog31MK78V31QQ9L not found!
File C:DOCUME~1DE29~1LOCALS~1Temp~DF1D6F.tmp not found!
File C:DOCUME~1DE29~1LOCALS~1Temp~DF20EF.tmp not found!
C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_001_ moved successfully.
C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_002_ moved successfully.
C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_003_ moved successfully.
C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultCache_CACHE_MAP_ moved successfully.
C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaulturlclassifier3.sqlite moved successfully.
C:Documents and SettingsЕленаLocal SettingsApplication DataMozillaFirefoxProfilesbqq0yrnf.defaultXUL.mfl moved successfully.

Новый лог от RSIT

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Елена at 2009-04-22 23:01:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 527 MB (5%) free of 10 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:39, on 22.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSnotepad.exe
C:WINDOWSMixer.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsЕленаРабочий столrsitRSIT.exe
C:Program Filestrend microЕлена.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.zyxel.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} — C:Program FilesAVGAVG8avgssie.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O3 — Toolbar: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKLM..Run: [NwOpenMS] rundll32.exe «C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll»,DllRegisterServer
O4 — HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NVMCTRAY.DLL,NvTaskbarInit
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O18 — Protocol: linkscanner — {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} — C:Program FilesAVGAVG8avgpp.dll
O20 — Winlogon Notify: avgrsstarter — C:WINDOWSSYSTEM32avgrsstx.dll
O23 — Service: AVG Free8 E-mail Scanner (avg8emc) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgemc.exe
O23 — Service: AVG Free8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Driver Helper Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 5505 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [2009-03-11 1078552]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-11 1968920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} — AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-11 1968920]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2003-04-03 4616192]
«nwiz»=nwiz.exe /install []
«C-Media Mixer»=Mixer.exe /startup []
«AVG8_TRAY»=C:PROGRA~1AVGAVG8avgtray.exe [2009-03-11 1932568]
«NwOpenMS»=C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll,DllRegisterServer []
«Cmaudio»=RunDll32 cmicnfg.cpl,CMICtrlWnd []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-06-20 77824]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«NvMediaCenter»=C:WINDOWSsystem32NVMCTRAY.DLL [2003-04-03 49152]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavgrsstarter]
C:WINDOWSsystem32avgrsstx.dll [2009-03-11 10520]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesAVGAVG8avgemc.exe»=»C:Program FilesAVGAVG8avgemc.exe:*:Enabled:avgemc.exe»
«C:Program FilesAVGAVG8avgupd.exe»=»C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe»
«C:Program FilesAVGAVG8avgnsx.exe»=»C:Program FilesAVGAVG8avgnsx.exe:*:Enabled:avgnsx.exe»
«C:WINDOWSsystem32fxsclnt.exe»=»C:WINDOWSsystem32fxsclnt.exe:*:Enabled:Microsoft Fax Console»
«H:sw5fbbinfbserver.exe»=»H:sw5fbbinfbserver.exe:*:Disabled:Firebird SQL Server»
«H:sw5exegnagent.exe»=»H:sw5exegnagent.exe:*:Disabled:Guardant network agent»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cf1e13e6-24e7-11de-a979-00c026a1744b}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

======List of files/folders created in the last 1 months======

2009-04-22 23:01:06 —-D—- C:rsit
2009-04-22 07:30:32 —-D—- C:Program FilesWinRAR
2009-04-18 13:49:26 —-D—- C:Program FilesSpybot — Search & Destroy
2009-04-18 13:49:26 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-04-18 13:35:21 —-D—- C:Documents and SettingsЕленаApplication DataMozilla
2009-04-18 13:34:48 —-D—- C:Program FilesMozilla Firefox
2009-04-18 11:16:26 —-D—- C:WINDOWSpss
2009-04-08 16:45:31 —-D—- C:Program Filesdirectx
2009-04-08 16:45:18 —-A—- C:WINDOWSsystem32fsgscom.dll
2009-04-08 06:46:08 —-D—- C:Program FilesIntel
2009-04-08 06:43:41 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-08 00:37:39 —-D—- C:WINDOWSOPTIONS
2009-04-08 00:20:06 —-D—- C:www.drivermania.ru_realtek_pcie_installshield_5658_061120
2009-04-07 20:04:50 —-D—- C:Program Filestrend micro
2009-04-07 13:11:49 —-RA—- C:WINDOWSsystem32RTLCPAPI.dll
2009-04-07 13:11:47 —-RA—- C:WINDOWSsystem32RTLCPL.EXE
2009-04-07 13:11:37 —-RA—- C:WINDOWSSOUNDMAN.EXE
2009-04-07 10:08:01 —-A—- C:WINDOWSsystem32ventmon.dll
2009-04-07 10:07:57 —-D—- C:Program FilesVenta
2009-04-04 16:38:44 —-D—- C:WINDOWSsystem32FxsTmp
2009-04-04 16:38:33 —-A—- C:WINDOWSsystem32fxssend.exe
2009-04-04 16:38:33 —-A—- C:WINDOWSsystem32fxsroute.dll
2009-04-04 16:38:33 —-A—- C:WINDOWSsystem32fxsperf.ini
2009-04-04 16:38:33 —-A—- C:WINDOWSsystem32fxsclntR.dll
2009-04-04 16:38:33 —-A—- C:WINDOWSsystem32fxscfgwz.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsxp32.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxswzrd.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsui.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxstiff.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxst30.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxssvc.exe
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsst.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsres.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsperf.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsmon.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsext32.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsevent.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsdrv.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxscover.exe
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxscomex.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxscom.dll
2009-04-04 16:37:59 —-A—- C:WINDOWSsystem32fxsclnt.exe
2009-04-04 16:37:56 —-A—- C:WINDOWSsystem32fxsapi.dll
2009-04-01 07:55:48 —-D—- C:WINDOWSSysbckUp
2009-04-01 07:55:48 —-D—- C:Program FilesWinNc 3000
2009-03-31 22:31:29 —-D—- C:Documents and SettingsЕленаApplication DataSWF.max
2009-03-31 22:31:00 —-D—- C:Program FilesSWF.max
2009-03-31 22:11:37 —-A—- C:WINDOWSODBC.INI
2009-03-31 22:09:20 —-D—- C:Program FilesCommon FilesDesigner
2009-03-31 22:08:36 —-D—- C:WINDOWSShellNew
2009-03-31 22:08:17 —-D—- C:Program FilesMicrosoft Office
2009-03-31 21:49:25 —-D—- C:Program Filestotalcmd
2009-03-31 21:49:25 —-A—- C:WINDOWSwincmd.ini
2009-03-31 21:44:51 —-D—- C:WINDOWSProfiles
2009-03-31 21:44:44 —-D—- C:WINDOWSsystem32Adobe
2009-03-31 21:44:44 —-D—- C:Program FilesCommon FilesAdobe
2009-03-31 21:44:44 —-D—- C:Program FilesAdobe
2009-03-31 21:44:44 —-D—- C:Documents and SettingsЕленаApplication DataInterTrust
2009-03-31 21:44:36 —-A—- C:WINDOWSIsUninst.exe
2009-03-31 11:01:45 —-D—- C:Documents and SettingsЕленаApplication DataHelp
2009-03-30 23:54:00 —-D—- C:Documents and SettingsЕленаApplication DataAdobe
2009-03-30 23:48:54 —-D—- C:Documents and SettingsЕленаApplication DataMacromedia
2009-03-30 23:48:48 —-D—- C:Documents and SettingsЕленаApplication DataGoogle
2009-03-30 23:48:25 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2009-03-30 23:48:09 —-D—- C:Program FilesGoogle
2009-03-30 23:07:31 —-D—- C:WINDOWSsystem32NtmsData
2009-03-29 14:08:10 —-D—- C:WINDOWSsystem32CatRoot_bak
2009-03-29 10:11:06 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-03-29 10:10:15 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-03-28 10:25:51 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-03-28 10:25:41 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-28 10:25:19 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-03-28 10:25:08 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-03-28 10:25:00 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-03-28 10:24:54 —-D—- C:WINDOWSsystem32PreInstall
2009-03-28 10:24:53 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-03-28 10:24:52 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-03-28 10:24:45 —-HDC—- C:WINDOWS$NtUninstallKB950760$
2009-03-28 10:24:26 —-N—- C:WINDOWSsystem32spmsg.dll
2009-03-28 10:24:25 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-03-28 10:24:24 —-HD—- C:WINDOWS$hf_mig$
2009-03-26 15:56:55 —-A—- C:WINDOWSIE4 Error Log.txt
2009-03-25 11:18:15 —-D—- C:123
2009-03-23 08:49:30 —-N—- C:WINDOWSsystem32tzchange.exe

======List of files/folders modified in the last 1 months======

2009-04-22 23:01:03 —-D—- C:WINDOWSPrefetch
2009-04-22 22:55:07 —-D—- C:WINDOWSTemp
2009-04-22 22:52:06 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-22 07:30:32 —-RD—- C:Program Files
2009-04-20 17:15:07 —-A—- C:WINDOWSsystem.ini
2009-04-18 14:34:25 —-D—- C:WINDOWS
2009-04-18 14:34:24 —-D—- C:WINDOWSsystem32drivers
2009-04-18 14:34:24 —-D—- C:WINDOWSsystem32
2009-04-18 14:34:00 —-D—- C:Documents and SettingsAll UsersApplication Dataavg8
2009-04-09 22:06:52 —-HD—- C:WINDOWSinf
2009-04-09 21:22:32 —-SHD—- C:WINDOWSInstaller
2009-04-09 08:48:46 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-09 08:48:24 —-A—- C:WINDOWSimsins.BAK
2009-04-08 09:38:48 —-D—- C:database
2009-04-08 09:13:30 —-A—- C:WINDOWSsystem32modemlog.txt
2009-04-08 07:00:45 —-SD—- C:Documents and SettingsЕленаApplication DataMicrosoft
2009-04-07 18:22:58 —-SD—- C:WINDOWSDownloaded Program Files
2009-04-07 13:11:41 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-07 10:07:57 —-A—- C:WINDOWSwin.ini
2009-04-05 18:52:39 —-D—- C:WINDOWSsystem
2009-04-04 17:05:07 —-D—- C:WINDOWSsecurity
2009-04-04 16:38:33 —-D—- C:WINDOWSaddins
2009-04-01 17:48:10 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-01 09:40:32 —-HD—- C:$AVG8.VAULT$
2009-04-01 07:47:43 —-SHD—- C:RECYCLER
2009-04-01 07:36:52 —-A—- C:WINDOWSOEWABLog.txt
2009-04-01 07:35:31 —-D—- C:Documents and Settings
2009-03-31 22:09:56 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-31 22:09:20 —-D—- C:Program FilesCommon Files
2009-03-31 22:08:43 —-RSD—- C:WINDOWSFonts
2009-03-31 22:08:18 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-31 10:05:12 —-D—- C:WINDOWSsystem32CatRoot
2009-03-31 09:49:54 —-D—- C:WINDOWSsystem32Restore
2009-03-31 01:35:13 —-D—- C:WINDOWSsystem32Macromed
2009-03-29 14:08:10 —-D—- C:WINDOWSDebug
2009-03-29 10:11:08 —-D—- C:Program FilesMessenger
2009-03-29 10:10:29 —-D—- C:Program FilesInternet Explorer
2009-03-28 10:25:10 —-D—- C:WINDOWSWinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:WINDOWSSystem32Driversavgldx86.sys [2009-03-11 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:WINDOWSSystem32Driversavgmfx86.sys [2009-03-11 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:WINDOWSSystem32Driversavgtdix.sys [2009-03-26 108552]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-06-20 2324480]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-17 701440]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmaudio.sys [2001-05-26 270667]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys [2002-08-20 417863]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2003-04-03 1265130]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:PROGRA~1AVGAVG8avgemc.exe [2009-03-11 908056]
R2 avg8wd;AVG Free8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2009-03-11 298264]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-17 268288]
S2 NVSvc;NVIDIA Driver Helper Service; C:WINDOWSsystem32nvsvc32.exe [2003-04-03 69632]

EOF

info новый от rsit

info.txt logfile of random’s system information tool 1.06 2009-04-22 23:01:43

======Uninstall list======

—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Aero SWF.max 1.6.860—>C:Program FilesSWF.maxuninstall.exe
AVG 8.5—>C:Program FilesAVGAVG8setup.exe /UNINSTALL
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
NVIDIA Windows 2000/XP Display Drivers—>rundll32.exe C:WINDOWSsystem32nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
Total Commander (Remove or Repair)—>C:Program Filestotalcmdtcuninst.exe
Venta ZVoice 5.6 (удаление/восстановление)—>C:Program FilesVentaVenta ZVoice 5vfuninst.exe
WinNc 3000—>C:Program FilesWinNc 3000SetupSetup.exe
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Куробойка—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll
Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Обновление безопасности для Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Окна и Двери—>C:Program FilesKctWindoors 2.0setup.exe -u

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: 0091BFF321F9490
Event Code: 7036
Message: Служба «Служба сетевого расположения (NLA)» перешла в состояние Работает.

Record Number: 1088
Source Name: Service Control Manager
Time Written: 20090317201414.000000+180
Event Type: информация
User:

Computer Name: 0091BFF321F9490
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.

Record Number: 1087
Source Name: Service Control Manager
Time Written: 20090317201414.000000+180
Event Type: информация
User:

Computer Name: 0091BFF321F9490
Event Code: 7035
Message: Служба «Служба сетевого расположения (NLA)» успешно отправила управляющий элемент «запустить».

Record Number: 1086
Source Name: Service Control Manager
Time Written: 20090317201414.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: 0091BFF321F9490
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».

Record Number: 1085
Source Name: Service Control Manager
Time Written: 20090317201414.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: 0091BFF321F9490
Event Code: 7036
Message: Служба «Совместимость быстрого переключения пользователей» перешла в состояние Работает.

Record Number: 1084
Source Name: Service Control Manager
Time Written: 20090317201414.000000+180
Event Type: информация
User:

=====Application event log=====

Computer Name: 0091BFF321F9490
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 395
Source Name: SecurityCenter
Time Written: 20090404154817.000000+240
Event Type: информация
User:

Computer Name: 0091BFF321F9490
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 394
Source Name: SecurityCenter
Time Written: 20090402202820.000000+240
Event Type: информация
User:

Computer Name: 0091BFF321F9490
Event Code: 1
Message:
Record Number: 393
Source Name: avg8emc
Time Written: 20090402202812.000000+240
Event Type: информация
User:

Computer Name: 0091BFF321F9490
Event Code: 1
Message:
Record Number: 392
Source Name: avg8emc
Time Written: 20090402134444.000000+240
Event Type: информация
User:

Computer Name: 0091BFF321F9490
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 391
Source Name: SecurityCenter
Time Written: 20090402134443.000000+240
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 7, GenuineIntel
«PROCESSOR_REVISION»=0207
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

EOF
Автор

Сообщения

Просмотр 1 сообщения - с 1 по 1 (всего 1)

makar125@mail.ru

Созданные ответы форума

Добро пожаловать

Поиск

Важные инструкции

Как восстановить зашифрованные файлы (Инструкция)

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Как сбросить настройки Firefox (Инструкция)

Удалить всплывающие окна, рекламу, уведомления в Chrome

Как удалить вредоносные программы, лучшие утилиты

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки