Созданные ответы форума
-
Сообщения
-
Валерий, огромное Вам спасибо за помощь и советы! Очень рада что нашла ваш форум 🙂
Нет, он вначале начинает перезагружать, т.е. завершает работу windows, экран гаснет, а потом не может загрузиться((( Белый экран, написано asus. Так опять было после сканирования ComboFix. Сейчас попыталась снова перезагрузить, всё нормально 🙄
Валерий, а то что я загрузила нужно оставить на компьютере? (RSIT, Flash_Disinfector, OTMoveIt3, ComboFix, Malwarebytes’ Anti-Malware). И WindowsXP-KB310994-SP2-Pro-BootDisk-RUS оставлять? В дальнейшем как часто Вы советуете проверять и лечить компьютер и какой программой?ComboFix 09-05-19.08 — User 20.05.2009 19:01.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1023.635 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesInternet Explorermsimg32.dll
c:windowsIE4 Error Log.txt.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.2009-05-19 11:04 . 2009-05-19 11:04
d-s—w c:documents and settingsUserUserData
2009-05-18 12:57 . 2009-05-18 12:57
d
w C:_OTMoveIt
2009-05-13 16:12 . 2009-05-13 16:12
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-05-13 16:12 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-05-13 16:12 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-05-13 16:12 . 2009-05-13 16:12
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-13 16:12 . 2009-05-13 16:12
d
w c:program filesMalwarebytes’ Anti-Malware
2009-05-11 14:31 . 2009-05-11 14:31
d
w c:documents and settingsUserLocal SettingsApplication DataWMTools Downloaded Files
2009-05-11 14:22 . 2009-05-18 15:21
d
w c:program filestrend micro
2009-05-11 14:22 . 2009-05-11 14:22
d
w C:rsit
2009-05-11 13:56 . 2009-05-11 13:56 0 —-a-w C:backup.reg.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 13:27 . 2006-11-24 08:38
d
w c:program filesCASIO
2009-05-11 13:27 . 2006-10-17 12:34
d—h—w c:program filesInstallShield Installation Information
2009-03-31 07:58 . 2004-08-18 12:00 65818 —-a-w c:windowssystem32perfc019.dat
2009-03-31 07:58 . 2004-08-18 12:00 424538 —-a-w c:windowssystem32perfh019.dat
2009-03-27 09:44 . 2009-03-27 09:44
d
w c:program filesK-Lite Codec Pack
2009-03-25 08:43 . 2009-03-25 08:41
d
w c:program filesICQ6.5
2009-03-25 08:42 . 2009-03-25 08:42
d
w c:program filesICQ6Toolbar
2009-03-25 08:42 . 2008-02-13 10:07
d
w c:program filesICQ6
2009-03-14 16:52 . 2009-03-14 16:52 127 —-a-w c:documents and settingsUserLocal SettingsApplication Datafusioncache.dat
2004-08-18 12:00 . 2004-08-18 12:00 1392671 —sh—r c:windowssystem32msvbvm60.dll
2006-10-17 12:34 . 2006-10-17 12:34 10 —sh—r c:windowssystem32sistem.sys
.
Sigcheck
[-] 2008-04-14 16:11 509440 B3B5D5855127E240C88451030AAEE76E c:windowsSoftwareDistributionDownloadf0863ff04d4c2c949d9b79bc2578502bwinlogon.exe
[-] 2006-10-17 08:16 503808 A975A70FCEFE2A224412214320C89DED c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
«ICQ»=»c:program filesICQ6.5ICQ.exe» [2009-03-01 172792][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-03-09 7561216]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-03-09 86016]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-03-31 6210744]
«EPSON Stylus CX4700 Series»=»c:windowsSystem32spoolDRIVERSW32X863E_FATIADP.EXE» [2005-02-02 98304]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2007-04-27 282624][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settingsUserѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-3-16 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
APC UPS Status.lnk — c:program filesAPCAPC PowerChute Personal EditionDisplay.exe [2006-11-12 221247][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [25.03.2009 12:42 222456]
S3 zdcdcdrv;ZyXEL USB modem Driver;c:windowssystem32driverszdcdcdrv.sys [10.11.2006 1:49 17664]
.
Contents of the ‘Scheduled Tasks’ folder2009-04-29 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-01-10 11:42]
.
— — — — ORPHANS REMOVED — — — —Notify-WgaLogon — (no file)
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uInternet Settings,ProxyServer = 212.15.127.55:8080
IE: &Search
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
TCP: {78A1CBD7-148F-4AD8-9E0E-16E35EEE372C} = 212.15.127.1,212.15.122.253
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 19:01
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files:**************************************************************************
.
Completion time: 2009-05-20 19:02
ComboFix-quarantined-files.txt 2009-05-20 15:02Pre-Run: 40 738 443 264 байт свободно
Post-Run: 40 862 400 512 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect113 — E O F — 2009-03-31 07:54
Компьютер почему то бывает с первого раза не перегружается, только со второго.
И ещё раньше когда было 2 пользователя, то при переключении пользователей вообще экран становился полностью черным и ни на что не реагировал((( Приходилось грубо перезагружать. В итоге оставили одного пользователя, второго снесли(((. Но работать с одним не очень удобно.
Не подскажете что это может быть?Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-18 17:10:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (78%) free of 50 GB
Total RAM: 1023 MB (64% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:18, on 18.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:WINDOWSATKKBService.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.15.127.55:8080
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [EPSON Stylus CX4700 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE /P26 «EPSON Stylus CX4700 Series» /O6 «USB001» /M «Stylus CX4700»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..RunOnce: [OTMoveIt] C:Documents and SettingsUserРабочий столOTMoveIt3.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: APC UPS Status.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
O16 — DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=67633
O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 — HKLMSystemCCSServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
O17 — HKLMSystemCS1ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
O17 — HKLMSystemCS2ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINDOWSATKKBService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8291 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-03-09 7561216]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-03-09 86016]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
«EPSON Stylus CX4700 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE [2005-02-02 98304]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-04-27 282624][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«OTMoveIt»=C:Documents and SettingsUserРабочий столOTMoveIt3.exe [2009-05-18 389632][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exeC:Documents and SettingsUserГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-05-18 16:57:58 —-D—- C:_OTMoveIt
2009-05-18 16:48:43 —-RASHD—- C:autorun.inf
2009-05-13 20:12:35 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-05-13 20:12:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-05-13 20:12:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-11 18:22:42 —-D—- C:rsit
2009-05-11 18:22:42 —-D—- C:Program Filestrend micro
2009-05-11 11:38:16 —-A—- C:WINDOWSsystem32log.txt======List of files/folders modified in the last 1 months======
2009-05-18 17:00:15 —-D—- C:WINDOWSTemp
2009-05-18 16:57:09 —-D—- C:WINDOWSPrefetch
2009-05-18 16:55:56 —-D—- C:WINDOWS
2009-05-18 16:53:25 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-18 11:08:28 —-D—- C:WINDOWSsystem32
2009-05-13 21:07:53 —-RD—- C:Program Files
2009-05-13 21:05:11 —-SHD—- C:WINDOWSInstaller
2009-05-13 21:04:56 —-HD—- C:WINDOWSinf
2009-05-13 21:04:56 —-D—- C:WINDOWSsystem32drivers
2009-05-13 21:04:52 —-D—- C:WINDOWSsystem32CatRoot2
2009-05-11 17:27:38 —-D—- C:Program FilesCASIO
2009-05-11 17:27:09 —-HD—- C:Program FilesInstallShield Installation Information
2009-05-11 11:37:55 —-D—- C:Program FilesCommon Files
2009-05-07 16:38:43 —-D—- C:Documents and SettingsUserApplication DatauTorrent======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-03-09 3650368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-04-06 81664]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-18 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWSsystem32DRIVERSHidBatt.sys [2001-08-17 19200]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
S3 QV2KUX;Casio цифровая камера; C:WINDOWSsystem32DRIVERSqv2kux.sys [2001-08-17 3328]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023k.sys [2002-08-12 11136]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
R2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWSATKKBService.exe [2005-10-18 241152]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-03-09 143436]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-12-27 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-03-18 138168]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
EOF
Лог OTMoveIt3
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========ServiceDriver System Scheduler deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d02a56f1-a0e4-11dd-92e1-001731823e02}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fe9c3a02-fe6e-11dc-9291-001731823e02}\ deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSOffline Web Pagessvchost.exe not found.
File/Folder c:recycledsys.exe not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1UserLOCALS~1TempJET639C.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1Temp~DFEC89.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5YH2FCZSVviewtopic[1].php scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05182009_165758
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-13 20:39:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 38 GB (77%) free of 50 GB
Total RAM: 1023 MB (66% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:53, on 13.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesESETESET Smart Securityegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:WINDOWSATKKBService.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:WINDOWSsystem32wuauclt.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 212.15.127.55:8080
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [EPSON Stylus CX4700 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE /P26 «EPSON Stylus CX4700 Series» /O6 «USB001» /M «Stylus CX4700»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: APC UPS Status.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
O16 — DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=67633
O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 — HKLMSystemCCSServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
O17 — HKLMSystemCS1ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
O17 — HKLMSystemCS2ServicesTcpip..{78A1CBD7-148F-4AD8-9E0E-16E35EEE372C}: NameServer = 212.15.127.1,212.15.122.253
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINDOWSATKKBService.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: System Scheduler — Unknown owner — C:WINDOWSOffline Web Pagessvchost.exe (file missing)
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8785 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-03-18 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-03-09 7561216]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-03-09 86016]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
«EPSON Stylus CX4700 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIADP.EXE [2005-02-02 98304]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-04-27 282624]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-06-10 1447168][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exeC:Documents and SettingsUserГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoFolderOptions»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d02a56f1-a0e4-11dd-92e1-001731823e02}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fe9c3a02-fe6e-11dc-9291-001731823e02}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe======List of files/folders created in the last 1 months======
2009-05-13 20:12:35 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-05-13 20:12:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-05-13 20:12:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-11 18:22:42 —-D—- C:rsit
2009-05-11 18:22:42 —-D—- C:Program Filestrend micro
2009-05-11 11:38:16 —-A—- C:WINDOWSsystem32log.txt======List of files/folders modified in the last 1 months======
2009-05-13 20:39:38 —-D—- C:WINDOWSTemp
2009-05-13 20:38:17 —-RD—- C:Program Files
2009-05-13 20:38:17 —-D—- C:WINDOWSsystem32drivers
2009-05-13 20:36:06 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-13 20:35:55 —-D—- C:WINDOWSPrefetch
2009-05-13 20:35:21 —-D—- C:WINDOWSsystem32
2009-05-11 17:32:58 —-SHD—- C:WINDOWSInstaller
2009-05-11 17:27:38 —-D—- C:Program FilesCASIO
2009-05-11 17:27:09 —-HD—- C:Program FilesInstallShield Installation Information
2009-05-11 17:18:23 —-D—- C:WINDOWS
2009-05-11 17:07:19 —-D—- C:Program FilesЭнциклопедия пиратства
2009-05-11 11:37:55 —-D—- C:Program FilesCommon Files
2009-05-07 16:38:43 —-D—- C:Documents and SettingsUserApplication DatauTorrent======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-06-10 53256]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-06-10 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-06-10 39944]
R2 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-06-10 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-06-10 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-18 9600]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-03-09 3650368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-04-06 81664]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-18 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWSsystem32DRIVERSHidBatt.sys [2001-08-17 19200]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-18 12160]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
S3 QV2KUX;Casio цифровая камера; C:WINDOWSsystem32DRIVERSqv2kux.sys [2001-08-17 3328]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023k.sys [2002-08-12 11136]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
R2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWSATKKBService.exe [2005-10-18 241152]
R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-06-10 468224]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-03-09 143436]
S2 System Scheduler;System Scheduler; C:WINDOWSOffline Web Pagessvchost.exe []
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-12-27 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-06-10 19200]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-03-18 138168]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
EOF
Огромное спасибо за быстрый ответ! Проделала всё что Вы просили.
Malwarebytes’ Anti-Malware 1.36
Версия базы данных: 2124
Windows 5.1.2600 Service Pack 213.05.2009 20:35:21
mbam-log-2009-05-13 (20-35-21).txt
Тип проверки: Полная (C:|D:|E:|F:|)
Проверено объектов: 161867
Прошло времени: 19 minute(s), 59 second(s)Заражено процессов в памяти: 3
Заражено модулей в памяти: 1
Заражено ключей реестра: 154
Заражено значений реестра: 13
Заражено параметров реестра: 5
Заражено папок: 23
Заражено файлов: 104Заражено процессов в памяти:
C:program filesInternet Antivirus ProIAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.
C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe (Trojan.Agent) -> Unloaded process successfully.
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe (Trojan.FakeAlert) -> Unloaded process successfully.Заражено модулей в памяти:
C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (Adware.MyWeb) -> Delete on reboot.Заражено ключей реестра:
HKEY_CLASSES_ROOTCLSID{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTfunwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTmywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTscreensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTscreensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesITGrdEngine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternet antivirus pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesitgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002Servicesitgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTMIMEDatabaseContent Typeapplication/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMultimediaWMPlayerSchemesf3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsMyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeWordAddinsMyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREFun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREFocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREFun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarShellBrowser{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRuninternet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmicrosoft windows logon process (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMenuExt&Search (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows MediaWMSDKSourcesf3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost PlatformFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunTok-Cirrhatus (Worm.Brontok) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionservicesdel (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRuntok-cirrhatus-1398 (Worm.Brontok) -> Quarantined and deleted successfully.Заражено параметров реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Заражено папок:
C:Documents and SettingsUserApplication DataInternet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prodb (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Prodb (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProLanguages (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:Program FilesMyWebSearchbar (Adware.MyWebSearch) -> Delete on reboot.
C:Program FilesMyWebSearchbar1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:Program FilesMyWebSearchbarAvatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGame (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarHistory (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbaricons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarMessage (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchSrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchSrchAstt1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsScreenSaverImages (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsShared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.Заражено файлов:
C:Program FilesMyWebSearchbar1.binMWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE (Adware.MyWeb) -> Delete on reboot.
C:Program FilesMyWebSearchbar1.binF3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesCommon FilesInternetAntivirusPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3IDLE.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3IMPIPE.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3SKPLAY.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3SLSRCH.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:System Volume Information_restore{4FC7A551-9B78-4BD4-BDBC-1455C28A732D}RP457A0060132.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prosettings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prouill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prounins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus ProUninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Proupdateloadlist.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prodbconfig.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus ProdbTimeout.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus ProdbUrls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Proactivate.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProExplorer.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProIAPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Prounins000.dat (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Prouninstall.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Proworking.log (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProdbDBInfo.ver (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Prodbia080614.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Prodbia080618x.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProLanguagesIAEs.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProLanguagesIAFr.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProLanguagesIAGer.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus ProLanguagesIAIt.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:Program FilesMyWebSearchbar1.binF3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binF3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbar1.binM3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarAvatarCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache06138DA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0613AAF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0613C07.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0613D6E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache0F56D48 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache3C1C8BC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache7CC24B2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache7CC2713.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache7CC2945.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCache7CC2B78.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarCachefiles.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGameCHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGameCHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarGameREVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarHistorysearch2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbariconsCM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbariconsMFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbariconsPSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbariconsSMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbariconsWB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbariconsZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarMessageCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierDOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierFISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierKUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierLIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierMAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierMAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierOPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierSEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarNotifierSURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingsprevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingssetting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingssettings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesMyWebSearchbarSettingss_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsScreenSaverImages7CC0831.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheCursorManiaBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheCursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheSmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProductsSharedCacheSmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataMicrosoftInternet ExplorerQuick LaunchInternet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowspguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersРабочий столInternet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:WINDOWSsystem32f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Program FilesCommon Filesfile.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesICQToolbartoolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
