• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало
Adguard
 

moonsulu

  • Профиль
  • Начатые темы
  • Созданные ответы
  • Engagements
  • Избранное

Созданные ответы форума

Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Автор
    Сообщения
  • 8 октября, 2008 в 3:58 дп в ответ на: помогите проанализировать лог HijackThis [TotalSecure2009] #19293
    moonsulu
    Participant
    • Темы:1
    • Сообщений:7
    • ☆

    проблем нет! огромное спасибо!

    7 октября, 2008 в 4:09 пп в ответ на: помогите проанализировать лог HijackThis [TotalSecure2009] #19291
    moonsulu
    Participant
    • Темы:1
    • Сообщений:7
    • ☆

    ComboFix 08-10-06.08 — 1 2008-10-07 22:01:00.4 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.310 [GMT 6:00]
    Running from: C:Documents and Settings1??????? ????ComboFix.exe
    Command switches used :: D:CFScript.txt
    * Created a new restore point
    * Resident AV is active

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:Program FilesTS2009
    C:Program FilesTS2009totalsecure.s1
    C:WINDOWSIE4 Error Log.txt

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
    .

    2008-10-07 10:08 . 2008-10-07 22:05 54,156 —ah

    C:WINDOWSQTFont.qfn
    2008-10-07 10:08 . 2008-10-07 22:05 1,409 —a

    C:WINDOWSQTFont.for
    2008-10-06 16:05 . 2008-10-06 16:05 d

    C:Program FilesTrend Micro
    2008-10-06 15:16 . 2008-10-06 15:18     d

    C:Program FilesMalwarebytes’ Anti-Malware
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and Settings1Application DataMalwarebytes
    2008-10-06 15:16 . 2008-09-10 00:04 38,528 —a

    C:WINDOWSsystem32driversmbamswissarmy.sys
    2008-10-06 15:16 . 2008-09-10 00:03 17,200 —a

    C:WINDOWSsystem32driversmbam.sys
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Program FilesESET
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Documents and SettingsAll UsersApplication DataESET
    2008-10-06 13:14 . 2008-10-06 13:14     d

    C:Program FilesCommon FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Program FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Documents and SettingsAll UsersApplication DataParetoLogic Anti-Spyware
    2008-10-06 12:12 . 2008-10-06 13:35     d

    C:Program FilesXoftSpySE
    2008-10-06 12:00 . 2008-10-06 12:00 15,360 —ahs—- C:WINDOWSsystem32Thumbs.db
    2008-10-06 10:57 . 2008-10-06 10:57     d

    C:Games
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Program FilesHiro-Media
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Documents and SettingsAll UsersApplication DataHiro-Media
    2008-10-01 15:13 . 2008-10-01 15:13 792 —a

    C:WINDOWSlines98.sav
    2008-10-01 14:04 . 2008-10-01 14:04 120 —a

    C:WINDOWSd4s.hst
    2008-09-20 22:46 . 2008-04-14 22:10 159,232 —a

    C:WINDOWSsystem32ptpusd.dll
    2008-09-20 22:46 . 2001-10-19 21:06 5,632 —a

    C:WINDOWSsystem32ptpusb.dll
    2008-09-11 15:24 . 2008-09-11 16:09     d

    C:Documents and Settings1Application DataVKLife
    2008-09-11 15:22 . 2008-09-17 10:14     d

    C:Program FilesAgent Vkontakte
    2008-09-11 15:22 . 2008-09-11 15:38     d

    C:Documents and Settings1Application DataVKontakte
    2008-09-10 21:51 . 2008-09-10 21:51     d

    C:Program FilesEA GAMES
    2008-09-08 22:29 . 2008-09-08 22:29     d

    C:WINDOWSSun
    2008-09-08 22:28 . 2008-06-10 02:32 73,728 —a

    C:WINDOWSsystem32javacpl.cpl
    2008-09-08 22:27 . 2008-09-08 22:28     d

    C:Program FilesJava
    2008-09-08 22:20 . 2008-09-08 22:20     d

    C:Program FilesCommon FilesJava
    2008-09-08 11:48 . 2008-08-28 11:50     d

    C:Program FilesMovie Maker

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-07 16:06 46,939,680 —sha-w C:WINDOWSsystem32driversfidbox.dat
    2008-10-07 16:05 768,032 —sha-w C:WINDOWSsystem32driversfidbox2.dat
    2008-10-07 15:19

    d

    w C:Documents and Settings1Application DataskypePM
    2008-10-07 15:19

    d

    w C:Documents and Settings1Application DataSkype
    2008-10-07 14:46 72,596 —sha-w C:WINDOWSsystem32driversfidbox2.idx
    2008-10-07 14:46 622,148 —sha-w C:WINDOWSsystem32driversfidbox.idx
    2008-10-07 14:45

    d

    w C:Program FilesQUIK КИТ Финанс
    2008-10-07 14:45

    d

    w C:Documents and Settings1Application DataOrbit
    2008-10-07 09:01

    d

    w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
    2008-10-06 09:49

    d

    w C:Program FilesICQToolbar
    2008-10-06 09:03

    d

    w C:Program FilesOpera
    2008-09-24 03:51

    d

    w C:Program FilesICQ6
    2008-09-20 19:40

    d

    w C:Documents and Settings1Application DatauTorrent
    2008-09-20 12:24

    d

    w C:Documents and Settings1Application DataMra
    2008-09-17 12:49

    d

    w C:Program FilesuTorrent
    2008-09-17 08:55

    d

    w C:Documents and Settings1Application DataICQ
    2008-09-10 15:51

    d—h—w C:Program FilesInstallShield Installation Information
    2008-09-08 05:48

    d

    w C:Program FilesНовая папка
    2008-08-29 18:44

    d

    w C:Program FilesRambler Assistant
    2008-08-28 13:31

    d

    w C:Program FilesWindows Media Connect 2
    2008-08-28 13:10

    d

    w C:Documents and Settings1Application DataDataLayer
    2008-08-28 13:07

    d

    w C:Program FilesShasoft eBook 3.0
    2008-08-28 05:29

    d

    w C:Documents and Settings1Application DataDownload Master
    2008-08-27 17:58

    d

    w C:Program FilesDivX
    2008-08-26 05:20

    d

    w C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
    2008-08-24 13:59

    d

    w C:Documents and Settings1Application DataNokia
    2008-08-24 09:29

    d

    w C:Program FilesMSXML 4.0
    2008-08-23 11:57

    d

    w C:Documents and SettingsAll UsersApplication DataHP
    2008-08-23 11:57

    d

    w C:Documents and Settings1Application DataHP
    2008-08-23 11:50

    d

    w C:Documents and SettingsAll UsersApplication DataWEBREG
    2008-08-23 11:48

    d

    w C:Program FilesHP
    2008-08-23 11:48

    d

    w C:Documents and SettingsAll UsersApplication DataHPSSUPPLY
    2008-08-23 11:48

    d

    w C:Documents and Settings1Application DataHPAppData
    2008-08-23 11:47

    d

    w C:Program FilesCommon FilesHP
    2008-08-23 11:47

    d

    w C:Documents and SettingsAll UsersApplication DataHP Product Assistant
    2008-08-23 11:46

    d

    w C:Program FilesHewlett-Packard
    2008-08-23 11:46

    d

    w C:Program FilesCommon FilesHewlett-Packard
    2008-08-23 11:45

    d

    w C:Documents and SettingsAll UsersApplication DataHewlett-Packard
    2008-08-21 10:48

    d

    w C:Documents and Settings1Application Datarambler.ru
    2008-08-21 05:07

    d

    w C:Documents and Settings1Application DataU3
    2008-08-19 13:12

    d

    w C:Program FilesOrbitdownloader
    2008-08-18 14:56

    d

    w C:Program FilesAlcohol Soft
    2008-08-18 14:52 716,272 —-a-w C:WINDOWSsystem32driverssptd.sys
    2008-08-15 09:24

    d

    w C:Program FilesJavaSoft
    2008-08-14 14:13

    d

    w C:Program FilesGames.Rambler.ru
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataPlayFirst
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataAlawarWrapper
    2008-08-14 14:13

    d

    w C:Documents and Settings1Application DataPlayFirst
    2008-08-13 14:57

    d

    w C:Program FilesGames.Mail.Ru
    2008-08-13 11:27

    d

    w C:Program FilesDIFX
    2008-08-13 11:27

    d

    w C:Documents and SettingsAll UsersApplication DataPC Suite
    2008-08-13 11:26

    d

    w C:Program FilesNokia
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesPCSuite
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesNokia
    2008-08-13 11:26

    d

    w C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-08-13 11:26

    d

    w C:Documents and Settings1Application DataPC Suite
    2008-08-13 10:58

    d

    w C:Documents and SettingsAll UsersApplication DataEgoset
    2008-08-13 07:13

    d

    w C:Program FilesDownload Master
    2008-08-13 06:15

    d

    w C:Documents and SettingsAll UsersApplication DataNtiDvdCopy
    2008-08-13 05:33

    d

    w C:Documents and Settings1Application DataMedia Player Classic
    2008-08-08 05:10

    d—h—w C:Documents and SettingsAll UsersApplication DataCanonBJ
    2008-07-23 16:48 200,704 —-a-w C:WINDOWSsystem32ssldivx.dll
    2008-07-23 16:48 1,044,480 —-a-w C:WINDOWSsystem32libdivx.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32dllcachecdm.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32cdm.dll
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32wuauclt.exe
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32dllcachewuauclt.exe
    2008-07-18 16:10 45,768 —-a-w C:WINDOWSsystem32wups2.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32wups.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32dllcachewups.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32wuapi.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32dllcachewuapi.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32wucltui.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32dllcachewucltui.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32wuweb.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32dllcachewuweb.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32wuaueng.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32dllcachewuaueng.dll
    2008-07-07 20:29 253,952 —-a-w C:WINDOWSsystem32es.dll
    2008-07-07 20:29 253,952

    w C:WINDOWSsystem32dllcachees.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-07_15.13.34.89 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-07 15:19:14 16,384 —-atw C:WINDOWSTempPerflib_Perfdata_dfc.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2008-04-14 15360]
    «Skype»=»C:Program FilesSkypePhoneSkype.exe» [2008-07-23 21738792]
    «PcSync»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
    «AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
    «VKontakte»=»C:Program FilesAgent VkontakteAgentVkontakte.exe» [2008-05-21 3537920]
    «ParetoLogic Anti-Spyware»=»C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe» [2007-04-02 2639472]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «preload»=»C:WindowsRUNXMLPL.exe» [2007-04-21 20480]
    «IAAnotif»=»C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe» [2007-03-21 174872]
    «SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-09-08 1015808]
    «AzMixerSel»=»C:Program FilesRealtekInstallShieldAzMixerSel.exe» [2005-06-11 53248]
    «IMJPMIG8.1″=»C:WINDOWSIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
    «MSPY2002″=»C:WINDOWSsystem32IMEPINTLGNTImScInst.exe» [2004-08-18 59392]
    «PHIME2002ASync»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «PHIME2002A»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «SynTPStart»=»C:Program FilesSynapticsSynTPSynTPStart.exe» [2007-09-08 102400]
    «RemoteControl»=»C:Program FilesCyberLinkPowerDVDPDVDServ.exe» [2007-01-09 68640]
    «LanguageShortcut»=»C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-09 52256]
    «Acer ePresentation HPD»=»C:AcerEmpowering TechnologyePresentationePresentation.exe» [2007-03-02 208896]
    «ePower_DMC»=»C:AcerEmpowering TechnologyePowerePower_DMC.exe» [2007-07-04 475136]
    «Boot»=»C:AcerEmpowering TechnologyePowerBoot.exe» [2006-03-16 579584]
    «eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-05-28 342528]
    «eRecoveryService»=»C:AcerEmpowering TechnologyeRecoveryeRAgent.exe» [2007-07-11 421888]
    «LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 858632]
    «IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-06-13 142104]
    «HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-06-13 162584]
    «Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-06-13 138008]
    «QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-07-27 77824]
    «MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-09-22 3110392]
    «Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
    «PCSuiteTrayApplication»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 229376]
    «HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
    «SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_07binjusched.exe» [2008-06-10 144784]
    «RTHDCPL»=»RTHDCPL.EXE» [2007-05-28 C:WINDOWSRTHDCPL.exe]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-04-14 15360]

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
    «{51C55F9E-C308-4c95-89AB-8858D8AFD819}»= «C:Program FilesParetoLogicAnti-SpywarePASShlExt.dll» [2007-03-29 98304]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
    «VIDC.YV12″= yv12vfw.dll

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
    «DisableMonitoring»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
    «C:\Program Files\ICQ6\ICQ.exe»=
    «C:\Program Files\Mail.Ru\Agent\magent.exe»=
    «C:\Program Files\BitTornado\btdownloadgui.exe»=
    «C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe»=
    «C:\Program Files\Orbitdownloader\orbitnet.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «C:\Program Files\ZyXEL\NetFriend\NetFriend.exe»=
    «C:\Program Files\uTorrent\uTorrent.exe»=
    «C:\Program Files\Opera\opera.exe»=
    «C:\Program Files\Skype\Phone\Skype.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «45533:TCP»= 45533:TCP:utorrent
    «45533:UDP»= 45533:UDP:ut
    «55555:TCP»= 55555:TCP:1
    «55555:UDP»= 55555:UDP:12

    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2006-04-14 28933976]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
    R3 usbstor;Драйвер запоминающих устройств для USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 int15.sys;int15.sys;C:AcerEmpowering TechnologyeRecoveryint15.sys [2005-01-13 69632]
    S3 usbprint;Класс принтеров Microsoft USB;C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85b-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — G:LaunchU3.exe -a
    .
    Contents of the ‘Scheduled Tasks’ folder

    2008-10-06 C:WINDOWSTasksParetoLogic Anti-Spyware.job
    — C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe [2007-04-02 16:40]

    2008-10-06 C:WINDOWSTasksParetoLogic Update.job
    — C:Program FilesCommon FilesParetoLogicUUSPareto_Update.exe [2007-08-01 13:39]

    2008-10-07 C:WINDOWSTasksUser_Feed_Synchronization-{1F20AC20-8159-4105-9DA9-46BAE8E5D3BF}.job
    — C:WINDOWSsystem32msfeedssync.exe [2007-08-13 18:36]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-07 22:05:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-07 22:08:01
    ComboFix-quarantined-files.txt 2008-10-07 16:07:55
    ComboFix2.txt 2008-10-07 09:14:07
    ComboFix3.txt 2008-10-06 16:16:07

    Pre-Run: 3 100 409 856 ???? ????????
    Post-Run: 3,069,489,152 ???? ????????

    243 — E O F — 2008-09-10 14:48:49

    7 октября, 2008 в 9:15 дп в ответ на: помогите проанализировать лог HijackThis [TotalSecure2009] #19289
    moonsulu
    Participant
    • Темы:1
    • Сообщений:7
    • ☆

    новый лог

    ComboFix 08-10-06.05 — 1 2008-10-07 15:07:55.3 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.230 [GMT 6:00]
    Running from: C:Documents and Settings1??????? ????ComboFix.exe
    Command switches used :: C:Documents and Settings1??????? ????CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
    .

    2008-10-07 10:08 . 2008-10-07 15:12 54,156 —ah

    C:WINDOWSQTFont.qfn
    2008-10-07 10:08 . 2008-10-07 15:12 1,409 —a

    C:WINDOWSQTFont.for
    2008-10-06 16:05 . 2008-10-06 16:05 d

    C:Program FilesTrend Micro
    2008-10-06 15:16 . 2008-10-06 15:18     d

    C:Program FilesMalwarebytes’ Anti-Malware
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and Settings1Application DataMalwarebytes
    2008-10-06 15:16 . 2008-09-10 00:04 38,528 —a

    C:WINDOWSsystem32driversmbamswissarmy.sys
    2008-10-06 15:16 . 2008-09-10 00:03 17,200 —a

    C:WINDOWSsystem32driversmbam.sys
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Program FilesESET
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Documents and SettingsAll UsersApplication DataESET
    2008-10-06 13:14 . 2008-10-06 13:14     d

    C:Program FilesCommon FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Program FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Documents and SettingsAll UsersApplication DataParetoLogic Anti-Spyware
    2008-10-06 12:12 . 2008-10-06 13:35     d

    C:Program FilesXoftSpySE
    2008-10-06 12:00 . 2008-10-06 12:00 15,360 —ahs—- C:WINDOWSsystem32Thumbs.db
    2008-10-06 11:07 . 2008-10-06 16:35     d

    C:Program FilesTS2009
    2008-10-06 10:57 . 2008-10-06 10:57     d

    C:Games
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Program FilesHiro-Media
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Documents and SettingsAll UsersApplication DataHiro-Media
    2008-10-01 15:13 . 2008-10-01 15:13 792 —a

    C:WINDOWSlines98.sav
    2008-10-01 14:04 . 2008-10-01 14:04 120 —a

    C:WINDOWSd4s.hst
    2008-09-20 22:46 . 2008-04-14 22:10 159,232 —a

    C:WINDOWSsystem32ptpusd.dll
    2008-09-20 22:46 . 2001-10-19 21:06 5,632 —a

    C:WINDOWSsystem32ptpusb.dll
    2008-09-11 15:24 . 2008-09-11 16:09     d

    C:Documents and Settings1Application DataVKLife
    2008-09-11 15:22 . 2008-09-17 10:14     d

    C:Program FilesAgent Vkontakte
    2008-09-11 15:22 . 2008-09-11 15:38     d

    C:Documents and Settings1Application DataVKontakte
    2008-09-10 21:51 . 2008-09-10 21:51     d

    C:Program FilesEA GAMES
    2008-09-08 22:29 . 2008-09-08 22:29     d

    C:WINDOWSSun
    2008-09-08 22:28 . 2008-06-10 02:32 73,728 —a

    C:WINDOWSsystem32javacpl.cpl
    2008-09-08 22:27 . 2008-09-08 22:28     d

    C:Program FilesJava
    2008-09-08 22:20 . 2008-09-08 22:20     d

    C:Program FilesCommon FilesJava
    2008-09-08 11:48 . 2008-08-28 11:50     d

    C:Program FilesMovie Maker

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-07 09:12 761,120 —sha-w C:WINDOWSsystem32driversfidbox2.dat
    2008-10-07 09:12 46,323,232 —sha-w C:WINDOWSsystem32driversfidbox.dat
    2008-10-07 09:02

    d

    w C:Documents and Settings1Application DataSkype
    2008-10-07 09:01

    d

    w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
    2008-10-07 08:59 72,044 —sha-w C:WINDOWSsystem32driversfidbox2.idx
    2008-10-07 08:59 620,132 —sha-w C:WINDOWSsystem32driversfidbox.idx
    2008-10-07 08:58

    d

    w C:Program FilesQUIK КИТ Финанс
    2008-10-07 04:10

    d

    w C:Documents and Settings1Application DataskypePM
    2008-10-06 09:49

    d

    w C:Program FilesICQToolbar
    2008-10-06 09:48

    d

    w C:Documents and Settings1Application DataOrbit
    2008-10-06 09:03

    d

    w C:Program FilesOpera
    2008-09-24 03:51

    d

    w C:Program FilesICQ6
    2008-09-20 19:40

    d

    w C:Documents and Settings1Application DatauTorrent
    2008-09-20 12:24

    d

    w C:Documents and Settings1Application DataMra
    2008-09-17 12:49

    d

    w C:Program FilesuTorrent
    2008-09-17 08:55

    d

    w C:Documents and Settings1Application DataICQ
    2008-09-10 15:51

    d—h—w C:Program FilesInstallShield Installation Information
    2008-09-08 05:48

    d

    w C:Program FilesНовая папка
    2008-08-29 18:44

    d

    w C:Program FilesRambler Assistant
    2008-08-28 13:31

    d

    w C:Program FilesWindows Media Connect 2
    2008-08-28 13:10

    d

    w C:Documents and Settings1Application DataDataLayer
    2008-08-28 13:07

    d

    w C:Program FilesShasoft eBook 3.0
    2008-08-28 05:29

    d

    w C:Documents and Settings1Application DataDownload Master
    2008-08-27 17:58

    d

    w C:Program FilesDivX
    2008-08-26 05:20

    d

    w C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
    2008-08-24 13:59

    d

    w C:Documents and Settings1Application DataNokia
    2008-08-24 09:29

    d

    w C:Program FilesMSXML 4.0
    2008-08-23 11:57

    d

    w C:Documents and SettingsAll UsersApplication DataHP
    2008-08-23 11:57

    d

    w C:Documents and Settings1Application DataHP
    2008-08-23 11:50

    d

    w C:Documents and SettingsAll UsersApplication DataWEBREG
    2008-08-23 11:48

    d

    w C:Program FilesHP
    2008-08-23 11:48

    d

    w C:Documents and SettingsAll UsersApplication DataHPSSUPPLY
    2008-08-23 11:48

    d

    w C:Documents and Settings1Application DataHPAppData
    2008-08-23 11:47

    d

    w C:Program FilesCommon FilesHP
    2008-08-23 11:47

    d

    w C:Documents and SettingsAll UsersApplication DataHP Product Assistant
    2008-08-23 11:46

    d

    w C:Program FilesHewlett-Packard
    2008-08-23 11:46

    d

    w C:Program FilesCommon FilesHewlett-Packard
    2008-08-23 11:45

    d

    w C:Documents and SettingsAll UsersApplication DataHewlett-Packard
    2008-08-21 10:48

    d

    w C:Documents and Settings1Application Datarambler.ru
    2008-08-21 05:07

    d

    w C:Documents and Settings1Application DataU3
    2008-08-19 13:12

    d

    w C:Program FilesOrbitdownloader
    2008-08-18 14:56

    d

    w C:Program FilesAlcohol Soft
    2008-08-18 14:52 716,272 —-a-w C:WINDOWSsystem32driverssptd.sys
    2008-08-15 09:24

    d

    w C:Program FilesJavaSoft
    2008-08-14 14:13

    d

    w C:Program FilesGames.Rambler.ru
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataPlayFirst
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataAlawarWrapper
    2008-08-14 14:13

    d

    w C:Documents and Settings1Application DataPlayFirst
    2008-08-13 14:57

    d

    w C:Program FilesGames.Mail.Ru
    2008-08-13 11:27

    d

    w C:Program FilesDIFX
    2008-08-13 11:27

    d

    w C:Documents and SettingsAll UsersApplication DataPC Suite
    2008-08-13 11:26

    d

    w C:Program FilesNokia
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesPCSuite
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesNokia
    2008-08-13 11:26

    d

    w C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-08-13 11:26

    d

    w C:Documents and Settings1Application DataPC Suite
    2008-08-13 10:58

    d

    w C:Documents and SettingsAll UsersApplication DataEgoset
    2008-08-13 07:13

    d

    w C:Program FilesDownload Master
    2008-08-13 06:15

    d

    w C:Documents and SettingsAll UsersApplication DataNtiDvdCopy
    2008-08-13 05:33

    d

    w C:Documents and Settings1Application DataMedia Player Classic
    2008-08-08 05:10

    d—h—w C:Documents and SettingsAll UsersApplication DataCanonBJ
    2008-07-23 16:48 200,704 —-a-w C:WINDOWSsystem32ssldivx.dll
    2008-07-23 16:48 1,044,480 —-a-w C:WINDOWSsystem32libdivx.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32dllcachecdm.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32cdm.dll
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32wuauclt.exe
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32dllcachewuauclt.exe
    2008-07-18 16:10 45,768 —-a-w C:WINDOWSsystem32wups2.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32wups.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32dllcachewups.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32wuapi.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32dllcachewuapi.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32wucltui.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32dllcachewucltui.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32wuweb.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32dllcachewuweb.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32wuaueng.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32dllcachewuaueng.dll
    2008-07-07 20:29 253,952 —-a-w C:WINDOWSsystem32es.dll
    2008-07-07 20:29 253,952

    w C:WINDOWSsystem32dllcachees.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2008-04-14 15360]
    «Skype»=»C:Program FilesSkypePhoneSkype.exe» [2008-07-23 21738792]
    «PcSync»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
    «AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
    «VKontakte»=»C:Program FilesAgent VkontakteAgentVkontakte.exe» [2008-05-21 3537920]
    «ParetoLogic Anti-Spyware»=»C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe» [2007-04-02 2639472]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «preload»=»C:WindowsRUNXMLPL.exe» [2007-04-21 20480]
    «IAAnotif»=»C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe» [2007-03-21 174872]
    «SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-09-08 1015808]
    «AzMixerSel»=»C:Program FilesRealtekInstallShieldAzMixerSel.exe» [2005-06-11 53248]
    «IMJPMIG8.1″=»C:WINDOWSIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
    «MSPY2002″=»C:WINDOWSsystem32IMEPINTLGNTImScInst.exe» [2004-08-18 59392]
    «PHIME2002ASync»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «PHIME2002A»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «SynTPStart»=»C:Program FilesSynapticsSynTPSynTPStart.exe» [2007-09-08 102400]
    «RemoteControl»=»C:Program FilesCyberLinkPowerDVDPDVDServ.exe» [2007-01-09 68640]
    «LanguageShortcut»=»C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-09 52256]
    «Acer ePresentation HPD»=»C:AcerEmpowering TechnologyePresentationePresentation.exe» [2007-03-02 208896]
    «ePower_DMC»=»C:AcerEmpowering TechnologyePowerePower_DMC.exe» [2007-07-04 475136]
    «Boot»=»C:AcerEmpowering TechnologyePowerBoot.exe» [2006-03-16 579584]
    «eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-05-28 342528]
    «eRecoveryService»=»C:AcerEmpowering TechnologyeRecoveryeRAgent.exe» [2007-07-11 421888]
    «LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 858632]
    «IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-06-13 142104]
    «HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-06-13 162584]
    «Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-06-13 138008]
    «QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-07-27 77824]
    «MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-09-22 3110392]
    «Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
    «PCSuiteTrayApplication»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 229376]
    «HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
    «SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_07binjusched.exe» [2008-06-10 144784]
    «RTHDCPL»=»RTHDCPL.EXE» [2007-05-28 C:WINDOWSRTHDCPL.exe]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-04-14 15360]

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
    «{51C55F9E-C308-4c95-89AB-8858D8AFD819}»= «C:Program FilesParetoLogicAnti-SpywarePASShlExt.dll» [2007-03-29 98304]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
    «VIDC.YV12″= yv12vfw.dll

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
    «DisableMonitoring»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
    «C:\Program Files\ICQ6\ICQ.exe»=
    «C:\Program Files\Mail.Ru\Agent\magent.exe»=
    «C:\Program Files\BitTornado\btdownloadgui.exe»=
    «C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe»=
    «C:\Program Files\Orbitdownloader\orbitnet.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «C:\Program Files\ZyXEL\NetFriend\NetFriend.exe»=
    «C:\Program Files\uTorrent\uTorrent.exe»=
    «C:\Program Files\Opera\opera.exe»=
    «C:\Program Files\Skype\Phone\Skype.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «45533:TCP»= 45533:TCP:utorrent
    «45533:UDP»= 45533:UDP:ut
    «55555:TCP»= 55555:TCP:1
    «55555:UDP»= 55555:UDP:12

    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2006-04-14 28933976]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
    R3 usbstor;Драйвер запоминающих устройств для USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 int15.sys;int15.sys;C:AcerEmpowering TechnologyeRecoveryint15.sys [2005-01-13 69632]
    S3 usbprint;Класс принтеров Microsoft USB;C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85b-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — G:LaunchU3.exe -a

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85c-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — evkq381.com
    ShellexploreCommand — evkq381.com
    ShellopenCommand — evkq381.com

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{942ffed1-90fd-11dd-894b-001d721a7948}]
    ShellAutoRuncommand — H:
    ShellopenCommand — rundll32.exe .\scdrnru.dll,InstallM
    .
    Contents of the ‘Scheduled Tasks’ folder

    2008-10-06 C:WINDOWSTasksParetoLogic Anti-Spyware.job
    — C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe [2007-04-02 16:40]

    2008-10-06 C:WINDOWSTasksParetoLogic Update.job
    — C:Program FilesCommon FilesParetoLogicUUSPareto_Update.exe [2007-08-01 13:39]

    2008-10-07 C:WINDOWSTasksUser_Feed_Synchronization-{1F20AC20-8159-4105-9DA9-46BAE8E5D3BF}.job
    — C:WINDOWSsystem32msfeedssync.exe [2007-08-13 18:36]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-07 15:12:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-07 15:14:05
    ComboFix-quarantined-files.txt 2008-10-07 09:14:00
    ComboFix2.txt 2008-10-06 16:16:07

    Pre-Run: 3 180 777 472 ???? ????????
    Post-Run: 3,156,447,232 ???? ????????

    239 — E O F — 2008-09-10 14:48:49

    6 октября, 2008 в 4:22 пп в ответ на: помогите проанализировать лог HijackThis [TotalSecure2009] #19287
    moonsulu
    Participant
    • Темы:1
    • Сообщений:7
    • ☆

    теперь нет проблем!

    Спасибо вам, Валерий!!! ОГРОМНОЕ!
    Мне очень повезло что я сразу попала на этот форум!

    6 октября, 2008 в 4:20 пп в ответ на: помогите проанализировать лог HijackThis [TotalSecure2009] #19286
    moonsulu
    Participant
    • Темы:1
    • Сообщений:7
    • ☆

    сделала так как вы написали в другой теме:

    Откройте блокнот и вставьте в него следующий текст:
    Код: Выделить всё
    File::
    C:WINDOWSsystem32mfmlib.dll

    Registry::
    [-HKEY_LOCAL_MACHINE~Browser Helper Objects{E5F76779-DE98-4045-AE76-1B5F8CB6B98D}]

    Запишите получившийся файл на ваш рабочий стол под именем CFScript
    Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

    По окончанию работы Combofix будет создан новый лог файл, пожалуйста вставьте его в ваше ответное сообщение.

    это новый лог:

    ComboFix 08-10-05.10 — 1 2008-10-06 22:12:54.2 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.428 [GMT 6:00]
    Running from: C:Documents and Settings1??????? ????ComboFix.exe
    Command switches used :: C:Documents and Settings1??????? ????CFScript.txt
    * Created a new restore point
    * Resident AV is active

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    /wow section not completed

    ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
    .

    2008-10-06 16:05 . 2008-10-06 16:05

    d

    C:Program FilesTrend Micro
    2008-10-06 15:16 . 2008-10-06 15:18     d

    C:Program FilesMalwarebytes’ Anti-Malware
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and Settings1Application DataMalwarebytes
    2008-10-06 15:16 . 2008-09-10 00:04 38,528 —a

    C:WINDOWSsystem32driversmbamswissarmy.sys
    2008-10-06 15:16 . 2008-09-10 00:03 17,200 —a

    C:WINDOWSsystem32driversmbam.sys
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Program FilesESET
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Documents and SettingsAll UsersApplication DataESET
    2008-10-06 13:14 . 2008-10-06 13:14     d

    C:Program FilesCommon FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Program FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Documents and SettingsAll UsersApplication DataParetoLogic Anti-Spyware
    2008-10-06 12:12 . 2008-10-06 13:35     d

    C:Program FilesXoftSpySE
    2008-10-06 12:00 . 2008-10-06 12:00 15,360 —ahs—- C:WINDOWSsystem32Thumbs.db
    2008-10-06 11:07 . 2008-10-06 16:35     d

    C:Program FilesTS2009
    2008-10-06 10:57 . 2008-10-06 10:57     d

    C:Games
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Program FilesHiro-Media
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Documents and SettingsAll UsersApplication DataHiro-Media
    2008-10-01 15:13 . 2008-10-01 15:13 792 —a

    C:WINDOWSlines98.sav
    2008-10-01 14:04 . 2008-10-01 14:04 120 —a

    C:WINDOWSd4s.hst
    2008-09-20 22:46 . 2008-04-14 22:10 159,232 —a

    C:WINDOWSsystem32ptpusd.dll
    2008-09-20 22:46 . 2001-10-19 21:06 5,632 —a

    C:WINDOWSsystem32ptpusb.dll
    2008-09-11 15:24 . 2008-09-11 16:09     d

    C:Documents and Settings1Application DataVKLife
    2008-09-11 15:22 . 2008-09-17 10:14     d

    C:Program FilesAgent Vkontakte
    2008-09-11 15:22 . 2008-09-11 15:38     d

    C:Documents and Settings1Application DataVKontakte
    2008-09-10 21:51 . 2008-09-10 21:51     d

    C:Program FilesEA GAMES
    2008-09-08 22:29 . 2008-09-08 22:29     d

    C:WINDOWSSun
    2008-09-08 22:28 . 2008-06-10 02:32 73,728 —a

    C:WINDOWSsystem32javacpl.cpl
    2008-09-08 22:27 . 2008-09-08 22:28     d

    C:Program FilesJava
    2008-09-08 22:20 . 2008-09-08 22:20     d

    C:Program FilesCommon FilesJava
    2008-09-08 11:48 . 2008-08-28 11:50     d

    C:Program FilesMovie Maker

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-06 16:13 750,624 —sha-w C:WINDOWSsystem32driversfidbox2.dat
    2008-10-06 16:13 46,056,224 —sha-w C:WINDOWSsystem32driversfidbox.dat
    2008-10-06 15:55

    d

    w C:Documents and Settings1Application DataSkype
    2008-10-06 15:51 70,916 —sha-w C:WINDOWSsystem32driversfidbox2.idx
    2008-10-06 15:51 616,292 —sha-w C:WINDOWSsystem32driversfidbox.idx
    2008-10-06 15:35

    d

    w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
    2008-10-06 14:45

    d

    w C:Program FilesQUIK КИТ Финанс
    2008-10-06 10:20

    d

    w C:Documents and Settings1Application DataskypePM
    2008-10-06 09:49

    d

    w C:Program FilesICQToolbar
    2008-10-06 09:48

    d

    w C:Documents and Settings1Application DataOrbit
    2008-10-06 09:03

    d

    w C:Program FilesOpera
    2008-09-24 03:51

    d

    w C:Program FilesICQ6
    2008-09-20 19:40

    d

    w C:Documents and Settings1Application DatauTorrent
    2008-09-20 12:24

    d

    w C:Documents and Settings1Application DataMra
    2008-09-17 12:49

    d

    w C:Program FilesuTorrent
    2008-09-17 08:55

    d

    w C:Documents and Settings1Application DataICQ
    2008-09-10 15:51

    d—h—w C:Program FilesInstallShield Installation Information
    2008-09-08 05:48

    d

    w C:Program FilesНовая папка
    2008-08-29 18:44

    d

    w C:Program FilesRambler Assistant
    2008-08-28 13:31

    d

    w C:Program FilesWindows Media Connect 2
    2008-08-28 13:10

    d

    w C:Documents and Settings1Application DataDataLayer
    2008-08-28 13:07

    d

    w C:Program FilesShasoft eBook 3.0
    2008-08-28 05:29

    d

    w C:Documents and Settings1Application DataDownload Master
    2008-08-27 17:58

    d

    w C:Program FilesDivX
    2008-08-26 05:20

    d

    w C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
    2008-08-24 13:59

    d

    w C:Documents and Settings1Application DataNokia
    2008-08-24 09:29

    d

    w C:Program FilesMSXML 4.0
    2008-08-23 11:57

    d

    w C:Documents and SettingsAll UsersApplication DataHP
    2008-08-23 11:57

    d

    w C:Documents and Settings1Application DataHP
    2008-08-23 11:50

    d

    w C:Documents and SettingsAll UsersApplication DataWEBREG
    2008-08-23 11:48

    d

    w C:Program FilesHP
    2008-08-23 11:48

    d

    w C:Documents and SettingsAll UsersApplication DataHPSSUPPLY
    2008-08-23 11:48

    d

    w C:Documents and Settings1Application DataHPAppData
    2008-08-23 11:47

    d

    w C:Program FilesCommon FilesHP
    2008-08-23 11:47

    d

    w C:Documents and SettingsAll UsersApplication DataHP Product Assistant
    2008-08-23 11:46

    d

    w C:Program FilesHewlett-Packard
    2008-08-23 11:46

    d

    w C:Program FilesCommon FilesHewlett-Packard
    2008-08-23 11:45

    d

    w C:Documents and SettingsAll UsersApplication DataHewlett-Packard
    2008-08-21 10:48

    d

    w C:Documents and Settings1Application Datarambler.ru
    2008-08-21 05:07

    d

    w C:Documents and Settings1Application DataU3
    2008-08-19 13:12

    d

    w C:Program FilesOrbitdownloader
    2008-08-18 14:56

    d

    w C:Program FilesAlcohol Soft
    2008-08-18 14:52 716,272 —-a-w C:WINDOWSsystem32driverssptd.sys
    2008-08-15 09:24

    d

    w C:Program FilesJavaSoft
    2008-08-14 14:13

    d

    w C:Program FilesGames.Rambler.ru
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataPlayFirst
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataAlawarWrapper
    2008-08-14 14:13

    d

    w C:Documents and Settings1Application DataPlayFirst
    2008-08-13 14:57

    d

    w C:Program FilesGames.Mail.Ru
    2008-08-13 11:27

    d

    w C:Program FilesDIFX
    2008-08-13 11:27

    d

    w C:Documents and SettingsAll UsersApplication DataPC Suite
    2008-08-13 11:26

    d

    w C:Program FilesNokia
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesPCSuite
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesNokia
    2008-08-13 11:26

    d

    w C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-08-13 11:26

    d

    w C:Documents and Settings1Application DataPC Suite
    2008-08-13 10:58

    d

    w C:Documents and SettingsAll UsersApplication DataEgoset
    2008-08-13 07:13

    d

    w C:Program FilesDownload Master
    2008-08-13 06:15

    d

    w C:Documents and SettingsAll UsersApplication DataNtiDvdCopy
    2008-08-13 05:33

    d

    w C:Documents and Settings1Application DataMedia Player Classic
    2008-08-08 05:10

    d—h—w C:Documents and SettingsAll UsersApplication DataCanonBJ
    2008-08-06 17:01 96,976 —-a-w C:WINDOWSsystem32driversklin.dat
    2008-08-06 13:52

    d

    w C:Documents and SettingsAll UsersApplication DataCyberLink
    2008-08-06 13:52

    d

    w C:Documents and Settings1Application DataCyberLink
    2008-07-23 16:48 200,704 —-a-w C:WINDOWSsystem32ssldivx.dll
    2008-07-23 16:48 1,044,480 —-a-w C:WINDOWSsystem32libdivx.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32dllcachecdm.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32cdm.dll
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32wuauclt.exe
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32dllcachewuauclt.exe
    2008-07-18 16:10 45,768 —-a-w C:WINDOWSsystem32wups2.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32wups.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32dllcachewups.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32wuapi.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32dllcachewuapi.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32wucltui.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32dllcachewucltui.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32wuweb.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32dllcachewuweb.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32wuaueng.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32dllcachewuaueng.dll
    2008-07-07 20:29 253,952 —-a-w C:WINDOWSsystem32es.dll
    2008-07-07 20:29 253,952

    w C:WINDOWSsystem32dllcachees.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2008-04-14 15360]
    «Skype»=»C:Program FilesSkypePhoneSkype.exe» [2008-07-23 21738792]
    «PcSync»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
    «AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
    «VKontakte»=»C:Program FilesAgent VkontakteAgentVkontakte.exe» [2008-05-21 3537920]
    «ParetoLogic Anti-Spyware»=»C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe» [2007-04-02 2639472]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «preload»=»C:WindowsRUNXMLPL.exe» [2007-04-21 20480]
    «IAAnotif»=»C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe» [2007-03-21 174872]
    «SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-09-08 1015808]
    «AzMixerSel»=»C:Program FilesRealtekInstallShieldAzMixerSel.exe» [2005-06-11 53248]
    «IMJPMIG8.1″=»C:WINDOWSIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
    «MSPY2002″=»C:WINDOWSsystem32IMEPINTLGNTImScInst.exe» [2004-08-18 59392]
    «PHIME2002ASync»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «PHIME2002A»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «SynTPStart»=»C:Program FilesSynapticsSynTPSynTPStart.exe» [2007-09-08 102400]
    «RemoteControl»=»C:Program FilesCyberLinkPowerDVDPDVDServ.exe» [2007-01-09 68640]
    «LanguageShortcut»=»C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-09 52256]
    «Acer ePresentation HPD»=»C:AcerEmpowering TechnologyePresentationePresentation.exe» [2007-03-02 208896]
    «ePower_DMC»=»C:AcerEmpowering TechnologyePowerePower_DMC.exe» [2007-07-04 475136]
    «Boot»=»C:AcerEmpowering TechnologyePowerBoot.exe» [2006-03-16 579584]
    «eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-05-28 342528]
    «eRecoveryService»=»C:AcerEmpowering TechnologyeRecoveryeRAgent.exe» [2007-07-11 421888]
    «LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 858632]
    «IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-06-13 142104]
    «HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-06-13 162584]
    «Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-06-13 138008]
    «QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-07-27 77824]
    «MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-09-22 3110392]
    «Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
    «PCSuiteTrayApplication»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 229376]
    «HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
    «SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_07binjusched.exe» [2008-06-10 144784]
    «RTHDCPL»=»RTHDCPL.EXE» [2007-05-28 C:WINDOWSRTHDCPL.exe]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-04-14 15360]

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
    «{51C55F9E-C308-4c95-89AB-8858D8AFD819}»= «C:Program FilesParetoLogicAnti-SpywarePASShlExt.dll» [2007-03-29 98304]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
    «VIDC.YV12″= yv12vfw.dll

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
    «DisableMonitoring»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
    «C:\Program Files\ICQ6\ICQ.exe»=
    «C:\Program Files\Mail.Ru\Agent\magent.exe»=
    «C:\Program Files\BitTornado\btdownloadgui.exe»=
    «C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe»=
    «C:\Program Files\Orbitdownloader\orbitnet.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «C:\Program Files\ZyXEL\NetFriend\NetFriend.exe»=
    «C:\Program Files\uTorrent\uTorrent.exe»=
    «C:\Program Files\Opera\opera.exe»=
    «C:\Program Files\Skype\Phone\Skype.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «45533:TCP»= 45533:TCP:utorrent
    «45533:UDP»= 45533:UDP:ut
    «55555:TCP»= 55555:TCP:1
    «55555:UDP»= 55555:UDP:12

    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2006-04-14 28933976]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
    R3 usbstor;Драйвер запоминающих устройств для USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 int15.sys;int15.sys;C:AcerEmpowering TechnologyeRecoveryint15.sys [2005-01-13 69632]
    S3 usbprint;Класс принтеров Microsoft USB;C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85b-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — G:LaunchU3.exe -a

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85c-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — evkq381.com
    ShellexploreCommand — evkq381.com
    ShellopenCommand — evkq381.com

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{942ffed1-90fd-11dd-894b-001d721a7948}]
    ShellAutoRuncommand — H:
    ShellopenCommand — rundll32.exe .\scdrnru.dll,InstallM
    .
    Contents of the ‘Scheduled Tasks’ folder

    2008-10-06 C:WINDOWSTasksParetoLogic Anti-Spyware.job
    — C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe [2007-04-02 16:40]

    2008-10-06 C:WINDOWSTasksParetoLogic Update.job
    — C:Program FilesCommon FilesParetoLogicUUSPareto_Update.exe [2007-08-01 13:39]

    2008-10-05 C:WINDOWSTasksUser_Feed_Synchronization-{1F20AC20-8159-4105-9DA9-46BAE8E5D3BF}.job
    — C:WINDOWSsystem32msfeedssync.exe [2007-08-13 18:36]
    .
    — — — — ORPHANS REMOVED — — — —

    URLSearchHooks-{83821C2B-32A8-4DD7-B6D4-44309A78E668} — (no file)

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-06 22:13:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    **************************************************************************
    .
    Completion time: 2008-10-06 22:16:04
    ComboFix-quarantined-files.txt 2008-10-06 16:16:02
    ComboFix2.txt 2008-10-06 16:01:19

    Pre-Run: 2 570 588 160 ???? ????????
    Post-Run: 2,541,649,920 ???? ????????

    242 — E O F — 2008-09-10 14:48:49

    6 октября, 2008 в 4:04 пп в ответ на: помогите проанализировать лог HijackThis [TotalSecure2009] #19285
    moonsulu
    Participant
    • Темы:1
    • Сообщений:7
    • ☆

    ComboFix 08-10-05.08 — 1 2008-10-06 21:39:41.1 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.259 [GMT 6:00]
    Running from: C:Documents and Settings1??????? ????ComboFix.exe
    * Created a new restore point
    * Resident AV is active

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:WINDOWSk.txt
    C:WINDOWSsystem32AutoRun.inf
    C:WINDOWSsystem32c.ico
    C:WINDOWSsystem32Desktop_.ini
    C:WINDOWSsystem32fhl.dll
    C:WINDOWSsystem32m.ico
    C:WINDOWSsystem32rgf.dll
    C:WINDOWSsystem32rtl60.bpl
    C:WINDOWSsystem32s.ico
    C:WINDOWSTemplog.txt

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
    .

    2008-10-06 16:05 . 2008-10-06 16:05

    d

    C:Program FilesTrend Micro
    2008-10-06 15:16 . 2008-10-06 15:18     d

    C:Program FilesMalwarebytes’ Anti-Malware
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2008-10-06 15:16 . 2008-10-06 15:16     d

    C:Documents and Settings1Application DataMalwarebytes
    2008-10-06 15:16 . 2008-09-10 00:04 38,528 —a

    C:WINDOWSsystem32driversmbamswissarmy.sys
    2008-10-06 15:16 . 2008-09-10 00:03 17,200 —a

    C:WINDOWSsystem32driversmbam.sys
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Program FilesESET
    2008-10-06 14:13 . 2008-10-06 14:13     d

    C:Documents and SettingsAll UsersApplication DataESET
    2008-10-06 13:14 . 2008-10-06 13:14     d

    C:Program FilesCommon FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Program FilesParetoLogic
    2008-10-06 13:09 . 2008-10-06 13:09     d

    C:Documents and SettingsAll UsersApplication DataParetoLogic Anti-Spyware
    2008-10-06 12:12 . 2008-10-06 13:35     d

    C:Program FilesXoftSpySE
    2008-10-06 12:00 . 2008-10-06 12:00 15,360 —ahs—- C:WINDOWSsystem32Thumbs.db
    2008-10-06 11:07 . 2008-10-06 16:35     d

    C:Program FilesTS2009
    2008-10-06 10:57 . 2008-10-06 10:57     d

    C:Games
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Program FilesHiro-Media
    2008-10-01 18:13 . 2008-10-01 18:13     d

    C:Documents and SettingsAll UsersApplication DataHiro-Media
    2008-10-01 15:13 . 2008-10-01 15:13 792 —a

    C:WINDOWSlines98.sav
    2008-10-01 14:04 . 2008-10-01 14:04 120 —a

    C:WINDOWSd4s.hst
    2008-09-20 22:46 . 2008-04-14 22:10 159,232 —a

    C:WINDOWSsystem32ptpusd.dll
    2008-09-20 22:46 . 2001-10-19 21:06 5,632 —a

    C:WINDOWSsystem32ptpusb.dll
    2008-09-11 15:24 . 2008-09-11 16:09     d

    C:Documents and Settings1Application DataVKLife
    2008-09-11 15:22 . 2008-09-17 10:14     d

    C:Program FilesAgent Vkontakte
    2008-09-11 15:22 . 2008-09-11 15:38     d

    C:Documents and Settings1Application DataVKontakte
    2008-09-10 21:51 . 2008-09-10 21:51     d

    C:Program FilesEA GAMES
    2008-09-08 22:29 . 2008-09-08 22:29     d

    C:WINDOWSSun
    2008-09-08 22:28 . 2008-06-10 02:32 73,728 —a

    C:WINDOWSsystem32javacpl.cpl
    2008-09-08 22:27 . 2008-09-08 22:28     d

    C:Program FilesJava
    2008-09-08 22:20 . 2008-09-08 22:20     d

    C:Program FilesCommon FilesJava
    2008-09-08 11:48 . 2008-08-28 11:50     d

    C:Program FilesMovie Maker

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-06 15:55 747,296 —sha-w C:WINDOWSsystem32driversfidbox2.dat
    2008-10-06 15:55 45,954,080 —sha-w C:WINDOWSsystem32driversfidbox.dat
    2008-10-06 15:55

    d

    w C:Documents and Settings1Application DataSkype
    2008-10-06 15:51 70,916 —sha-w C:WINDOWSsystem32driversfidbox2.idx
    2008-10-06 15:51 616,292 —sha-w C:WINDOWSsystem32driversfidbox.idx
    2008-10-06 15:35

    d

    w C:Documents and SettingsAll UsersApplication DataKaspersky Lab
    2008-10-06 14:45

    d

    w C:Program FilesQUIK КИТ Финанс
    2008-10-06 10:20

    d

    w C:Documents and Settings1Application DataskypePM
    2008-10-06 09:49

    d

    w C:Program FilesICQToolbar
    2008-10-06 09:48

    d

    w C:Documents and Settings1Application DataOrbit
    2008-10-06 09:03

    d

    w C:Program FilesOpera
    2008-09-24 03:51

    d

    w C:Program FilesICQ6
    2008-09-20 19:40

    d

    w C:Documents and Settings1Application DatauTorrent
    2008-09-20 12:24

    d

    w C:Documents and Settings1Application DataMra
    2008-09-17 12:49

    d

    w C:Program FilesuTorrent
    2008-09-17 08:55

    d

    w C:Documents and Settings1Application DataICQ
    2008-09-10 15:51

    d—h—w C:Program FilesInstallShield Installation Information
    2008-09-08 05:48

    d

    w C:Program FilesНовая папка
    2008-08-29 18:44

    d

    w C:Program FilesRambler Assistant
    2008-08-28 13:31

    d

    w C:Program FilesWindows Media Connect 2
    2008-08-28 13:10

    d

    w C:Documents and Settings1Application DataDataLayer
    2008-08-28 13:07

    d

    w C:Program FilesShasoft eBook 3.0
    2008-08-28 05:29

    d

    w C:Documents and Settings1Application DataDownload Master
    2008-08-27 17:58

    d

    w C:Program FilesDivX
    2008-08-26 05:20

    d

    w C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
    2008-08-24 13:59

    d

    w C:Documents and Settings1Application DataNokia
    2008-08-24 09:29

    d

    w C:Program FilesMSXML 4.0
    2008-08-23 11:57

    d

    w C:Documents and SettingsAll UsersApplication DataHP
    2008-08-23 11:57

    d

    w C:Documents and Settings1Application DataHP
    2008-08-23 11:50

    d

    w C:Documents and SettingsAll UsersApplication DataWEBREG
    2008-08-23 11:48

    d

    w C:Program FilesHP
    2008-08-23 11:48

    d

    w C:Documents and SettingsAll UsersApplication DataHPSSUPPLY
    2008-08-23 11:48

    d

    w C:Documents and Settings1Application DataHPAppData
    2008-08-23 11:47

    d

    w C:Program FilesCommon FilesHP
    2008-08-23 11:47

    d

    w C:Documents and SettingsAll UsersApplication DataHP Product Assistant
    2008-08-23 11:46

    d

    w C:Program FilesHewlett-Packard
    2008-08-23 11:46

    d

    w C:Program FilesCommon FilesHewlett-Packard
    2008-08-23 11:45

    d

    w C:Documents and SettingsAll UsersApplication DataHewlett-Packard
    2008-08-21 10:48

    d

    w C:Documents and Settings1Application Datarambler.ru
    2008-08-21 05:07

    d

    w C:Documents and Settings1Application DataU3
    2008-08-19 13:12

    d

    w C:Program FilesOrbitdownloader
    2008-08-18 14:56

    d

    w C:Program FilesAlcohol Soft
    2008-08-18 14:52 716,272 —-a-w C:WINDOWSsystem32driverssptd.sys
    2008-08-15 09:24

    d

    w C:Program FilesJavaSoft
    2008-08-14 14:13

    d

    w C:Program FilesGames.Rambler.ru
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataPlayFirst
    2008-08-14 14:13

    d

    w C:Documents and SettingsAll UsersApplication DataAlawarWrapper
    2008-08-14 14:13

    d

    w C:Documents and Settings1Application DataPlayFirst
    2008-08-13 14:57

    d

    w C:Program FilesGames.Mail.Ru
    2008-08-13 11:27

    d

    w C:Program FilesDIFX
    2008-08-13 11:27

    d

    w C:Documents and SettingsAll UsersApplication DataPC Suite
    2008-08-13 11:26

    d

    w C:Program FilesNokia
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesPCSuite
    2008-08-13 11:26

    d

    w C:Program FilesCommon FilesNokia
    2008-08-13 11:26

    d

    w C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-08-13 11:26

    d

    w C:Documents and Settings1Application DataPC Suite
    2008-08-13 10:58

    d

    w C:Documents and SettingsAll UsersApplication DataEgoset
    2008-08-13 07:13

    d

    w C:Program FilesDownload Master
    2008-08-13 06:15

    d

    w C:Documents and SettingsAll UsersApplication DataNtiDvdCopy
    2008-08-13 05:33

    d

    w C:Documents and Settings1Application DataMedia Player Classic
    2008-08-08 05:10

    d—h—w C:Documents and SettingsAll UsersApplication DataCanonBJ
    2008-08-06 17:01 96,976 —-a-w C:WINDOWSsystem32driversklin.dat
    2008-08-06 13:52

    d

    w C:Documents and SettingsAll UsersApplication DataCyberLink
    2008-08-06 13:52

    d

    w C:Documents and Settings1Application DataCyberLink
    2008-07-23 16:48 200,704 —-a-w C:WINDOWSsystem32ssldivx.dll
    2008-07-23 16:48 1,044,480 —-a-w C:WINDOWSsystem32libdivx.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32dllcachecdm.dll
    2008-07-18 16:10 94,920 —-a-w C:WINDOWSsystem32cdm.dll
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32wuauclt.exe
    2008-07-18 16:10 53,448 —-a-w C:WINDOWSsystem32dllcachewuauclt.exe
    2008-07-18 16:10 45,768 —-a-w C:WINDOWSsystem32wups2.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32wups.dll
    2008-07-18 16:10 36,552 —-a-w C:WINDOWSsystem32dllcachewups.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32wuapi.dll
    2008-07-18 16:09 563,912 —-a-w C:WINDOWSsystem32dllcachewuapi.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32wucltui.dll
    2008-07-18 16:09 325,832 —-a-w C:WINDOWSsystem32dllcachewucltui.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32wuweb.dll
    2008-07-18 16:09 205,000 —-a-w C:WINDOWSsystem32dllcachewuweb.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32wuaueng.dll
    2008-07-18 16:09 1,811,656 —-a-w C:WINDOWSsystem32dllcachewuaueng.dll
    2008-07-07 20:29 253,952 —-a-w C:WINDOWSsystem32es.dll
    2008-07-07 20:29 253,952

    w C:WINDOWSsystem32dllcachees.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
    «{83821C2B-32A8-4DD7-B6D4-44309A78E668}»= «C:Program FilesMail.RuAgentMradllnewmrasearch.dll» [2008-09-22 46584]

    [HKEY_CLASSES_ROOTclsid{83821c2b-32a8-4dd7-b6d4-44309a78e668}]

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32ctfmon.exe» [2008-04-14 15360]
    «Skype»=»C:Program FilesSkypePhoneSkype.exe» [2008-07-23 21738792]
    «PcSync»=»C:Program FilesNokiaNokia PC Suite 6PcSync2.exe» [2006-06-27 1449984]
    «AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
    «VKontakte»=»C:Program FilesAgent VkontakteAgentVkontakte.exe» [2008-05-21 3537920]
    «ParetoLogic Anti-Spyware»=»C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe» [2007-04-02 2639472]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «preload»=»C:WindowsRUNXMLPL.exe» [2007-04-21 20480]
    «IAAnotif»=»C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe» [2007-03-21 174872]
    «SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-09-08 1015808]
    «AzMixerSel»=»C:Program FilesRealtekInstallShieldAzMixerSel.exe» [2005-06-11 53248]
    «IMJPMIG8.1″=»C:WINDOWSIMEimjp8_1IMJPMIG.EXE» [2004-08-18 208952]
    «MSPY2002″=»C:WINDOWSsystem32IMEPINTLGNTImScInst.exe» [2004-08-18 59392]
    «PHIME2002ASync»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «PHIME2002A»=»C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE» [2004-08-18 455168]
    «SynTPStart»=»C:Program FilesSynapticsSynTPSynTPStart.exe» [2007-09-08 102400]
    «RemoteControl»=»C:Program FilesCyberLinkPowerDVDPDVDServ.exe» [2007-01-09 68640]
    «LanguageShortcut»=»C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe» [2007-01-09 52256]
    «Acer ePresentation HPD»=»C:AcerEmpowering TechnologyePresentationePresentation.exe» [2007-03-02 208896]
    «ePower_DMC»=»C:AcerEmpowering TechnologyePowerePower_DMC.exe» [2007-07-04 475136]
    «Boot»=»C:AcerEmpowering TechnologyePowerBoot.exe» [2006-03-16 579584]
    «eDataSecurity Loader»=»C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-05-28 342528]
    «eRecoveryService»=»C:AcerEmpowering TechnologyeRecoveryeRAgent.exe» [2007-07-11 421888]
    «LManager»=»C:PROGRA~1LAUNCH~1LManager.exe» [2007-10-17 858632]
    «IgfxTray»=»C:WINDOWSsystem32igfxtray.exe» [2007-06-13 142104]
    «HotKeysCmds»=»C:WINDOWSsystem32hkcmd.exe» [2007-06-13 162584]
    «Persistence»=»C:WINDOWSsystem32igfxpers.exe» [2007-06-13 138008]
    «QuickTime Task»=»C:Program FilesQuickTimeqttask.exe» [2008-07-27 77824]
    «MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2008-09-22 3110392]
    «Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
    «PCSuiteTrayApplication»=»C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE» [2006-06-15 229376]
    «HP Software Update»=»C:Program FilesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
    «SunJavaUpdateSched»=»C:Program FilesJavajre1.6.0_07binjusched.exe» [2008-06-10 144784]
    «AVP»=»C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe» [2007-06-28 218376]
    «RTHDCPL»=»RTHDCPL.EXE» [2007-05-28 C:WINDOWSRTHDCPL.exe]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2008-04-14 15360]

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
    «{51C55F9E-C308-4c95-89AB-8858D8AFD819}»= «C:Program FilesParetoLogicAnti-SpywarePASShlExt.dll» [2007-03-29 98304]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
    «VIDC.YV12″= yv12vfw.dll

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
    «DisableMonitoring»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
    «DisableMonitoring»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe»=
    «C:\Program Files\ICQ6\ICQ.exe»=
    «C:\Program Files\Mail.Ru\Agent\magent.exe»=
    «C:\Program Files\BitTornado\btdownloadgui.exe»=
    «C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe»=
    «C:\Program Files\Orbitdownloader\orbitnet.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «C:\Program Files\ZyXEL\NetFriend\NetFriend.exe»=
    «C:\Program Files\uTorrent\uTorrent.exe»=
    «C:\Program Files\Opera\opera.exe»=
    «C:\Program Files\Skype\Phone\Skype.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «45533:TCP»= 45533:TCP:utorrent
    «45533:UDP»= 45533:UDP:ut
    «55555:TCP»= 55555:TCP:1
    «55555:UDP»= 55555:UDP:12

    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2006-04-14 28933976]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
    R3 usbstor;Драйвер запоминающих устройств для USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 int15.sys;int15.sys;C:AcerEmpowering TechnologyeRecoveryint15.sys [2005-01-13 69632]
    S3 usbprint;Класс принтеров Microsoft USB;C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85b-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — G:LaunchU3.exe -a

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{820bf85c-68ec-11dd-88e6-001d721a7948}]
    ShellAutoRuncommand — evkq381.com
    ShellexploreCommand — evkq381.com
    ShellopenCommand — evkq381.com

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{942ffed1-90fd-11dd-894b-001d721a7948}]
    ShellAutoRuncommand — H:
    ShellopenCommand — rundll32.exe .\scdrnru.dll,InstallM
    .
    Contents of the ‘Scheduled Tasks’ folder

    2008-10-06 C:WINDOWSTasksParetoLogic Anti-Spyware.job
    — C:Program FilesParetoLogicAnti-SpywarePareto_AS.exe [2007-04-02 16:40]

    2008-10-06 C:WINDOWSTasksParetoLogic Update.job
    — C:Program FilesCommon FilesParetoLogicUUSPareto_Update.exe [2007-08-01 13:39]

    2008-10-05 C:WINDOWSTasksUser_Feed_Synchronization-{1F20AC20-8159-4105-9DA9-46BAE8E5D3BF}.job
    — C:WINDOWSsystem32msfeedssync.exe [2007-08-13 18:36]
    .
    — — — — ORPHANS REMOVED — — — —

    HKLM-Run-eLockMonitor — C:AcerEmpowering TechnologyeLockMonitorLaunchMonitor.exe

    .

    Supplementary Scan

    .
    R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    O8 -: &Download by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/201
    O8 -: &Grab video by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/204
    O8 -: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 -: Do&wnload selected by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/203
    O8 -: Down&load all by Orbit — C:Program FilesOrbitdownloaderorbitmxt.dll/202
    O8 -: Добавить в Rambler-Закладки — C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
    O8 -: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
    O8 -: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
    O8 -: Найти в интернете — C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
    O8 -: Найти в словарях — C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
    O8 -: Найти с помощью Рамблера — C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
    O8 -: Перевести с помощью словарей Рамблера — C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
    O8 -: Поиск@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll/SEARCH.HTM
    O8 -: Словари@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll/TRANSLATE.HTM
    O9 -: {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 -: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
    O9 -: {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe —
    O9 -: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe —
    O18 -: Handler: hiro — {50BA1131-168F-4c08-A69B-4012273F222E} — %~$path:i
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-06 21:53:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .

    Other Running Processes

    .
    C:WINDOWSsystem32agrsmsvc.exe
    C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe
    C:Program FilesCommon FilesLightScribeLSSrvc.exe
    C:WINDOWSsystem32igfxsrvc.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:Program FilesCyberLinkShared FilesRichVideo.exe
    C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
    C:WINDOWSsystem32wbemwmiapsrv.exe
    C:AcerEmpowering TechnologyeLockServiceeLockServ.exe
    C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe
    C:WINDOWSsystem32igfxext.exe
    C:DOCUME~11LOCALS~1TempRtkBtMnt.exe
    C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
    C:Program FilesHPDigital Imagingbinhpqtra08.exe
    C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
    C:WINDOWSsystem32wbemunsecapp.exe
    C:Program FilesHPDigital Imagingbinhpqste08.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-06 22:01:16 — machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-06 16:01:04

    Pre-Run: 1 511 211 008 ???? ????????
    Post-Run: 2,583,867,392 ???? ????????

    308 — E O F — 2008-09-10 14:48:49

  • Автор
    Сообщения
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Важные инструкции

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)
Как запустить компьютер в безопасном режиме (Safe Mode)
Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)
Нет доступа в интернет после удаления вируса — Как восстановить
Как удалить всплывающие окна

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)