Кто знает, что это такое на мониторе?
Вот такая лажа появилась на ноуте.
Фотография из Фотогалереи на E1.ru
[Сообщение изменено пользователем 12.10.2008 19:24]
Фотография из Фотогалереи на E1.ru
Цитата:
От пользователя: max_d
Файл - Восстановление системы - там пункты 5,6,11,16,17 как минимум после этого вируса выполнить
Точно, вот мы добрались до полного и успешного устранения данной проблемы.
Болшущее спасибо Вам и всем кто помог мне в решении этой задачи.
Отдельное спасибо Павлу за эту утилиту, которая замечательно помогает в этом вопросе.
От пользователя: max_d
Файл - Восстановление системы - там пункты 5,6,11,16,17 как минимум после этого вируса выполнить
Точно, вот мы добрались до полного и успешного устранения данной проблемы.
Болшущее спасибо Вам и всем кто помог мне в решении этой задачи.
Отдельное спасибо Павлу за эту утилиту, которая замечательно помогает в этом вопросе.
[Сообщение изменено пользователем 12.10.2008 19:24]
Б
(Бобромуль)
вирус наверно
B
Blackston™(4х4forever)
антивирь...
N
Nokia:
это зараза хуже СПИДа
Г
Гадёныш™
Такой грустный компьютер я первый раз вижу
антивирь...
Я уже все програмки деинсталировал, все сервисы веба и прочие закрывал, в регистрах всё изничтожил, а она вылазит и фиг что сделаешь.
Неужели правда?
это
зараза хуже СПИДа
[Сообщение изменено пользователем 12.10.2008 12:09]
s
superJohn
Ну всё, капец ноуту:.
B
Blackston™(4х4forever)
Я уже все програмки деинсталирвал
из винды стандартные средства защиты-тоже?
Ну всё, капец ноуту:.
Переставлять винду?
Или можно как-то убрать эту картику? Я антивирусниками все вирусы в принципе изничтожил. Там троянов было штук сорок.
B
Blackston™(4х4forever)
format C... и будет тебе щастье..
Шпиены у вас завелись))) просит активировать антивирус для чистки компа от шпионов))
поюзайте прогу spybot - помогает :-)
поюзайте прогу spybot - помогает :-)
U
Uzanto
курентом от др вэпа .пробуй,токо полную проверку всех дисков
не поможет,формат с
не поможет,формат с
В
Васыль?
Порнуху надо меньше смотреть в инете
ну или хотябы резиновое изделие на шнур надевать
В
Васыль?
Step 1 : Use Windows File Search Tool to Find Win32/privacyremover.m64 Path
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "Win32/privacyremover.m64" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "Win32/privacyremover.m64", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Win32/privacyremover.m64 in the following manual removal steps.
Read more about How to Find Win32/privacyremover.m64 with File Search Tool
Step 2 : Use Windows Task Manager to Remove Win32/privacyremover.m64 Processes
1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "Win32/privacyremover.m64" process by name.
3. Select the "Win32/privacyremover.m64" process and click on the "End Process" button to kill it.
4. Remove the "Win32/privacyremover.m64" processes files:
Step 3 : Use Registry Editor to Remove Win32/privacyremover.m64 Registry Values
1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
3. To delete "Win32/privacyremover.m64" value, right-click on it and select the "Delete" option.
4. Locate and delete "Win32/privacyremover.m64" registry entries:
Step 4 : Detect and Delete Other Win32/privacyremover.m64 Files
1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in "del name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "Win32/privacyremover.m64" process and click on the "End Process" button to kill it.
8. Remove the "Win32/privacyremover.m64" processes files:
Это чтобы удалить вторую вирусню
[Сообщение изменено пользователем 12.10.2008 12:23]
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "Win32/privacyremover.m64" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "Win32/privacyremover.m64", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Win32/privacyremover.m64 in the following manual removal steps.
Read more about How to Find Win32/privacyremover.m64 with File Search Tool
Step 2 : Use Windows Task Manager to Remove Win32/privacyremover.m64 Processes
1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "Win32/privacyremover.m64" process by name.
3. Select the "Win32/privacyremover.m64" process and click on the "End Process" button to kill it.
4. Remove the "Win32/privacyremover.m64" processes files:
Исходник:c:\Program Files\XPGuard\unwise.exe c:\Program Files\XPGuard\XP-Guard.exe |
Step 3 : Use Registry Editor to Remove Win32/privacyremover.m64 Registry Values
1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
3. To delete "Win32/privacyremover.m64" value, right-click on it and select the "Delete" option.
4. Locate and delete "Win32/privacyremover.m64" registry entries:
Исходник:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP-Guard HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XPGuard" HKEY_CURRENT_USER\Software\XPGuard |
Step 4 : Detect and Delete Other Win32/privacyremover.m64 Files
1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in "del name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "Win32/privacyremover.m64" process and click on the "End Process" button to kill it.
8. Remove the "Win32/privacyremover.m64" processes files:
Исходник:%UserProfile%\Start Menu\Programs\XPGuard\XP-Guard Web Site.lnk %UserProfile%\Start Menu\Programs\XPGuard\XP-Guard.lnk %UserProfile%\Desktop\XP-Guard.lnk c:\Program Files\XPGuard\install.log c:\Program Files\XPGuard\XP-Guard Web Site.url c:\Program Files\XPGuard\unwise.exe c:\Program Files\XPGuard\XP-Guard.exe |
Это чтобы удалить вторую вирусню
[Сообщение изменено пользователем 12.10.2008 12:23]
В
Васыль?
Step 1 : Use Windows File Search Tool to Find VirtuMonde Path
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "VirtuMonde" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "VirtuMonde", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete VirtuMonde in the following manual removal steps.
Step 2 : Use Windows Task Manager to Remove VirtuMonde Processes
1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "VirtuMonde" process by name.
3. Select the "VirtuMonde" process and click on the "End Process" button to kill it.
4. Remove the "VirtuMonde" processes files:
Step 3 : Use Registry Editor to Remove VirtuMonde Registry Values
1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
3. To delete "VirtuMonde" value, right-click on it and select the "Delete" option.
4. Locate and delete "VirtuMonde" registry entries:
Step 4 : Use Windows Command Prompt to Unregister VirtuMonde DLL Files
1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the VirtuMonde DLL file is located and press the "Enter" button on your keyboard. If you don't know where VirtuMonde DLL file is located, use the "dir" command to display the directory's contents.
3. To unregister "VirtuMonde" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u VirtuMonde.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
4. Search and unregister "VirtuMonde" DLL files:
Step 5 : Detect and Delete Other VirtuMonde Files
1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in "del name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "VirtuMonde" process and click on the "End Process" button to kill it.
8. Remove the "VirtuMonde" processes files:
Это чтобы удалить первую вирусню
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "VirtuMonde" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "VirtuMonde", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete VirtuMonde in the following manual removal steps.
Step 2 : Use Windows Task Manager to Remove VirtuMonde Processes
1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "VirtuMonde" process by name.
3. Select the "VirtuMonde" process and click on the "End Process" button to kill it.
4. Remove the "VirtuMonde" processes files:
Исходник:Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe ces005dr.exe nnx22011.exe kopCFEWV.exe castlecops[1].exe unknown.exe svci.exe psdrv.exe rasrun.exe nwonknu.exe editpad.exe quicken.exe winhost.exe editpad.exewindowsupd2.exe quicken.exe winhost.exe windowsupd2.exe |
Step 3 : Use Registry Editor to Remove VirtuMonde Registry Values
1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
3. To delete "VirtuMonde" value, right-click on it and select the "Delete" option.
4. Locate and delete "VirtuMonde" registry entries:
Исходник:11ece6bb-8155-4e05-bacf-a452151107af
71fd4dba-7b71-4919-b15a-2ca0f68cd384
45e6b878-e844-4765-81dc-7bc1bc01b2b0
1764AF3F-400C-415E-9A92-67A7D55C2C71
0a7a4957-9298-4605-9872-24da8a514db6
f6473971-cbf4-49ab-96a1-74b92d63f718
4c23403e-346b-40b4-8fe8-b80516c8ada9
90a0468b-3120-48fc-8aa1-378d2a4228db
0b27b1d3-b168-4d26-a135-9f44ae91793f
7B0FCA45-023B-452A-B893-D007523A9ED8
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyywTMD
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\60EDCEE2-B6AF-4F2E-BB15-14F101364B47
0955079E-3A5E-4FF7-A7C9-2A65CAAE1EF2
60EDCEE2-B6AF-4F2E-BB15-14F101364B47
4EF267EE-D1A4-4C92-85A9-B51B58A53BE4
5850d2e6-6e49-4d0a-bb2e-a49e8fa2eee6
b72df2c1-1205-4f44-b188-8dda6f84e30b
BB7EA5A7-A6AE-4575-96A3-098A577D4765
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmjhIY
E2F6A304-81C0-4A91-A2A2-DBB4505FAEDC
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dtseqrxk
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\135B4804-7728-4137-B6D8-5CC590110C9D
f06718dd-b23e-4c0f-bcd8-24bcdc5e2df4
84178bfa-b729-48a8-af52-836f668dc7e8
04e6699f-53a0-4c02-aefd-7bfff3835ea2
4CAFAF0C-C38F-43C1-8080-390E776254DE
0c294220-1a9d-476a-a918-53f2da2571e4
71e40ee5-71ae-4e0d-8324-949376d44774
EB338DB6-EC2C-456B-B5AD-ED97FB489684
32D0CCCB-4D89-4510-BAF7-028BC11E60DB
F24F5951-B29D-49B0-9BB3-BE6818CA6940
135B4804-7728-4137-B6D8-5CC590110C9D
804B913C-F0BD-4FC0-8D86-2A8DE2F682B2
32E451A3-6C66-412C-8F6E-65778F016BC6
D7336D32-62F7-43B5-8B8C-3963C72CA498
cdfbb87c-0d5f-48b3-bf4a-2f5c3db9b0de
fc796ded-5fa6-4a4b-8473-3636b0fe9d1b
71A4297F-F337-45B4-9B5C-4D6EE32AC45B
499E5F81-EBE0-4D08-818D-3E88B0A13542
77e00874-1b7e-41c6-ba97-43e2463efada
60ABF6AC-BAE2-4400-8936-0593C3C9A8A8
a7ef6dba-8a53-4f52-bd9a-01a6a4e083c0
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrrsPH
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoPGXp
4846D90B-B1ED-402A-A718-91E88C6E2839
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
03F408E7-0903-46E1-9284-EC56550C3597
9936EFFC-4A2C-4F1B-BB68-DEDC6916EE19
D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
59148BE8-B764-447A-9302-4AEB7187D3CB
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYpmkK
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
8B522498-4803-4A8D-A297-46AE273C44A6
CB5A3EDC-08DA-48D4-BD49-AC53308B64DC
684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsRjhg
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
9D9294A6-8FB0-4206-AD93-5E9A9EF0B517
956677BE-F493-4F74-ACD6-E5A0E62904A5
82B8E0B5-45F5-4779-966A-C474164F8F7F
a1e653d7-374b-4f3c-aa1d-fd259c751c11
B1FFEAF8-F7C8-445D-98FE-9AD04897C6AE
9B5D62CC-A31F-41E6-AB67-9D51D48B5C07
9F24CE12-437E-4413-BA41-0BF61D67EC80
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDtUno
0f70b574-9236-469c-bb21-9654dac1f67d
963db810-b29b-4595-aea0-649db6103abc
3CAB59B4-55A3-4737-9FD5-B93C6430BF75
3DB7BCD6-5AB2-4224-9D5C-91596FDA31B9
6bffbb42-ac73-4d2f-8109-562f11353e93
f4ececf2-73d0-474e-06da-11f818303327
ea3f2b22-4a94-4b29-8101-881882e0d8b9
965585E8-9537-45FE-952F-DDE5BE10AE52
24E9519B-3F70-429B-99BC-4B2B49B96F66
7FDF7614-0DF6-4A84-9041-2D873AB5C2C5
2FEAE5F7-1F4D-A231-30D1-04759E1C1FCB
90696A05-6C9A-488F-957D-4D4A3D5F61C2
3BE9150C-E2ED-4294-8F70-4CCA872A7BB3
AA8DFF57-1E4B-4A01-9681-AB25E1CF6532
3A0909EF-95E0-47B3-B117-FA03D9FDDBD1
826A5ED9-1316-4EFD-87F8-AA400C5D551A
12C71A70-09ED-4515-A39C-99E973B8E9F7
5550F659-4DE0-497D-B8A2-3E1AFB973784
B5FAC233-228C-4106-BB63-3031B84E2AB9
B82F29E4-8368-4B14-9C00-5138C0D94034
59FEDA57-3BE1-450E-B368-F93067B94C86
4C16CAB4-7053-2AD8-5166-2C00BAB3D8BE
63AB48C9-01A8-495C-8194-A715DB8A37A2
F2A65CD2-0CDE-4E63-B8F3-16D90EF77603
A98D0065-7326-41B5-B8D9-C5B692CDB82F
B0BCDD0D-1EC9-4EA4-A013-5642B9598271
9FEA8F43-D4ED-458C-B727-B667025676A0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlifg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkjjg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ljjhgee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcbaxw
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxyvwu
9543B1E1-5B66-4DFA-B579-0B392D0BB33C
5A7CFD83-8907-460B-88C5-8CBAD95F1CF1
037C7B8A-151A-49E6-BAED-CC05FCB50328
571A01F0-FBF2-4411-A41B-BBB3CE6189E4
FFF29BE4-24AC-4E31-B99B-45238B764111
D81BE140-D159-4732-BCE8-185C9210E38E
E180F496-8A4B-44E2-9FE0-0364E345DB7F
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcawvu
BCB279E3-2BB4-4A4B-90C5-3CEBACC6B15C
7de1e3d1-c102-4dca-bd3d-43cbe8303ee5
FA6E43E6-F825-4317-BBCC-EC8462D1F3A5
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljighf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrqon
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiigefg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuuutt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcabya
DB7BB42E-456D-4203-ADCF-C0B999112DA0
64C8EADA-5CDB-4A79-9213-F3F68E851D56
24C61C09-62C0-42ED-B640-53F7FEC9098A
7D7F29A5-8D07-44FE-89B6-A8F4DFFD03FB
20EC205F-3300-4013-A537-69DDC176CF42
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdaxu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiffgfd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljiggd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggeeee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yayxuus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnnopq
F7608A7B-DB2D-4CF1-8930-708A32896876
D604A3C9-1BDF-48AA-8CB3-80C2752FB6C5
C3A84C81-8E37-4EAA-8E6C-C4FF35A67F96
7F96901E-BEB4-4316-B165-5C4F2D6314CA
98663E21-9CCE-4CF6-863C-911A9523A66F
49D63E18-33B1-46F2-82C2-39431FB94794
415D402F-A6FC-4CA2-927B-2323BAAFB966
CA28FAC6-6381-4F89-9090-F399BBAFC26C
5AAF23D8-4489-43D8-A064-319D1254ABCA
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebabcd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtutron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnlmnk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqolkll
1A4318F1-865F-43A0-88A6-22666DDB6F47
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcawvv
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuspmn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccdbab
47A21439-A069-4BC1-BB70-54C9ED60691F
CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134
9DEC9A9D-E4F1-4081-A06E-76601F998EB4
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcbbcc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqpono
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifcyab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urqollm
259B6215-70A2-4789-9978-64CD33632682
6A061FA1-352D-4902-94FB-46BD37FD7FAF
81182B58-0DB8-4671-A345-BD9B20E6FC72
506602EA-3290-416C-84E7-B2B331D2DFA2
6A30EED0-7D3E-40AC-946D-CF769A3ACDF5
DB1F1927-3FFC-4313-82AD-6A75758E5D32
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqopqo
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlmjh
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxvusr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\qommlii
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxxyay
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\xxyvspp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdcdd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqomn
817A8844-1AF6-4093-B74A-DD91676A179E
A47BD9A5-EF81-4E2D-B5D8-A5AF7099683E
326F7029-5B4F-4D02-8D77-F16322C282C1
3FABB570-CFE9-43FB-82F4-F065466077B4
F9491793-47BB-4F3C-9B1A-08A8E4F88D0D
88741C23-A892-4B7E-8F89-4A69CB12DA67
6551122A-4DEB-4949-8ABF-72972775F028
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hgggdbx
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvutus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmkjj
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcaaxu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrsss
9D88DD0F-5C78-417D-9E48-DDE4BCC53E9F
AEBF6926-DBA6-4100-A838-1CED0169AB78
F95B14B7-B316-49DA-972C-1225025AFB7A
46523B68-2656-4D4D-B415-20907B8E649A
A288996D-94BC-4C73-8CC7-A20F8A435A98
2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcdaab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khffefd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxussr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvsrp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebyxuu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnolm
200D0AAD-71B1-51C9-DDB0-092BA4662A54
01CD0B31-9154-45F2-9414-F5D64B74EAF6
AB30E818-2B0F-4336-BB29-35D245598EDB
634BBAB7-3F60-4426-944F-A62B9007F67F
C408EC5B-CC5E-451D-B831-6DB83DA47244
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
232D2677-68EE-4FA1-B988-279EBC8969ED
A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
90624170-D668-409E-A2F5-C0710044760F
3385764C-85FC-45CC-B290-E97646306BB2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
582C46EE-9E66-4DE0-92A5-34B971099C0C
429E0606-5905-4CCD-998A-9D2C29DE6F33
B1F4D9B0-7300-408A-B70A-677CC7276EF6
90375CC7-C153-4D5C-B81D-C4011A3C16D3
2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
DA0053C8-1501-48C6-BD86-167AA3DEC119
A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
9DC8B477-C55C-4373-953D-8913334A8D8B
1B2E9329-C933-4A5D-908C-9A8251D1B7C6
CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
2AD3123A-16FF-404E-92E5-47128E40D281
6980D6C1-F025-4067-B8B8-F12029EA0CD2
53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
4E35C785-B803-471E-AF03-74BDE42EA65A
C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
89AD4D75-2429-462e-BD4E-443F233F6033
45B20293-5C68-4271-B4FD-F43A4075A2E3
837B45D6-BF85-457D-AABF-6D2E7815F791
B7672BAF-E9A3-49B6-86B2-C81719A18A4C
53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
F40114E6-51D4-4EE4-9F38-2E979AF84593
35B868E9-614B-47BA-81F7-841B8B055247
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
5A04F1F7-C0A5-41A1-8C23-7A96894B9002
F9C57A10-3FFE-4E94-924E-264713738291
719C7140-463A-45CB-BA90-828B11FCF5A4
1f9137dc-0b86-43e1-a596-8b2b49125124
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
855879EC-968C-4480-976B-870669F5F95A
44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
28DD5FA9-7526-4463-A548-BD2877B2710A
27534EA2-AF0A-4405-9143-8837572099BC
41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
095514BB-363E-451D-9BAE-A054E51BD0B0
82412A22-FFED-4A67-B37D-4127EBA1BB02
8410970E-714C-4F14-AA6B-B3B2F3246827
E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
05029E1B-4C41-4681-8F7F-2AEC346136F4
01ABD624-98FE-4B37-81F2-4E5B41799B6B
1FB63E52-4D6E-48C1-A08F-F630FE50F337
5A4A2D56-931A-4733-9121-033A2D95A274
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
22E58089-6DB5-45D9-BF87-6C8975246D26
F73AF695-229D-4549-B1A0-20DA99A81F19
F00EFDF5-0042-4F5E-9F20-C688409CF918
B2030C9A-DE59-457D-A042-D827AD69C8F3
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
662BB3E3-204F-44FA-A827-143B8AB4B036
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
B763C083-57E0-4993-B058-13008952DF68
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
6148028B-D532-4417-8C0B-5A4A0B745393
D38439EC-4A7F-42b4-90C2-D810D7778FDD
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
83B28A74-640D-48F4-9F51-E80EED7CC7E0
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
D714A94F-123A-45CC-8F03-040BCAF82AD6
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
68616403-4FFB-4B19-B360-0B0B1F55D5EC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
D01C9902-73AF-47FF-B784-05FDB6604FCF
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\atlevents.atlevents
|
Step 4 : Use Windows Command Prompt to Unregister VirtuMonde DLL Files
1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the VirtuMonde DLL file is located and press the "Enter" button on your keyboard. If you don't know where VirtuMonde DLL file is located, use the "dir" command to display the directory's contents.
3. To unregister "VirtuMonde" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u VirtuMonde.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
4. Search and unregister "VirtuMonde" DLL files:
Исходник:kadpbbdr.dll temlxopqgdk.dll wvwxv.dll winsrc.dll pmnnn.dll opnlifg.dll opnkjjg.dll ljjhgee.dll mljighf.dll mljgf.dll ddcabya.dll ddayy.dll yayxuus.dll opnnopq.dll mljiggd.dll iiffgfd.dll vtutron.dll gebabcd.dll pmnlmnk.dll ddcawvv.dll nnlif.dll fccdbab.dll ssqpono.dll urqollm.dll opnlm.dll ssqpq.dll efcbbcc.dll iifcyab.dll ssqopqo.dll ddaya.dll mljgh.dll byxxy.dll xxyvspp.dll byxvs.dll jkhfe.dll awtqomn.dll opnnlmn.dll hgggdbx.dll nnlmn.dll tuvutus.dll ddcaaxu.dll efcdaab.dll khffefd.dll cbxussr.dll tuvvsrp.dll gebyxuu.dll ssqnolm.dll ssqqn.dll hggdefc.dll pmnlj.dll awtttqr.dll mljjk.dll bndsrsqo.dll awtqopm.dll geeby.dll jiinhuyb.dll sstqq.dll mljhghe.dll vtuts.dll rqrssro.dll byxurqq.dll rqron.dll mllmm.dll jkhhf.dll urstr.dll vtsss.dll ddcca.dll pmnnm.dll ssqqomk.dll xxyxwxv.dll wvursqn.dll vtsts.dll rqrppon.dll ljjgedc.dll khfcdba.dll ddcyx.dll tuvwuss.dll sstur.dll mljkkhf.dll khfcdaw.dll opnnljj.dll cbxxywx.dll nnnmmlk.dll vtuspmn.dll mllkk.dll sstrs.dll awtqqnl.dll ddcbabx.dll iifddby.dll pmnlk.dll SbCIe02b.dll ssttr.dll geebc.dll pmnno.dll jtr0079me.dll hrj6051se.dll cidrules.dll rulesak.dll lspak.dll |
Step 5 : Detect and Delete Other VirtuMonde Files
1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in "del name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "VirtuMonde" process and click on the "End Process" button to kill it.
8. Remove the "VirtuMonde" processes files:
Исходник:kadpbbdr.dll temlxopqgdk.dll wvwxv.dll winsrc.dll pmnnn.dll opnlifg.dll opnkjjg.dll ljjhgee.dll 904598c7 mljighf.dll mljgf.dll ddcabya.dll ddayy.dll yayxuus.dll opnnopq.dll mljiggd.dll iiffgfd.dll vtutron.dll gebabcd.dll pmnlmnk.dll ddcawvv.dll nnlif.dll fccdbab.dll ssqpono.dll urqollm.dll opnlm.dll ssqpq.dll efcbbcc.dll iifcyab.dll ssqopqo.dll ddaya.dll mljgh.dll byxxy.dll xxyvspp.dll byxvs.dll jkhfe.dll awtqomn.dll opnnlmn.dll hgggdbx.dll nnlmn.dll tuvutus.dll ddcaaxu.dll efcdaab.dll khffefd.dll cbxussr.dll tuvvsrp.dll gebyxuu.dll ssqnolm.dll ssqqn.dll cbgzgdqt hggdefc.dll pmnlj.dll awtttqr.dll mljjk.dll bndsrsqo.dll awtqopm.dll geeby.dll jiinhuyb.dll sstqq.dll mljhghe.dll Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe vtuts.dll rqrssro.dll byxurqq.dll rqron.dll mllmm.dll jkhhf.dll urstr.dll vtsss.dll ddcca.dll ces005dr.exe nnx22011.exe pmnnm.dll ssqqomk.dll xxyxwxv.dll wvursqn.dll vtsts.dll rqrppon.dll ljjgedc.dll khfcdba.dll ddcyx.dll tuvwuss.dll sstur.dll mljkkhf.dll khfcdaw.dll opnnljj.dll cbxxywx.dll nnnmmlk.dll vtuspmn.dll mllkk.dll sstrs.dll awtqqnl.dll kopCFEWV.exe gf1.0.0.2 castlecops[1].exe ddcbabx.dll iifddby.dll 2chkdsk pmnlk.dll SbCIe02b.dll ssttr.dll geebc.dll pmnno.dll jtr0079me.dll hrj6051se.dll unknown.exe svci.exe psdrv.exe rasrun.exe nwonknu.exe cidrules.dll rulesak.dll lspak.dll editpad.exe quicken.exe winhost.exe unknown.exewindowsupd2.exe svci.exe psdrv.exe rasrun.exe nwonknu.exe |
Это чтобы удалить первую вирусню
В
Васыль?
можно пробовать?
да а я пошёл чай пить
[Сообщение изменено пользователем 12.10.2008 12:29]
да а я пошёл чай пить
давай, а я к Паше Блэки помчалсо, ежели чего будем жевать твою писанину.
Д
Джин тоник
Дата: 12 Окт 2008 12:28
Мощно.
Может оставить вирус в живых чтобы не убить другие проги?
Вот такая лажа появилась на ноуте.
Отнеси к спецам. Заплати денежку малую и получи всё обратно в исправном состоянии, без потерь.
В
Васыль?
к Паше Блэки помчалсо, ежели чего будем жевать твою писанину.
ага, удачи
В
Васыль?
Мощно.
гавна не держим
Обсуждение этой темы закрыто модератором форума.