В браузере самопроизвольно открываются сайт www.fatheringmind.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Morfin:
вирус. avz просканируйте

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Версия базы данных: 6894

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.06.2011 12:56:16
mbam-log-2011-06-19 (12-56-16).txt

Тип сканирования: Полное сканирование (C:\|)
Просканированные объекты: 319023
Времени прошло: 52 минут, 6 секунд

Зараженные процессы в памяти: 0
Зараженные модули в памяти: 0
Зараженные ключи в реестре: 9
Зараженные параметры в реестре: 7
Объекты реестра заражены: 3
Зараженные папки: 0
Зараженные файлы: 10

Зараженные процессы в памяти:
(Вредоносных программ не обнаружено)

Зараженные модули в памяти:
(Вредоносных программ не обнаружено)

Зараженные ключи в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} (Adware.MyCentria) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} (Adware.MyCentria) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winxarj (Hoax.ArchSMS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AtapiDrv.sys (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AtapiDrv.sys (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Зараженные параметры в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Value: id -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Value: host -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Value: del -> Quarantined and deleted successfully.

Объекты реестра заражены:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Зараженные папки:
(Вредоносных программ не обнаружено)

Зараженные файлы:
c:\documents and settings\администратор\fswagz.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\documents and settings\администратор\application data\winzipsoft\winzipn.exe (Trojan.FakeSMS) -> Quarantined and deleted successfully.
c:\documents and settings\администратор\application data\winzipsoft\wzipstart.exe (Trojan.FakeSMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eventvwr.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\AM1ORXNB\1[1].exe (Trojan.GBFE) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\UFFVGHB0\1[1].exe (Trojan.GBFE) -> Quarantined and deleted successfully.
c:\program files\server.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxslt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\администратор\cbzvl.exe (Worm.Palevo) -> Delete on reboot.
c:\windows\system32\drivers\atapidrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.