- This topic has 9 ответов, 2 участника, and was last updated 16 years, 7 months назад by
.
-
Сообщения
-
И снова порноинформер… Прошу помощи!!!!
Лог:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:18, on 21.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32rs32net.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32rs32net.exe
C:WINDOWSsystem32spoolsv.exe
c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:DistribантивирHiJackThisHijackThis.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://webwiz.visio.com/register/default.asp?122519510684
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Documents and SettingsАдминистраторApplication DataMraUpdatemrasearch.dll
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:Documents and SettingsАдминистраторfetdi.exe s
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: qyklibP — {26528DB7-3F17-47C3-B742-8250C7DA5D55} — C:WINDOWSsystem32qyklib.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [rs32net] C:WINDOWSSystem32rs32net.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [Firewall auto setup] C:Tempwinlogon.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [rs32net] C:WINDOWSSystem32rs32net.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search && Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{9D8DD574-CBC3-421E-9B00-C95C0FE69FAB}: NameServer = 62.213.7.190,62.213.0.12
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — Unknown owner — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Capture Device Service — InterVideo Inc. — c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7778 bytesЗдравствуйте, добро пожаловать на Spyware-ru форум.
Кроме информера, ваш компьютер заражён несколькими троянами.
Приступим к лечению.
Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:Documents and SettingsАдминистраторApplication DataMraUpdatemrasearch.dll
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:Documents and SettingsАдминистраторfetdi.exe s
O2 - BHO: qyklibP - {26528DB7-3F17-47C3-B742-8250C7DA5D55} - C:WINDOWSsystem32qyklib.dll
O4 - HKLM..Run: [rs32net] C:WINDOWSSystem32rs32net.exe
O4 - HKCU..Run: [Firewall auto setup] C:Tempwinlogon.exe
O4 - HKCU..Run: [rs32net] C:WINDOWSSystem32rs32net.exeКликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.После этого, скачайте сканер RSIT кликнув по этой ссылке. Это необходимо для более подробного анализа вашего компьютера.
Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Пожалуйста вставьте оба лога в ваше следующее сообщение.
info.txt не создался!?
Log.txt:
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Администратор at 2008-11-21 18:38:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (13%) free of 57 GB
Total RAM: 510 MB (41% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:11, on 21.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32spoolsv.exe
c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:RSIT.exe
C:DistribантивирHiJackThisАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://webwiz.visio.com/register/default.asp?122519510684
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search && Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{9D8DD574-CBC3-421E-9B00-C95C0FE69FAB}: NameServer = 62.213.7.190,62.213.0.12
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — Unknown owner — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Capture Device Service — InterVideo Inc. — c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7072 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:Program FilesSpybot — Search & DestroySDHelper.dll [2008-07-07 1562448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-07-19 78008]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-09-20 202024]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAGRSMMSG]
C:WINDOWSAGRSMMSG.exe [2004-04-13 88363][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATIPTA]
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-08-12 339968][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2005-05-31 1196032][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLtMoh]
C:Program FilesltmohLtmoh.exe [2003-03-18 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe -LM [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregrs32net]
C:WINDOWSSystem32rs32net.exe [2008-11-20 22528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsnpstd3]
C:WINDOWSvsnpstd3.exe [2006-09-18 843776][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtsnpstd3]
C:WINDOWStsnpstd3.exe [2006-11-29 262144][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUVS11 Preload]
C:Program FilesUlead SystemsUlead VideoStudio 11uvPL.exe [2008-06-05 341488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2003-12-13 33792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2004-07-21 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^BTTray.lnk]
C:PROGRA~1WIDCOMMBLUETO~1BTTray.exe [][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Documents and SettingsАдминистраторfetdi.exe»=»C:Documents and SettingsАдминистраторfetdi.exe:*:Enabled:ENABLE»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6480f6fe-8125-11dc-bc2f-00023f0a3fe1}]
shellAutocommand — activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — activexdebugger32.exe f
shellopencommand — activexdebugger32.exe f[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9c-cc12-11dc-bd05-00023f0a3fe1}]
shellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9d-cc12-11dc-bd05-00023f0a3fe1}]
shellAutoRuncommand — System_Cachelocale.exe
shellexplorecommand — System_Cachelocale.exe
shellopencommand — System_Cachelocale.exe======List of files/folders created in the last 1 months======
2008-11-21 18:34:13 —-D—- C:rsit
2008-11-21 18:33:51 —-A—- C:RSIT.exe
2008-11-20 23:11:54 —-A—- C:WINDOWSsystem32rs32net.exe
2008-11-20 23:11:54 —-A—- C:WINDOWSsystem32qyklib.dll
2008-11-20 23:11:32 —-A—- C:WINDOWSsystem32msansspc.dll======List of files/folders modified in the last 1 months======
2008-11-21 18:38:10 —-D—- C:Temp
2008-11-21 18:38:03 —-D—- C:Distrib
2008-11-21 18:34:22 —-D—- C:WINDOWSPrefetch
2008-11-21 18:28:51 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-21 16:37:29 —-D—- C:WINDOWSsystem32drivers
2008-11-21 16:37:25 —-ASH—- C:boot.ini
2008-11-21 16:37:25 —-A—- C:WINDOWSwin.ini
2008-11-21 16:37:25 —-A—- C:WINDOWSsystem.ini
2008-11-21 14:02:33 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2008-11-21 11:55:10 —-RD—- C:Мои документы
2008-11-20 23:12:43 —-D—- C:WINDOWSsystem32
2008-11-19 22:21:03 —-A—- C:WINDOWSwinamp.ini
2008-11-17 00:04:18 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2008-11-16 20:06:31 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-11-16 20:06:22 —-D—- C:WINDOWS
2008-11-16 15:44:16 —-A—- C:WINDOWSNeroDigital.ini
2008-11-14 23:45:57 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-11-14 23:11:09 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2008-11-11 22:35:14 —-D—- C:Program Files
2008-11-11 22:34:23 —-SHD—- C:WINDOWSInstaller
2008-11-11 22:34:23 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2008-11-11 22:31:05 —-HD—- C:Program FilesInstallShield Installation Information
2008-11-04 20:48:49 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-04 18:15:05 —-A—- C:WINDOWSIE4 Error Log.txt
2008-10-28 00:53:56 —-D—- C:WINDOWSsystem32CatRoot2
2008-10-27 17:48:58 —-HD—- C:WINDOWSinf======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-07-19 42912]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-07-19 94416]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2004-08-04 87424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2004-04-13 1266380]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-12 786944]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2003-11-21 113152]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-20 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-20 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-01-21 10368]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2002-04-23 35913]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 grmnusb;grmnusb; C:WINDOWSsystem32driversgrmnusb.sys [2003-09-23 7296]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver; C:WINDOWSsystem32DRIVERSi2220ntx.sys [2004-08-16 160896]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:WINDOWSsystem32DRIVERSsnpstd3.sys [2007-03-21 10198144]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 usb_rndisx;Адаптер USB RNDIS; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-01-28 12800]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-08-12 389120]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-07-19 147640]
R2 Capture Device Service;Capture Device Service; c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe [2007-03-06 198168]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UleadBurningHelper;Ulead Burning Helper; C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe [2007-03-03 67056]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-09-20 382248]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Ещё несколько неприятных сюрпризов. Трояны прописались ещё в несколько мест.
Кроме этого, судя по логу ваш компьютер заражён autorun.inf трояном.Так что выполните следующее.
1. Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.2. Прочитайте описание программы Malwarebytes Anti-malware.Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.
3. Выполните сканирование вашего компьютера ещё раз, используя программу RSIT.
Жду от вас два лога:
— Malwarebytes Anti-malware лог
— RSIT логДа… вот уж «букет»!
Лог Malwarebytes:Malwarebytes’ Anti-Malware 1.30
Версия базы данных: 1414
Windows 5.1.2600 Service Pack 222.11.2008 0:35:19
mbam-log-2008-11-22 (00-35-19).txtТип проверки: Полная (C:|)
Проверено объектов: 134845
Прошло времени: 1 hour(s), 5 minute(s), 11 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 3
Заражено значений реестра: 4
Заражено параметров реестра: 1
Заражено папок: 0
Заражено файлов: 4Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOTCLSID{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_ZZZdrv_lich (Rootkit.Agent) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Quarantined and deleted successfully.Заражено параметров реестра:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully.Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
C:WINDOWSsystem32msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wpv531227133386.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32lich.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:WINDOWSsystem32rs32net.exe (Rootkit.Agent) -> Quarantined and deleted successfully.Лог RSIT:
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Администратор at 2008-11-22 00:46:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (13%) free of 57 GB
Total RAM: 510 MB (39% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:46:53, on 22.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesMalwarebytes’ Anti-Malwarembam.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:DistribантивирRSIT.exe
C:DistribантивирHiJackThisАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://webwiz.visio.com/register/default.asp?122519510684
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search && Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{9D8DD574-CBC3-421E-9B00-C95C0FE69FAB}: NameServer = 62.213.7.190,62.213.0.12
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — Unknown owner — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Capture Device Service — InterVideo Inc. — c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7280 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:Program FilesSpybot — Search & DestroySDHelper.dll [2008-07-07 1562448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-07-19 78008]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-09-20 202024]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAGRSMMSG]
C:WINDOWSAGRSMMSG.exe [2004-04-13 88363][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATIPTA]
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-08-12 339968][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2005-05-31 1196032][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLtMoh]
C:Program FilesltmohLtmoh.exe [2003-03-18 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe -LM [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregrs32net]
C:WINDOWSSystem32rs32net.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsnpstd3]
C:WINDOWSvsnpstd3.exe [2006-09-18 843776][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtsnpstd3]
C:WINDOWStsnpstd3.exe [2006-11-29 262144][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUVS11 Preload]
C:Program FilesUlead SystemsUlead VideoStudio 11uvPL.exe [2008-06-05 341488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2003-12-13 33792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2004-07-21 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^BTTray.lnk]
C:PROGRA~1WIDCOMMBLUETO~1BTTray.exe [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Documents and SettingsАдминистраторfetdi.exe»=»C:Documents and SettingsАдминистраторfetdi.exe:*:Enabled:ENABLE»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6480f6fe-8125-11dc-bc2f-00023f0a3fe1}]
shellAutocommand — activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — activexdebugger32.exe f
shellopencommand — activexdebugger32.exe f[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9c-cc12-11dc-bd05-00023f0a3fe1}]
shellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9d-cc12-11dc-bd05-00023f0a3fe1}]
shellAutoRuncommand — System_Cachelocale.exe
shellexplorecommand — System_Cachelocale.exe
shellopencommand — System_Cachelocale.exe======List of files/folders created in the last 1 months======
2008-11-21 23:21:31 —-D—- C:Documents and SettingsАдминистраторApplication DataMalwarebytes
2008-11-21 23:21:26 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-11-21 23:21:25 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-11-21 19:39:37 —-RASHD—- C:autorun.inf
2008-11-21 18:34:13 —-D—- C:rsit
2008-11-20 23:11:54 —-A—- C:WINDOWSsystem32qyklib.dll======List of files/folders modified in the last 1 months======
2008-11-22 00:46:49 —-D—- C:Temp
2008-11-22 00:37:33 —-D—- C:WINDOWSsystem32drivers
2008-11-22 00:37:33 —-D—- C:WINDOWSsystem32
2008-11-22 00:36:52 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-22 00:36:24 —-D—- C:WINDOWSPrefetch
2008-11-22 00:07:45 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2008-11-21 23:21:25 —-D—- C:Program Files
2008-11-21 19:39:21 —-D—- C:WINDOWSsystem32CatRoot2
2008-11-21 18:38:03 —-D—- C:Distrib
2008-11-21 16:37:25 —-ASH—- C:boot.ini
2008-11-21 16:37:25 —-A—- C:WINDOWSwin.ini
2008-11-21 16:37:25 —-A—- C:WINDOWSsystem.ini
2008-11-21 11:55:10 —-RD—- C:Мои документы
2008-11-19 22:21:03 —-A—- C:WINDOWSwinamp.ini
2008-11-17 00:04:18 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2008-11-16 20:06:31 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-11-16 20:06:22 —-D—- C:WINDOWS
2008-11-16 15:44:16 —-A—- C:WINDOWSNeroDigital.ini
2008-11-14 23:45:57 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-11-14 23:11:09 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2008-11-11 22:34:23 —-SHD—- C:WINDOWSInstaller
2008-11-11 22:34:23 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2008-11-11 22:31:05 —-HD—- C:Program FilesInstallShield Installation Information
2008-11-04 20:48:49 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-04 18:15:05 —-A—- C:WINDOWSIE4 Error Log.txt
2008-10-27 17:48:58 —-HD—- C:WINDOWSinf======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-07-19 42912]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-07-19 94416]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2004-08-04 87424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2004-04-13 1266380]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-12 786944]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2003-11-21 113152]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-20 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-20 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-01-21 10368]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2002-04-23 35913]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 grmnusb;grmnusb; C:WINDOWSsystem32driversgrmnusb.sys [2003-09-23 7296]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver; C:WINDOWSsystem32DRIVERSi2220ntx.sys [2004-08-16 160896]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:WINDOWSsystem32DRIVERSsnpstd3.sys [2007-03-21 10198144]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 usb_rndisx;Адаптер USB RNDIS; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-01-28 12800]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-08-12 389120]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-07-19 147640]
R2 Capture Device Service;Capture Device Service; c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe [2007-03-06 198168]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UleadBurningHelper;Ulead Burning Helper; C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe [2007-03-03 67056]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-07-23 348344]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-09-20 382248]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.:reg
[-HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregrs32net]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6480f6fe-8125-11dc-bc2f-00023f0a3fe1}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9c-cc12-11dc-bd05-00023f0a3fe1}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9d-cc12-11dc-bd05-00023f0a3fe1}]
:Files
C:WINDOWSsystem32qyklib.dll
C:WINDOWSSystem32rs32net.exe
:Commands
[emptytemp]
[Reboot]Кликните по кнопке MoveIt!.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же выполните сканирование компьютера используя RSIT.Жду от вас два лога OTMoveIt лог и RSIT лог.
Лог OTMoveIt
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregrs32net\ not found.
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys\ .
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys\ .
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6480f6fe-8125-11dc-bc2f-00023f0a3fe1}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9c-cc12-11dc-bd05-00023f0a3fe1}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8bf8a9d-cc12-11dc-bd05-00023f0a3fe1}\ not found.
========== FILES ==========
File/Folder C:WINDOWSsystem32qyklib.dll not found.
File/Folder C:WINDOWSSystem32rs32net.exe not found.
========== COMMANDS ==========
File delete failed. c:TempPerflib_Perfdata_5a0.dat scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempCookiesindex.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.OTMoveIt3 by OldTimer — Version 1.0.7.1 log created on 11222008_213151
И RSIT лог:
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Администратор at 2008-11-22 21:37:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (15%) free of 57 GB
Total RAM: 510 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:53, on 22.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32spoolsv.exe
c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:DistribантивирRSIT.exe
C:DistribантивирHiJackThisАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://webwiz.visio.com/register/default.asp?122519510684
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search && Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{9D8DD574-CBC3-421E-9B00-C95C0FE69FAB}: NameServer = 62.213.7.190,62.213.0.12
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — Unknown owner — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Capture Device Service — InterVideo Inc. — c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7211 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:Program FilesSpybot — Search & DestroySDHelper.dll [2008-07-07 1562448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-07-19 78008]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-09-20 202024]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAGRSMMSG]
C:WINDOWSAGRSMMSG.exe [2004-04-13 88363][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATIPTA]
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-08-12 339968][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2005-05-31 1196032][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLtMoh]
C:Program FilesltmohLtmoh.exe [2003-03-18 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe -LM [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsnpstd3]
C:WINDOWSvsnpstd3.exe [2006-09-18 843776][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtsnpstd3]
C:WINDOWStsnpstd3.exe [2006-11-29 262144][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUVS11 Preload]
C:Program FilesUlead SystemsUlead VideoStudio 11uvPL.exe [2008-06-05 341488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2003-12-13 33792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2004-07-21 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^BTTray.lnk]
C:PROGRA~1WIDCOMMBLUETO~1BTTray.exe [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Documents and SettingsАдминистраторfetdi.exe»=»C:Documents and SettingsАдминистраторfetdi.exe:*:Enabled:ENABLE»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»======List of files/folders created in the last 1 months======
2008-11-22 21:37:45 —-D—- C:rsit
2008-11-22 21:28:52 —-D—- C:_OTMoveIt
2008-11-21 23:21:31 —-D—- C:Documents and SettingsАдминистраторApplication DataMalwarebytes
2008-11-21 23:21:26 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-11-21 23:21:25 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-11-21 19:39:37 —-RASHD—- C:autorun.inf======List of files/folders modified in the last 1 months======
2008-11-22 21:37:49 —-D—- C:Temp
2008-11-22 21:34:35 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-22 21:34:14 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2008-11-22 21:28:53 —-D—- C:WINDOWSsystem32
2008-11-22 21:28:31 —-D—- C:WINDOWSPrefetch
2008-11-22 00:37:33 —-D—- C:WINDOWSsystem32drivers
2008-11-21 23:21:25 —-D—- C:Program Files
2008-11-21 19:39:21 —-D—- C:WINDOWSsystem32CatRoot2
2008-11-21 18:38:03 —-D—- C:Distrib
2008-11-21 16:37:25 —-ASH—- C:boot.ini
2008-11-21 16:37:25 —-A—- C:WINDOWSwin.ini
2008-11-21 16:37:25 —-A—- C:WINDOWSsystem.ini
2008-11-21 11:55:10 —-RD—- C:Мои документы
2008-11-19 22:21:03 —-A—- C:WINDOWSwinamp.ini
2008-11-17 00:04:18 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2008-11-16 20:06:31 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-11-16 20:06:22 —-D—- C:WINDOWS
2008-11-16 15:44:16 —-A—- C:WINDOWSNeroDigital.ini
2008-11-14 23:45:57 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-11-14 23:11:09 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2008-11-11 22:34:23 —-SHD—- C:WINDOWSInstaller
2008-11-11 22:34:23 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2008-11-11 22:31:05 —-HD—- C:Program FilesInstallShield Installation Information
2008-11-04 20:48:49 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-04 18:15:05 —-A—- C:WINDOWSIE4 Error Log.txt
2008-10-27 17:48:58 —-HD—- C:WINDOWSinf======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-07-19 42912]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-07-19 94416]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2004-08-04 87424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2004-04-13 1266380]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-12 786944]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2003-11-21 113152]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-20 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-20 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-17 61824]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-01-21 10368]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2002-04-23 35913]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 grmnusb;grmnusb; C:WINDOWSsystem32driversgrmnusb.sys [2003-09-23 7296]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver; C:WINDOWSsystem32DRIVERSi2220ntx.sys [2004-08-16 160896]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:WINDOWSsystem32DRIVERSsnpstd3.sys [2007-03-21 10198144]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 usb_rndisx;Адаптер USB RNDIS; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-01-28 12800]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-08-12 389120]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-07-19 147640]
R2 Capture Device Service;Capture Device Service; c:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe [2007-03-06 198168]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UleadBurningHelper;Ulead Burning Helper; C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe [2007-03-03 67056]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-07-23 348344]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-09-20 382248]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Последний RSIT лог выглядит нормально, но нужно удалить ещё пару ключей в реестре.
Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите и скопируйте ниже приведённый текст в Input script Box:Registry keys to delete:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sysКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ.Лог:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Error: could not delete registry key «HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys»
Deletion of registry key «HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8hmxx.sys» failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)Error: could not delete registry key «HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys»
Deletion of registry key «HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8hmxx.sys» failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)Completed script processing.
*******************
Finished! Terminate.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.
- Для ответа в этой теме необходимо авторизоваться.
