- This topic has 8 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Здравствуйте!Компьютер долго подвергался атакам вирусов. Антивирусом чистил. Показывает, что система чиста. Но сомнения остались.Долго читает диски, прежде чем их открыть.Помогите пожалуйса проверить
Вот лог Hijackthis:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:33, on 19.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32uphclean.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesTrend MicroHijackThisHijackThis.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.APEHA.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [EPSON Stylus CX4300 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE /FU «C:WINDOWSsystem32configSYSTEM~1LOCALS~1TempE_SA2.tmp» /EF «HKCU»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%System32dllcache» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_06] cmd.exe /c md «%USERPROFILE%Local SettingsTemp» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%NLDRV» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_09] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%System32dllcache» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5354 bytesЛог RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-04-19 14:03:53
Microsoft Windows XP Professional Service Pack 2
System drive C: has 56 GB (64%) free of 88 GB
Total RAM: 2046 MB (83% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:54, on 19.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32uphclean.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.APEHA.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [EPSON Stylus CX4300 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE /FU «C:WINDOWSsystem32configSYSTEM~1LOCALS~1TempE_SA2.tmp» /EF «HKCU»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%System32dllcache» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_06] cmd.exe /c md «%USERPROFILE%Local SettingsTemp» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%NLDRV» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_09] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%System32dllcache» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5402 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-07-01 155648]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2006-06-30 577536][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX4300 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE [2007-03-01 180736][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-07-28 118784][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=0
«InstallVisualStyle»=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=C:WINDOWSResourcesThemesRoyale.theme[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoWindowsUpdate»=1
«NoSMConfigurePrograms»=1
«NoResolveTrack»=1
«NoResolveSearch»=1
«NoInstrumentation»=1
«NoStartMenuMFUprogramsList»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{02f19d8a-7837-11dd-82c3-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{03c685f4-3dfe-11dd-817c-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08745aa4-9eb6-11dd-8356-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0b99ceec-ebb6-11dd-8423-000a48208b80}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Secret.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2eb1950a-7a7c-11dd-82ca-000a48208b80}]
shellAutoRuncommand — F:
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35a0e8b8-cb83-11dd-83c7-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{583d4f6c-c6c7-11dd-83b8-000a48208b80}]
shellAutoRuncommand — F:oufddh.exe
shellexplorecommand — F:oufddh.exe
shellopencommand — F:oufddh.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{768dd8f4-79cb-11dd-82c7-000a48208b80}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Secret.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{790f5dba-29bb-11dd-8124-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7927a9b8-66ee-11dd-826d-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87ffc85a-2b81-11de-84e4-000a48208b80}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Secret.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cbbb8ab4-3b92-11dd-816e-000a48208b80}]
shellAutoRuncommand — u.bat
shellexplorecommand — u.bat
shellopencommand — u.bat[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dbb5e0c0-96c0-11dd-8324-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f0ed173e-188d-11de-84aa-000a48208b80}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Secret.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f4bba6e2-859d-11dd-82e6-000a48208b80}]
shellAutoRuncommand — F:n1deiect.com
shellexplorecommand — F:n1deiect.com
shellopencommand — F:n1deiect.com======List of files/folders created in the last 1 months======
2009-04-19 14:03:53 —-D—- C:rsit
2009-04-19 14:00:08 —-D—- C:ComboFix
2009-04-19 14:00:08 —-A—- C:WINDOWSsystem32CF28221.exe
2009-04-19 13:59:13 —-D—- C:WINDOWSERDNT
2009-04-19 13:59:12 —-A—- C:WINDOWSsystem32CF28038.exe
2009-04-19 13:59:11 —-D—- C:Qoobox
2009-04-19 13:53:52 —-D—- C:WINDOWSsystem32appmgmt
2009-04-19 13:48:36 —-D—- C:WINDOWSSoftwareDistribution
2009-04-19 13:48:33 —-D—- C:WINDOWSPrefetch
2009-04-19 13:45:06 —-D—- C:WINDOWSsystem32xircom
2009-04-19 13:45:06 —-D—- C:Program Filesxerox
2009-04-19 13:45:06 —-D—- C:Program Filesmsn gaming zone
2009-04-19 13:45:06 —-D—- C:Program Filesmicrosoft frontpage
2009-04-19 13:44:20 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-04-19 13:44:14 —-HD—- C:Program FilesWindowsUpdate
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuweb.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wups.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wucltui.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuapi.dll
2009-04-19 13:43:25 —-D—- C:Program FilesMessenger
2009-04-19 13:36:35 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-04-19 13:36:35 —-A—- C:WINDOWSsystem32irclass.dll
2009-04-19 13:36:18 —-RA—- C:WINDOWSSETBA.tmp
2009-04-19 13:36:16 —-RA—- C:WINDOWSSETAE.tmp
2009-04-19 13:36:15 —-RA—- C:WINDOWSSETAB.tmp
2009-04-19 13:30:48 —-RSHD—- C:WINDOWSsystem32dllcache
2009-04-19 13:25:44 —-SHD—- C:FOUND.010
2009-04-18 18:20:08 —-D—- C:Documents and SettingsUserApplication DataESET
2009-04-18 18:19:15 —-D—- C:Program FilesESET
2009-04-18 18:19:15 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-04-18 18:11:12 —-SHD—- C:FOUND.009
2009-04-18 18:03:48 —-SHD—- C:FOUND.008
2009-04-18 17:52:26 —-SHD—- C:FOUND.007
2009-04-18 17:38:28 —-D—- C:Program FilesTrend Micro
2009-04-17 23:00:23 —-D—- C:Documents and SettingsUserApplication DataKingston
2009-04-06 22:20:52 —-SHD—- C:FOUND.006======List of files/folders modified in the last 1 months======
2009-04-19 13:54:00 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-19 13:50:08 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-19 13:49:10 —-A—- C:WINDOWSsetuplog.txt
2009-04-19 13:44:52 —-A—- C:WINDOWSOEWABLog.txt
2009-04-19 13:44:50 —-A—- C:WINDOWSODBCINST.INI
2009-04-19 13:44:22 —-RD—- C:WINDOWSWeb
2009-04-19 13:44:22 —-RD—- C:Program Files
2009-04-19 13:44:18 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-04-19 13:44:12 —-A—- C:WINDOWSwin.ini
2009-04-19 13:42:54 —-SH—- C:boot.ini
2009-04-19 13:36:40 —-A—- C:WINDOWSsystem.ini
2009-04-19 13:36:32 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-04-18 18:20:10 —-A—- C:WINDOWSkdcoms.dll
2009-04-18 17:04:24 —-A—- C:WINDOWSNeroDigital.ini
2009-04-15 15:03:58 —-A—- C:WINDOWSModemLog_Motorola USB Modem.txt======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2006-06-30 3846848]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-07-28 2371584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 ENTECH;ENTECH; ??C:WINDOWSsystem32DRIVERSENTECH.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:WINDOWSsystem32DRIVERSmotmodem.sys [2007-02-27 21504]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2006-11-10 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-11-10 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-11-10 84512]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-07-28 483328]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2006-07-01 322120]
R2 UPHClean;User Profile Hive Cleanup; C:WINDOWSsystem32uphclean.exe [2006-06-30 241725]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-07-27 593920]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-07-01 89136]
S3 UMWdf;Компонент драйверов пользовательского режима Windows; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
EOF
лог info RSIT:
info.txt logfile of random’s system information tool 1.06 2009-04-19 14:03:55======Uninstall list======
«Prey» версии 1.0.103—>D:GamesPreyunins000.exe
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
3DMark05—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}setup.exe» -l0x9
Adobe® Photoshop® Album Starter Edition 3.0—>MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update—>C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}setup.exe -runfromtemp -l0x0019 -removeonly
BloodRayne 2—>D:GAMESBLOODR~1UNWISE.EXE D:GAMESBLOODR~1INSTALL.LOG
Call of Duty 2—>D:GAMESCALLOF~1UNWISE.EXE D:GAMESCALLOF~1INSTALL.LOG
Camera RAW Plug-In for EPSON Creativity Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}SETUP.EXE» -l0x19 UNINST
CX4300_5500_DX4400 Руководство—>C:Program FilesEPSONTPMANUALCX4300_5500_DX4400RUSUSE_GDOCUNINS.EXE
Disc2Phone—>MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{67EDD823-135A-4D59-87BD-950616D6E857}SETUP.EXE» -l0x19 -UnInstall
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2EB81825-E9EE-44F4-8F51-1240C3898DC6}Setup.exe» -l0x19 UNINST
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
EPSON Scan—>C:Program Filesepsonescndvsetupsetup.exe /r
EPSON Web-To-Page—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE» -l0x19 -anything
FlatOut—>D:GAMESFLATOUTUNWISE.EXE D:GAMESFLATOUTINSTALL.LOG
Foxit PDF Reader—>»C:Program FilesFoxit SoftwareFoxit Readerunins000.exe»
Gish—>»D:GamesGishuninstall.exe»
GTA San Andreas—>D:GAMESGTA_SA~1UNWISE.EXE D:GAMESGTA_SA~1INSTALL.LOG
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
K-Lite Codec Pack 2.72 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Millionaire—>C:WINDOWSunvise32.exe d:gamesмиллионерuninstal.log
Motorola Driver Installation—>MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools—>C:Program FilesInstallShield Installation Information{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}setup.exe -runfromtemp -l0x0019 -removeonly
Need for Speed™ ProStreet—>D:GamesNFSProunwise.exe
Need for Speed™ ProStreet—>D:GAMESNFSPROUNWISE.EXE D:GAMESNFSPROINSTALL.LOG
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Pirates of the Caribbean—>D:GAMESPIRATESUNWISE.EXE D:GAMESPIRATESINSTALL.LOG
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Realtek AC’97 Audio—>Alcrmv.exe -r -m
Samsung USB Driver (MCCI 4.24)—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
Sniper Elite—>D:GAMESSNIPER~1UNWISE.EXE D:GAMESSNIPER~1INSTALL.LOG
The Sims™ 2 FreeTime + addons—>MsiExec.exe /X{D741A683-B283-4BDC-B9FF-4309028E56A0}
Total Commander 6.54—>MsiExec.exe /X{7355D82D-E4D3-492C-BA09-28ADFA70BFB8}
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
XnView 1.80—>»C:Program FilesXnViewunins000.exe»
Архиватор WinRAR—>C:Program FilesWINRARuninstall.exe
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf=====HijackThis Backups=====
F2 — REG:system.ini: UserInit=C:WINDOWSuserinit.exe [2009-04-18]
O4 — HKCU..Run: [amva] C:WINDOWSsystem32amvo.exe [2009-04-18]
F2 — REG:system.ini: UserInit=C:WINDOWSuserinit.exe [2009-04-18]
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe [2009-04-19]
O4 — HKCU..Run: [amva] C:WINDOWSsystem32amvo.exe [2009-04-19]Securitycenter WMI appears to be broken
======System event log======
Computer Name: COMPUTER
Event Code: 62486
Message: Invalid parametersRecord Number: 43233
Source Name: ati2mtag
Time Written: 20090404150352.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 62486
Message: Invalid parametersRecord Number: 43232
Source Name: ati2mtag
Time Written: 20090404150352.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 62486
Message: Invalid parametersRecord Number: 43231
Source Name: ati2mtag
Time Written: 20090404150352.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 62486
Message: Invalid parametersRecord Number: 43230
Source Name: ati2mtag
Time Written: 20090404150352.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 62486
Message: Invalid parametersRecord Number: 43229
Source Name: ati2mtag
Time Written: 20090404150352.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: COMPUTER
Event Code: 105
Message: The service was started.Record Number: 4777
Source Name: ATI Smart
Time Written: 20090417195209.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 1010
Message: User profile hive cleanup service stopped successfully.Record Number: 4776
Source Name: UPHClean
Time Written: 20090416225354.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 0
Message:
Record Number: 4775
Source Name: ServiceLayer
Time Written: 20090416202928.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 1001
Message: User profile hive cleanup service version 1.6.30.0 started successfully.Record Number: 4774
Source Name: UPHClean
Time Written: 20090416202914.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 105
Message: The service was started.Record Number: 4773
Source Name: ATI Smart
Time Written: 20090416202912.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32WBEM;C:Program FilesPC Connectivity Solution
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 6 Stepping 5, GenuineIntel
«PROCESSOR_REVISION»=0605
«NUMBER_OF_PROCESSORS»=2
«TEMP»=%USERPROFILE%Local SettingsTemp
«TMP»=%USERPROFILE%Local SettingsTemp
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
EOF
Судя по логу компьютер и внешнии диски, которые к нему подключались заражены autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:reg
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{02f19d8a-7837-11dd-82c3-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{03c685f4-3dfe-11dd-817c-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08745aa4-9eb6-11dd-8356-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0b99ceec-ebb6-11dd-8423-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2eb1950a-7a7c-11dd-82ca-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35a0e8b8-cb83-11dd-83c7-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{583d4f6c-c6c7-11dd-83b8-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{768dd8f4-79cb-11dd-82c7-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{790f5dba-29bb-11dd-8124-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7927a9b8-66ee-11dd-826d-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87ffc85a-2b81-11de-84e4-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cbbb8ab4-3b92-11dd-816e-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dbb5e0c0-96c0-11dd-8324-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f0ed173e-188d-11de-84aa-000a48208b80}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f4bba6e2-859d-11dd-82e6-000a48208b80}]
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
Вот лог ОТMove It
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{02f19d8a-7837-11dd-82c3-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{03c685f4-3dfe-11dd-817c-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08745aa4-9eb6-11dd-8356-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0b99ceec-ebb6-11dd-8423-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2eb1950a-7a7c-11dd-82ca-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35a0e8b8-cb83-11dd-83c7-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{583d4f6c-c6c7-11dd-83b8-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{768dd8f4-79cb-11dd-82c7-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{790f5dba-29bb-11dd-8124-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7927a9b8-66ee-11dd-826d-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87ffc85a-2b81-11de-84e4-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cbbb8ab4-3b92-11dd-816e-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dbb5e0c0-96c0-11dd-8324-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f0ed173e-188d-11de-84aa-000a48208b80}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f4bba6e2-859d-11dd-82e6-000a48208b80}\ deleted successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05062009_214116
Files moved on Reboot…
Лог RSIT
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-06 21:53:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 54 GB (61%) free of 88 GB
Total RAM: 2046 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:30, on 06.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32uphclean.exe
C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesESETESET Smart Securityegui.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.APEHA.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKCU..Run: [EPSON Stylus CX4300 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE /FU «C:WINDOWSsystem32configSYSTEM~1LOCALS~1TempE_SA2.tmp» /EF «HKCU»
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%System32dllcache» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_06] cmd.exe /c md «%USERPROFILE%Local SettingsTemp» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%NLDRV» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_09] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 «%SystemRoot%System32dllcache» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6038 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-07-01 155648]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2006-06-30 577536]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-07-01 1447168][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX4300 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICAR.EXE [2007-03-01 180736]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-07-28 118784][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=0
«InstallVisualStyle»=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=C:WINDOWSResourcesThemesRoyale.theme[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoWindowsUpdate»=1
«NoSMConfigurePrograms»=1
«NoResolveTrack»=1
«NoResolveSearch»=1
«NoInstrumentation»=1
«NoStartMenuMFUprogramsList»=1
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-05-06 21:41:16 —-D—- C:_OTMoveIt
2009-04-21 20:03:49 —-RASHD—- C:autorun.inf
2009-04-19 14:03:53 —-D—- C:rsit
2009-04-19 14:00:08 —-D—- C:ComboFix
2009-04-19 14:00:08 —-A—- C:WINDOWSsystem32CF28221.exe
2009-04-19 13:59:13 —-D—- C:WINDOWSERDNT
2009-04-19 13:59:12 —-A—- C:WINDOWSsystem32CF28038.exe
2009-04-19 13:59:11 —-D—- C:Qoobox
2009-04-19 13:53:52 —-D—- C:WINDOWSsystem32appmgmt
2009-04-19 13:48:36 —-D—- C:WINDOWSSoftwareDistribution
2009-04-19 13:48:33 —-D—- C:WINDOWSPrefetch
2009-04-19 13:45:06 —-D—- C:WINDOWSsystem32xircom
2009-04-19 13:45:06 —-D—- C:Program Filesxerox
2009-04-19 13:45:06 —-D—- C:Program Filesmsn gaming zone
2009-04-19 13:45:06 —-D—- C:Program Filesmicrosoft frontpage
2009-04-19 13:44:20 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-04-19 13:44:14 —-HD—- C:Program FilesWindowsUpdate
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuweb.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wups.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wucltui.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-04-19 13:44:05 —-A—- C:WINDOWSsystem32wuapi.dll
2009-04-19 13:43:25 —-D—- C:Program FilesMessenger
2009-04-19 13:36:35 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-04-19 13:36:35 —-A—- C:WINDOWSsystem32irclass.dll
2009-04-19 13:36:18 —-RA—- C:WINDOWSSETBA.tmp
2009-04-19 13:36:16 —-RA—- C:WINDOWSSETAE.tmp
2009-04-19 13:36:15 —-RA—- C:WINDOWSSETAB.tmp
2009-04-19 13:30:48 —-RSHD—- C:WINDOWSsystem32dllcache
2009-04-19 13:25:44 —-SHD—- C:FOUND.010
2009-04-18 18:20:08 —-D—- C:Documents and SettingsUserApplication DataESET
2009-04-18 18:19:15 —-D—- C:Program FilesESET
2009-04-18 18:19:15 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-04-18 18:11:12 —-SHD—- C:FOUND.009
2009-04-18 18:03:48 —-SHD—- C:FOUND.008
2009-04-18 17:52:26 —-SHD—- C:FOUND.007
2009-04-18 17:38:28 —-D—- C:Program FilesTrend Micro
2009-04-17 23:00:23 —-D—- C:Documents and SettingsUserApplication DataKingston======List of files/folders modified in the last 1 months======
2009-05-06 21:49:16 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-25 16:27:52 —-A—- C:WINDOWSNeroDigital.ini
2009-04-19 13:50:08 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-19 13:49:10 —-A—- C:WINDOWSsetuplog.txt
2009-04-19 13:44:52 —-A—- C:WINDOWSOEWABLog.txt
2009-04-19 13:44:50 —-A—- C:WINDOWSODBCINST.INI
2009-04-19 13:44:22 —-RD—- C:WINDOWSWeb
2009-04-19 13:44:22 —-RD—- C:Program Files
2009-04-19 13:44:18 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-04-19 13:44:12 —-A—- C:WINDOWSwin.ini
2009-04-19 13:42:54 —-SH—- C:boot.ini
2009-04-19 13:36:40 —-A—- C:WINDOWSsystem.ini
2009-04-19 13:36:32 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-04-18 18:20:10 —-A—- C:WINDOWSkdcoms.dll
2009-04-15 15:03:58 —-A—- C:WINDOWSModemLog_Motorola USB Modem.txt======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-07-01 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-07-01 71688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2006-06-30 3846848]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-07-28 2371584]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-07-01 30728]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S3 ENTECH;ENTECH; ??C:WINDOWSsystem32DRIVERSENTECH.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:WINDOWSsystem32DRIVERSmotmodem.sys [2007-02-27 21504]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2006-11-10 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-11-10 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-11-10 84512]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-07-28 483328]
R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-07-01 468224]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2006-07-01 322120]
R2 UPHClean;User Profile Hive Cleanup; C:WINDOWSsystem32uphclean.exe [2006-06-30 241725]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-07-27 593920]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-07-01 19200]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-07-01 89136]
S3 UMWdf;Компонент драйверов пользовательского режима Windows; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
EOF
Лог выглядит нормально.
Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.Тогда скачайте http://avptool.virusinfo.info/ru — бесплатную утилиту для лечения от Касперского.
Просканируйте компьютер.Сообщите о результате.
- Для ответа в этой теме необходимо авторизоваться.
