ЛЕНТА НОВОСТЕЙ и МЕДЛЕННЫЙ КОМП

[olik_virys]

Здравствуйте!Помогите пож-та!!! 😮 У меня такая проблема!!! очень медленно стал работать комп и при выходе в инет через Explorer выходит лента новостей, для отключения которой предлагается отправить смс.
Проверяла комп на NOD32, вирусос не нашел!
Вот результат сканирования RSIT.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Саша at 2009-01-22 21:45:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (65%) free of 40 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:49, on 22.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesEsetnod32kui.exe
C:Program FilesD-Toolsdaemon.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSSamsungComSMMgrssmmgr.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesOLYMPUSOLYMPUS MasterMonitor.exe
C:Program FilesMessengermsmsgs.exe
C:Program Files2gisUpdateClientWin32UpdateClientService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesDAEMON Tools SearchBarSearch.exe
C:Program FilesTaganka 1.04taganka.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsСаша.AD06A7B01ACD468Рабочий столRSIT.exe
C:Program Filestrend microСаша.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.olympus.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Yahoo! Companion BHO — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: eqdlibP — {793B3219-2D6F-45DD-BCA4-8BEB57772C2D} — C:Documents and SettingsAll UsersApplication Dataeqdlib.dll
O2 — BHO: WhenUSearch Helper — {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} — C:Program FilesDAEMON Tools SearchBarsearch.dll
O3 — Toolbar: &Yahoo! Companion — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [OM_Monitor] C:Program FilesOLYMPUSOLYMPUS MasterFirstStart.exe
O4 — HKLM..Run: [Samsung Common SM] «C:WINDOWSSamsungComSMMgrssmmgr.exe» /autorun
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [OM_Monitor] C:Program FilesOLYMPUSOLYMPUS MasterMonitor.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Taganka.lnk = C:Program FilesTaganka 1.04taganka.exe
O4 — Global Startup: Ускоренный запуск Adobe Reader.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.olympus.ru
O17 — HKLMSystemCCSServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: Domain = olympus.ru
O17 — HKLMSystemCCSServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: NameServer = 10.0.10.1,10.0.10.2
O17 — HKLMSystemCCSServicesTcpip..{4A930DF5-CCF0-4C28-B87A-71DADCE31813}: NameServer = 85.249.39.1 85.249.32.1
O17 — HKLMSystemCS1ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: Domain = olympus.ru
O17 — HKLMSystemCS1ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: NameServer = 10.0.10.1,10.0.10.2
O17 — HKLMSystemCS2ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: Domain = olympus.ru
O17 — HKLMSystemCS2ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: NameServer = 10.0.10.1,10.0.10.2
O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Battlestrike Drivers Auto Removal (pr2anq6b) (pr2anq6b) — Noviy Disk — C:WINDOWSsystem32pr2anq6b.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8078 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{793B3219-2D6F-45DD-BCA4-8BEB57772C2D}]
MLP Media Helper Object — C:Documents and SettingsAll UsersApplication Dataeqdlib.dll [2009-01-14 322048]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]
WhenUSearch Helper — C:Program FilesDAEMON Tools SearchBarsearch.dll [2006-08-17 242040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — &Yahoo! Companion — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll [2005-04-13 327748]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-28 849392]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-11-14 16270848]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-01-29 949376]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-23 8466432]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-01-29 77824]
«OM_Monitor»=C:Program FilesOLYMPUSOLYMPUS MasterFirstStart.exe [2005-11-29 40960]
«Samsung Common SM»=C:WINDOWSSamsungComSMMgrssmmgr.exe [2005-07-03 372736]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«OM_Monitor»=C:Program FilesOLYMPUSOLYMPUS MasterMonitor.exe [2005-11-29 57344]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGainward]
C:Program FilesVDOToolTBPanel.exe [2007-06-26 2165272]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2005-09-25 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2007-07-23 8466432]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2007-07-23 81920]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWhenUSearch]
C:Program FilesDAEMON Tools SearchBarSearch.exe [2006-08-17 304504]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWhenUSearchWHSE]
C:Program FilesDAEMON Tools SearchBarwhse.exe [2006-08-17 179064]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2004-12-20 33792]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Саша^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2006-11-07 1039568]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Ускоренный запуск Adobe Reader.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsСаша.AD06A7B01ACD468Главное менюПрограммыАвтозагрузка
Taganka.lnk — C:Program FilesTaganka 1.04taganka.exe

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-01-22 21:23:03 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataOpera
2009-01-16 22:53:59 —-A—- C:logit.txt
2009-01-16 20:38:10 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataMalwarebytes
2009-01-16 20:38:04 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-16 20:38:04 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-16 20:05:11 —-D—- C:rsit
2009-01-16 20:05:11 —-D—- C:Program Filestrend micro
2009-01-16 19:48:52 —-D—- C:_OTMoveIt
2009-01-14 01:25:07 —-A—- C:Documents and SettingsAll UsersApplication Dataeqdlib.dll
2009-01-13 19:24:27 —-D—- C:Program FilesNoviy Disk
2009-01-04 21:15:39 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataURSE Games
2009-01-04 21:15:36 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-01-04 21:13:41 —-D—- C:Program FilesGames.Mail.Ru

======List of files/folders modified in the last 1 months======

2009-01-22 21:43:06 —-D—- C:Downloads
2009-01-22 21:36:45 —-D—- C:WINDOWSTemp
2009-01-22 21:23:00 —-SHD—- C:WINDOWSInstaller
2009-01-22 21:22:58 —-D—- C:Program FilesOpera
2009-01-22 21:18:53 —-D—- C:Temp
2009-01-22 21:10:45 —-D—- C:WINDOWS
2009-01-22 21:01:15 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-20 21:26:39 —-D—- C:WINDOWSPrefetch
2009-01-20 15:34:37 —-A—- C:WINDOWSNeroDigital.ini
2009-01-20 15:03:02 —-A—- C:WINDOWSwinamp.ini
2009-01-19 14:30:29 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-19 13:42:05 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-17 11:48:33 —-D—- C:Program FilesTaganka 1.04
2009-01-16 22:06:58 —-RD—- C:Program Files
2009-01-16 21:33:03 —-D—- C:Documents and Settings
2009-01-16 20:38:08 —-D—- C:WINDOWSsystem32drivers
2009-01-13 19:31:17 —-D—- C:WINDOWSsystem32
2008-12-28 03:06:53 —-D—- C:Program FilesRambler Assistant

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:WINDOWSsystem32driverscdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2008-01-29 15424]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2008-01-29 512096]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2005-03-14 41984]
R2 nvcap;nVidia WDM Video Capture (universal); C:WINDOWSsystem32DRIVERSnvcap.sys [2007-07-23 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:WINDOWSsystem32DRIVERSNVxbar.sys [2007-07-23 16176]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-23 6807328]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:WINDOWSsystem32DRIVERSRMSPPPOE.SYS [2002-10-03 31424]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-08-14 83200]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; ??C:WINDOWSsystem32DRIVERSENTECH.SYS []
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-01-29 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-23 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-01-27 66872]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S2 pr2anq6b;Battlestrike Drivers Auto Removal (pr2anq6b); C:WINDOWSsystem32pr2anq6b.exe [2007-11-08 411000]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

:Processes

explorer.exe



:reg

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{793B3219-2D6F-45DD-BCA4-8BEB57772C2D}]



:files

C:Documents and SettingsAll UsersApplication Dataeqdlib.dll



:Commands

[emptytemp]

[start explorer]

[Reboot]

Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же приложите к ответу свежий RSIT лог.

[olik_virys]

Здравствуйте,Valeri!Все сделала, как Вы написали.Лента новостей и
пропала!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{793B3219-2D6F-45DD-BCA4-8BEB57772C2D}\ deleted successfully.
========== FILES ==========
C:Documents and SettingsAll UsersApplication Dataeqdlib.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication Dataeqdlib.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1B978~1.AD0LOCALS~1TempIH125.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1B978~1.AD0LOCALS~1TempIH12C.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1B978~1.AD0LOCALS~1TempIH133.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilecache4temporary_downloadOTMoveIt3 (1).exe scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilecache4opr00J18 scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01252009_165710

Files moved on Reboot…
C:DOCUME~1B978~1.AD0LOCALS~1TempIH125.tmp moved successfully.
C:DOCUME~1B978~1.AD0LOCALS~1TempIH12C.tmp moved successfully.
C:DOCUME~1B978~1.AD0LOCALS~1TempIH133.tmp moved successfully.
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001adoc.bx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001md.dat moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001url.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001w.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps001wb.vx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilecache4temporary_downloadOTMoveIt3 (1).exe moved successfully.
C:Documents and SettingsСаша.AD06A7B01ACD468Local SettingsApplication DataOperaOperaProfilecache4opr00J18 moved successfully.
Результат сканирования RSIT
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Саша at 2009-01-25 17:09:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (65%) free of 40 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:21, on 25.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesEsetnod32kui.exe
C:Program FilesD-Toolsdaemon.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSSamsungComSMMgrssmmgr.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesOLYMPUSOLYMPUS MasterMonitor.exe
C:Program FilesMessengermsmsgs.exe
C:Program Files2gisUpdateClientWin32UpdateClientService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesDAEMON Tools SearchBarSearch.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsСаша.AD06A7B01ACD468Рабочий столRSIT.exe
C:Program Filestrend microСаша.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.olympus.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Yahoo! Companion BHO — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: WhenUSearch Helper — {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} — C:Program FilesDAEMON Tools SearchBarsearch.dll
O3 — Toolbar: &Yahoo! Companion — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [OM_Monitor] C:Program FilesOLYMPUSOLYMPUS MasterFirstStart.exe
O4 — HKLM..Run: [Samsung Common SM] «C:WINDOWSSamsungComSMMgrssmmgr.exe» /autorun
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [OM_Monitor] C:Program FilesOLYMPUSOLYMPUS MasterMonitor.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Taganka.lnk = C:Program FilesTaganka 1.04taganka.exe
O4 — Global Startup: Ускоренный запуск Adobe Reader.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.olympus.ru
O17 — HKLMSystemCCSServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: Domain = olympus.ru
O17 — HKLMSystemCCSServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: NameServer = 10.0.10.1,10.0.10.2
O17 — HKLMSystemCCSServicesTcpip..{4A930DF5-CCF0-4C28-B87A-71DADCE31813}: NameServer = 85.249.39.1 85.249.32.1
O17 — HKLMSystemCS1ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: Domain = olympus.ru
O17 — HKLMSystemCS1ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: NameServer = 10.0.10.1,10.0.10.2
O17 — HKLMSystemCS2ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: Domain = olympus.ru
O17 — HKLMSystemCS2ServicesTcpip..{0D0212AE-8D2E-4DC0-8DA3-840992B518A6}: NameServer = 10.0.10.1,10.0.10.2
O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Battlestrike Drivers Auto Removal (pr2anq6b) (pr2anq6b) — Noviy Disk — C:WINDOWSsystem32pr2anq6b.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 7933 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]
WhenUSearch Helper — C:Program FilesDAEMON Tools SearchBarsearch.dll [2006-08-17 242040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — &Yahoo! Companion — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_0_1.dll [2005-04-13 327748]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-28 849392]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-11-14 16270848]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-01-29 949376]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-23 8466432]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-01-29 77824]
«OM_Monitor»=C:Program FilesOLYMPUSOLYMPUS MasterFirstStart.exe [2005-11-29 40960]
«Samsung Common SM»=C:WINDOWSSamsungComSMMgrssmmgr.exe [2005-07-03 372736]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«OM_Monitor»=C:Program FilesOLYMPUSOLYMPUS MasterMonitor.exe [2005-11-29 57344]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGainward]
C:Program FilesVDOToolTBPanel.exe [2007-06-26 2165272]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2005-09-25 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2007-07-23 8466432]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2007-07-23 81920]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWhenUSearch]
C:Program FilesDAEMON Tools SearchBarSearch.exe [2006-08-17 304504]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWhenUSearchWHSE]
C:Program FilesDAEMON Tools SearchBarwhse.exe [2006-08-17 179064]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2004-12-20 33792]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Саша^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2006-11-07 1039568]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Ускоренный запуск Adobe Reader.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsСаша.AD06A7B01ACD468Главное менюПрограммыАвтозагрузка
Taganka.lnk — C:Program FilesTaganka 1.04taganka.exe

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-01-22 21:23:03 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataOpera
2009-01-16 22:53:59 —-A—- C:logit.txt
2009-01-16 20:38:10 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataMalwarebytes
2009-01-16 20:38:04 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-16 20:38:04 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-16 20:05:11 —-D—- C:rsit
2009-01-16 20:05:11 —-D—- C:Program Filestrend micro
2009-01-16 19:48:52 —-D—- C:_OTMoveIt
2009-01-13 19:24:27 —-D—- C:Program FilesNoviy Disk
2009-01-04 21:15:39 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataURSE Games
2009-01-04 21:15:36 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-01-04 21:13:41 —-D—- C:Program FilesGames.Mail.Ru

======List of files/folders modified in the last 1 months======

2009-01-25 17:01:51 —-D—- C:WINDOWSTemp
2009-01-25 16:58:12 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-25 03:36:15 —-D—- C:WINDOWS
2009-01-24 22:50:25 —-SD—- C:WINDOWSDownloaded Program Files
2009-01-24 22:50:25 —-HD—- C:WINDOWSinf
2009-01-24 22:50:24 —-D—- C:WINDOWSsystem32
2009-01-24 22:50:21 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-23 14:46:48 —-D—- C:Documents and SettingsСаша.AD06A7B01ACD468Application DataICQ
2009-01-22 23:18:39 —-D—- C:Downloads
2009-01-22 23:14:16 —-D—- C:Temp
2009-01-22 22:56:31 —-D—- C:Program FilesTaganka 1.04
2009-01-22 21:23:00 —-SHD—- C:WINDOWSInstaller
2009-01-22 21:22:58 —-D—- C:Program FilesOpera
2009-01-22 21:10:54 —-D—- C:WINDOWSsystem32appmgmt
2009-01-20 21:26:39 —-D—- C:WINDOWSPrefetch
2009-01-20 15:34:37 —-A—- C:WINDOWSNeroDigital.ini
2009-01-20 15:03:02 —-A—- C:WINDOWSwinamp.ini
2009-01-19 14:30:29 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-16 22:06:58 —-RD—- C:Program Files
2009-01-16 21:33:03 —-D—- C:Documents and Settings
2009-01-16 20:38:08 —-D—- C:WINDOWSsystem32drivers
2008-12-28 03:06:53 —-D—- C:Program FilesRambler Assistant

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:WINDOWSsystem32driverscdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2008-01-29 15424]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-21 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2008-01-29 512096]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2005-03-14 41984]
R2 nvcap;nVidia WDM Video Capture (universal); C:WINDOWSsystem32DRIVERSnvcap.sys [2007-07-23 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:WINDOWSsystem32DRIVERSNVxbar.sys [2007-07-23 16176]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-23 6807328]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:WINDOWSsystem32DRIVERSRMSPPPOE.SYS [2002-10-03 31424]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-08-14 83200]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; ??C:WINDOWSsystem32DRIVERSENTECH.SYS []
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-01-29 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-23 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-01-27 66872]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S2 pr2anq6b;Battlestrike Drivers Auto Removal (pr2anq6b); C:WINDOWSsystem32pr2anq6b.exe [2007-11-08 411000]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

[Admin]

Лог выглядит нормально. Как работает компьютер ?

[olik_virys]

Здравствуйте, Valeri!!!
Огромное Вам спасибо!!!
Все работает хорошо!Очень помогли!!!

[Admin]

Рад вам помочь 🙂

Несколько завершающих действий.

Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.

Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ..

Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.

Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.

После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.

Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.

Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.

Всего доброго!

[Автор]

Сообщения