- This topic has 3 ответа, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Добрый день. Та же трабла. Не могли бы Вы и мне помочь?
RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Julik at 2009-05-29 15:23:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (23%) free of 30 GB
Total RAM: 1022 MB (64% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:52, on 29.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: NormalRunning processes:
C:WINDOWS.0system32csrss.exe
C:WINDOWS.0system32winlogon.exe
C:WINDOWS.0system32services.exe
C:WINDOWS.0system32lsass.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0System32svchost.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0system32spoolsv.exe
C:WINDOWS.0system32svchost.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:WINDOWS.0ATKKBService.exe
C:WINDOWS.0System32avast!Antivirus.exe
C:WINDOWS.0system32crypserv.exe
C:WINDOWS.0system32nvsvc32.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0Explorer.EXE
C:Program FilesConexantAccessRunner ADSLCnxDslTb.exe
C:Program FilesAnalog DevicesSoundMAXSMax4.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe
C:WINDOWS.0system32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsJulik.HOME-D366FC8527Рабочий столRSIT.exe
C:WINDOWS.0TEMP9E1D7A6D.exe
C:WINDOWS.0system32wbemwmiprvse.exe
C:Program Filestrend microJulik.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
F2 — REG:system.ini: UserInit=C:WINDOWS.0system32userinit.exe,C:WINDOWS.0system32sdra64.exe,
O2 — BHO: Adobe PDF Reader Link Helper — {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O3 — Toolbar: MEGAUPLOADTOOLBAR — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 — HKLM..Run: [CnxDslTaskBar] «C:Program FilesConexantAccessRunner ADSLCnxDslTb.exe»
O4 — HKLM..Run: [NeroCheck] C:WINDOWS.0system32NeroCheck.exe
O4 — HKLM..Run: [SoundMax] «C:Program FilesAnalog DevicesSoundMAXSMax4.exe» /tray
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 — HKLM..Run: [lphcv1pj0ec2p] C:WINDOWS.0system32lphcv1pj0ec2p.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWS.0system32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWS.0system32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Malware Doctor] C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWS.0system32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DriverCure] C:Program FilesParetoLogicDriverCureDriverCure.exe -scan
O4 — HKCU..Run: [Malware Doctor] C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWS.0system32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..Run: [braviax] C:WINDOWS.0system32braviax.exe (User ‘Default user’)
O4 — Global Startup: APC UPS Status.lnk = ?
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm147YYRU
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Mass Downloader — {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} — C:Program FilesMass Downloadermassdown.exe
O9 — Extra ‘Tools’ menuitem: &Mass Downloader — {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} — C:Program FilesMass Downloadermassdown.exe
O9 — Extra button: (no name) — {53F6FCCD-9E22-4d71-86EA-6E43136192AB} — (no file)
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: (no name) — {925DAB62-F9AC-4221-806A-057BFB1014AA} — (no file)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWS.0Network Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWS.0Network Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windows.0system32nwprovau.dll
O16 — DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=67633
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://foto.mail.ru/ImageUploader4.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{7A70DC0B-4602-4901-8494-EF3399918E58}: NameServer = 212.15.127.1 212.15.122.253
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: WinCtrl32 — WinCtrl32.dll (file missing)
O21 — SSODL: oledll — {52345B67-1234-1234-D123-7F84D123BC7D} — C:WINDOWS.0system32wm0dap.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 — Service: APC UPS Service APCSENSWmiApSrv (APCSENSWmiApSrv) — Unknown owner — C:WINDOWS.0
O23 — Service: APC UPS Service APCShellHWDetectiondmserver (APCShellHWDetectiondmserver) — Unknown owner — C:WINDOWS.0
O23 — Service: Apple Mobile Device AppleDhcp (AppleDhcp) — Unknown owner — C:WINDOWS.0
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINDOWS.0ATKKBService.exe
O23 — Service: avast!antivirus — Unknown owner — C:WINDOWS.0System32avast!Antivirus.exe
O23 — Service: Фоновая интеллектуальная служба передачи (BITS) (BITS) — Unknown owner — C:WINDOWS.0
O23 — Service: Фоновая интеллектуальная служба передачи (BITS) BITSATKKeyboardService (BITSATKKeyboardService) — Unknown owner — C:WINDOWS.0
O23 — Service: Bonjour Service BonjourAlerter (BonjourAlerter) — Unknown owner — C:WINDOWS.0
O23 — Service: Обозреватель компьютеров BrowserccEvtMgr (BrowserccEvtMgr) — Unknown owner — C:WINDOWS.0
O23 — Service: Symantec Event Manager ccEvtMgrdmserver (ccEvtMgrdmserver) — Unknown owner — C:WINDOWS.0
O23 — Service: Symantec Event Manager ccEvtMgrdmserver ccEvtMgrdmserverwuauservsrservice (ccEvtMgrdmserverwuauservsrservice) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба индексирования CiSvcBrowser (CiSvcBrowser) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба индексирования CiSvcSCardSvr (CiSvcSCardSvr) — Unknown owner — C:WINDOWS.0
O23 — Service: Crypkey License — Kenonic Controls Ltd. — C:WINDOWS.0SYSTEM32crypserv.exe
O23 — Service: DHCP-клиент DhcpccPwdSvc (DhcpccPwdSvc) — Unknown owner — C:WINDOWS.0
O23 — Service: DHCP-клиент DhcpHidServ (DhcpHidServ) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба администрирования диспетчера логических дисков dmadminRemoteAccess (dmadminRemoteAccess) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер логических дисков dmserver UPS Service (dmserver UPS Service) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер логических дисков dmserverNWCWorkstation (dmserverNWCWorkstation) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер логических дисков dmserverNWCWorkstation dmserverNWCWorkstationSysmonLog (dmserverNWCWorkstationSysmonLog) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба регистрации ошибок ERSvcRpcSsxmlprov (ERSvcRpcSsxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWS.0system32services.exe
O23 — Service: Журнал событий Eventlog License (Eventlog License) — Unknown owner — C:WINDOWS.0
O23 — Service: Журнал событий EventlogLmHosts (EventlogLmHosts) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWS.0system32imapi.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI ImapiServicexmlprov (ImapiServicexmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба COM записи компакт-дисков IMAPI ImapiServiceZZZsvc_lich (ImapiServiceZZZsvc_lich) — Unknown owner — C:WINDOWS.0
O23 — Service: Рабочая станция lanmanworkstationccSetMgr (lanmanworkstationccSetMgr) — Unknown owner — C:WINDOWS.0
O23 — Service: Рабочая станция lanmanworkstationSPBBCSvc (lanmanworkstationSPBBCSvc) — Unknown owner — C:WINDOWS.0
O23 — Service: Рабочая станция lanmanworkstationSPBBCSvc lanmanworkstationSPBBCSvcTermService (lanmanworkstationSPBBCSvcTermService) — Unknown owner — C:WINDOWS.0
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWS.0system32mnmsrvc.exe
O23 — Service: NetMeeting Remote Desktop Sharing mnmsrvcSpooler (mnmsrvcSpooler) — Unknown owner — C:WINDOWS.0
O23 — Service: NetMeeting Remote Desktop Sharing mnmsrvcSpooler mnmsrvcSpoolerRSVPNWCWorkstationxmlprov (mnmsrvcSpoolerRSVPNWCWorkstationxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Windows Installer MSIServerBrowserccEvtMgr (MSIServerBrowserccEvtMgr) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер сетевого DDE NetDDEdsdmALG (NetDDEdsdmALG) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер сетевого DDE NetDDEdsdmseclogonZZZsvc_lichxmlprov (NetDDEdsdmseclogonZZZsvc_lichxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Сетевые подключения NetmanUPS (NetmanUPS) — Unknown owner — C:WINDOWS.0
O23 — Service: NOD32 Kernel Service (nod32krn) — Unknown owner — C:Program FilesEsetnod32krn.exe (file missing)
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWS.0system32nvsvc32.exe
O23 — Service: Клиент для сетей NetWare NWCWorkstationxmlprov (NWCWorkstationxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Office Source Engine oseMSDTC (oseMSDTC) — Unknown owner — C:WINDOWS.0
O23 — Service: Office Source Engine oseMSDTC oseMSDTCZZZsvc_lich (oseMSDTCZZZsvc_lich) — Unknown owner — C:WINDOWS.0
O23 — Service: Office Source Engine oseMSDTC oseMSDTCZZZsvc_lich oseMSDTCZZZsvc_lichClipSrv (oseMSDTCZZZsvc_lichClipSrv) — Unknown owner — C:WINDOWS.0
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWS.0system32services.exe
O23 — Service: Защищенное хранилище ProtectedStoragelanmanworkstationccSetMgr (ProtectedStoragelanmanworkstationccSetMgr) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер авто-подключений удаленного доступа RasAutoSymantecNWCWorkstation (RasAutoSymantecNWCWorkstation) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер авто-подключений удаленного доступа RasAutoSymantecNWCWorkstation RasAutoSymantecNWCWorkstationWmdmPmSN (RasAutoSymantecNWCWorkstationWmdmPmSN) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер подключений удаленного доступа RasManRpcSsxmlprov (RasManRpcSsxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWS.0system32sessmgr.exe
O23 — Service: Удаленный реестр RemoteRegistryNWCWorkstationxmlprov (RemoteRegistryNWCWorkstationxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Удаленный вызов процедур (RPC) RpcSsxmlprov (RpcSsxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Удаленный вызов процедур (RPC) RpcSsxmlprov RpcSsxmlprovRpcSsxmlprov (RpcSsxmlprovRpcSsxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: QoS RSVP RSVPNWCWorkstationxmlprov (RSVPNWCWorkstationxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWS.0System32SCardSvr.exe
O23 — Service: Вторичный вход в систему seclogonSCardSvr (seclogonSCardSvr) — Unknown owner — C:WINDOWS.0
O23 — Service: Вторичный вход в систему seclogonZZZsvc_lichxmlprov (seclogonZZZsvc_lichxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Уведомление о системных событиях SENSNWCWorkstation (SENSNWCWorkstation) — Unknown owner — C:WINDOWS.0
O23 — Service: Уведомление о системных событиях SENSWmiApSrv (SENSWmiApSrv) — Unknown owner — C:WINDOWS.0
O23 — Service: Определение оборудования оболочки ShellHWDetectiondmserver (ShellHWDetectiondmserver) — Unknown owner — C:WINDOWS.0
O23 — Service: Определение оборудования оболочки ShellHWDetectionSwPrv (ShellHWDetectionSwPrv) — Unknown owner — C:WINDOWS.0
O23 — Service: Symantec SPBBCSvc SPBBCSvcdmadmin (SPBBCSvcdmadmin) — Unknown owner — C:WINDOWS.0
O23 — Service: Диспетчер очереди печати SpoolerDefWatch (SpoolerDefWatch) — Unknown owner — C:WINDOWS.0
O23 — Service: MS Software Shadow Copy Provider SwPrvRemoteRegistryNWCWorkstationxmlprov (SwPrvRemoteRegistryNWCWorkstationxmlprov) — Unknown owner — C:WINDOWS.0
O23 — Service: Symantec AntiVirus SymantecNWCWorkstation (SymantecNWCWorkstation) — Unknown owner — C:WINDOWS.0
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWS.0system32smlogsvc.exe
O23 — Service: Службы терминалов TermServicelanmanworkstation (TermServicelanmanworkstation) — Unknown owner — C:WINDOWS.0
O23 — Service: Источник бесперебойного питания UPSsdAuxService (UPSsdAuxService) — Unknown owner — C:WINDOWS.0
O23 — Service: Источник бесперебойного питания UPSwuauserv (UPSwuauserv) — Unknown owner — C:WINDOWS.0
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWS.0System32vssvc.exe
O23 — Service: Теневое копирование тома VSSmnmsrvc (VSSmnmsrvc) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба времени Windows W32TimeEventSystem (W32TimeEventSystem) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба времени Windows W32TimeRemoteRegistry (w32timeremoteregistry) — Unknown owner — C:WINDOWS.0system32actmoviey.exe
O23 — Service: Инструментарий управления Windows winmgmt Service (winmgmt Service) — Unknown owner — C:WINDOWS.0
O23 — Service: Инструментарий управления Windows winmgmtVSSmnmsrvc (winmgmtVSSmnmsrvc) — Unknown owner — C:WINDOWS.0
O23 — Service: Служба серийных номеров переносных устройств мультимедиа WmdmPmSNMSIServer (WmdmPmSNMSIServer) — Unknown owner — C:WINDOWS.0
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWS.0system32wbemwmiapsrv.exe
O23 — Service: Расширения драйверов WMI (Windows Management Instrumentation) WmiRDSessMgr (WmiRDSessMgr) — Unknown owner — C:WINDOWS.0
O23 — Service: Автоматическое обновление (wuauserv) — Unknown owner — C:WINDOWS.0
O23 — Service: Автоматическое обновление wuauservsrservice (wuauservsrservice) — Unknown owner — C:WINDOWS.0
O23 — Service: Беспроводная настройка WZCSVCMSDTC (WZCSVCMSDTC) — Unknown owner — C:WINDOWS.0
O23 — Service: ZZZsvc_lich ZZZsvc_lichCryptSvc (ZZZsvc_lichCryptSvc) — Unknown owner — C:WINDOWS.0
O23 — Service: ZZZsvc_lich ZZZsvc_lichxmlprov (ZZZsvc_lichxmlprov) — Unknown owner — C:WINDOWS.0—
End of file — 17109 bytes======Scheduled tasks folder======
C:WINDOWS.0tasksPCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — MEGAUPLOADTOOLBAR — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-09-20 1933256][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«CnxDslTaskBar»=C:Program FilesConexantAccessRunner ADSLCnxDslTb.exe [2003-10-29 462848]
«NeroCheck»=C:WINDOWS.0system32NeroCheck.exe [2001-07-09 155648]
«SoundMax»=C:Program FilesAnalog DevicesSoundMAXSMax4.exe [2006-04-10 729088]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-05-01 843776]
«LogitechVideoRepair»=C:Program FilesLogitechVideoISStart.exe []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-03-28 413696]
«Logitech Hardware Abstraction Layer»=C:WINDOWS.0KHALMNPR.EXE [2007-06-12 56080]
«Bluetooth Connection Assistant»=LBTWIZ.EXE -silent []
«lphcv1pj0ec2p»=C:WINDOWS.0system32lphcv1pj0ec2p.exe []
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-12-16 4428472]
«NvCplDaemon»=C:WINDOWS.0system32NvCpl.dll [2006-02-13 7557120]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWS.0system32NvMcTray.dll [2006-02-13 86016]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«Malware Doctor»=C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe [2009-05-29 96768][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWS.0system32ctfmon.exe [2004-08-17 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«DriverCure»=C:Program FilesParetoLogicDriverCureDriverCure.exe -scan []
«Malware Doctor»=C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe [2009-05-29 96768]C:Documents and SettingsAll Users.WINDOWS.0Главное менюПрограммыАвтозагрузка
APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32]
WinCtrl32.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
oledll — {52345B67-1234-1234-D123-7F84D123BC7D} — C:WINDOWS.0system32wm0dap.dll [2009-03-21 73728][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinag75.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinbi63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinbi85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci31.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinck06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindj30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindj52.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindk17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindk63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinek86.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinel52.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfl53.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinhn20.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinho63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinip30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinip41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinjq63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkq18.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkq28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkr30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkr74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinlr85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinls17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinms41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnu74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinov85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpv63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpw06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqw07.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqx06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqx85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx18.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinry63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinry85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsa06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsa74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsy17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsy74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinta30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintb06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintb28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinub74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinub85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinuc74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwd17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwe06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwf28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxe06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxe52.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyg63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyh28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyh85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinag75.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinah28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinah30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinah63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinbi63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinbi85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci31.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinck06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindj30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindj52.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindk17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindk63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinek86.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinel52.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfl53.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinhn20.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinho63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinip30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinip41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinjq63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkq18.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkq28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkr30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkr74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinlr85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinls17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinms41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinnu74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinov85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpv63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpw06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqw07.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqx06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqx85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx18.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx41.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinry63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinry85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsa06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsa74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsy17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsy74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinta30.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintb06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintb28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinub74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinub85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinuc74.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwd17.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwe06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwf28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxe06.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxe52.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyg63.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyh28.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyh85.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0
«NoDispAppearancePage»=0
«NoDispSettingsPage»=0
«DisableTaskMgr»=1
«DisableRegistryTools»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoDesktop»=0
«NoActiveDesktop»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesICQICQ6ICQ.exe»=»C:Program FilesICQICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesVeoh NetworksVeohVeohClient.exe»=»C:Program FilesVeoh NetworksVeohVeohClient.exe:*:Enabled:Veoh Client»
«C:Program FilesLight AlloyLA 2.6.exe»=»C:Program FilesLight AlloyLA 2.6.exe:*:Enabled:LA 2.6»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesInternet Exploreriexplore.exe»=»C:Program FilesInternet Exploreriexplore.exe:*:Enabled:Internet Explorer»
«C:Documents and SettingsJulik.HOME-D366FC8527Главное менюПрограммыSkypePhoneSkype.exe»=»C:Documents and SettingsJulik.HOME-D366FC8527Главное менюПрограммыSkypePhoneSkype.exe:*:Disabled:Skype. The whole world can talk for free.»
«C:WINDOWS.0explorer.exe»=»C:WINDOWS.0explorer.exe:*:Disabled:Проводник»
«C:WINDOWS.0system32sessmgr.exe»=»C:WINDOWS.0system32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2I]
shellAutoRuncommand — setup.exe======List of files/folders created in the last 1 months======
2009-05-29 15:23:47 —-A—- C:WINDOWS.0system324.tmp
2009-05-29 15:20:58 —-D—- C:Avenger
2009-05-29 15:20:58 —-A—- C:avenger.txt
2009-05-29 15:18:24 —-D—- C:rsit
2009-05-29 14:59:44 —-A—- C:WINDOWS.0system323.tmp
2009-05-29 14:05:00 —-D—- C:Documents and SettingsJulik.HOME-D366FC8527Application DataMalwarebytes
2009-05-29 14:04:56 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataMalwarebytes
2009-05-29 14:04:55 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-29 13:51:38 —-D—- C:Program FilesAdvanced Spyware Remover
2009-05-29 13:48:03 —-D—- C:Documents and SettingsJulik.HOME-D366FC8527Application DataVirusRemover2009
2009-05-29 13:41:59 —-D—- C:Program FilesVirusRemover2009
2009-05-29 12:57:48 —-A—- C:WINDOWS.0system322.tmp
2009-05-29 12:36:26 —-A—- C:WINDOWS.0system32imon.dll
2009-05-29 12:24:21 —-A—- C:WINDOWS.0system327.tmp
2009-05-29 12:02:45 —-D—- C:Program Filestrend micro
2009-05-29 11:57:25 —-A—- C:WINDOWS.0system321.tmp
2009-05-29 11:51:44 —-A—- C:Program Filesgkubsdsj.txt
2009-05-29 11:42:19 —-RASHD—- C:autorun.inf
2009-05-29 11:37:34 —-A—- C:WINDOWS.0system3242.tmp
2009-05-29 11:12:42 —-A—- C:WINDOWS.0system32jhxm32.dll
2009-05-29 11:12:19 —-A—- C:WINDOWS.0system32avast!Antivirus.exe
2009-05-25 22:29:56 —-SHD—- C:WINDOWS.0system32lowsec
2009-05-18 16:21:36 —-RSH—- C:WINDOWS.0system32actmoviey.exe
2009-05-18 16:21:13 —-A—- C:WINDOWS.0system32digiwet.dll======List of files/folders modified in the last 1 months======
2009-05-29 15:23:52 —-D—- C:WINDOWS.0system32
2009-05-29 15:23:47 —-D—- C:Program FilesInternet Explorer
2009-05-29 15:23:40 —-D—- C:WINDOWS.0Temp
2009-05-29 15:20:58 —-D—- C:WINDOWS.0system32drivers
2009-05-29 15:20:58 —-D—- C:WINDOWS.0
2009-05-29 15:19:26 —-A—- C:WINDOWS.0SchedLgU.Txt
2009-05-29 14:04:55 —-RD—- C:Program Files
2009-05-29 13:43:35 —-SHD—- C:WINDOWS.0Installer
2009-05-29 13:43:35 —-SHD—- C:Config.Msi
2009-05-29 13:43:35 —-D—- C:Program FilesESET
2009-05-29 12:53:29 —-AC—- C:WINDOWS.0ntbtlog.txt
2009-05-29 11:38:33 —-D—- C:WINDOWS.0Prefetch
2009-05-29 11:36:52 —-D—- C:Program FilesAdobe
2009-05-29 11:36:30 —-D—- C:WINDOWS.0WinSxS
2009-05-29 11:36:23 —-D—- C:Program FilesCommon FilesAdobe
2009-05-29 11:36:05 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataAdobe
2009-05-29 11:29:51 —-D—- C:Documents and SettingsJulik.HOME-D366FC8527Application DataSkype
2009-05-29 11:29:48 —-D—- C:Program FilesuTorrent
2009-05-29 11:12:09 —-D—- C:Program FilesMozilla Firefox
2009-05-29 11:12:03 —-D—- C:Documents and SettingsJulik.HOME-D366FC8527Application DataskypePM
2009-05-26 10:13:57 —-D—- C:Documents and Settings
2009-05-26 09:07:10 —-HD—- C:WINDOWS.0inf
2009-05-26 09:07:09 —-D—- C:WINDOWS.0system32CatRoot
2009-05-26 09:06:46 —-D—- C:WINDOWS.0system32CatRoot2
2009-05-25 01:48:30 —-RSHDC—- C:WINDOWS.0system32dllcache
2009-05-21 14:13:35 —-D—- C:Program FilesMass Downloader
2009-05-17 22:53:08 —-AC—- C:WINDOWS.0My Video Converter.INI
2009-05-07 01:21:08 —-D—- C:Program FilesWinamp
2009-05-03 19:48:34 —-D—- C:WINDOWS.0system32CatRoot_bak======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWS.0system32DRIVERSAmdK8.sys [2005-03-09 43008]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWS.0system32driversatkkbnt.sys [2005-10-18 11008]
R1 NetworkX;NetworkX; C:WINDOWS.0system32ckldrv.sys [2000-02-03 24608]
R2 EIO;EIO; ??C:WINDOWS.0system32driversEIO.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWS.0system32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWS.0system32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWS.0system32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWS.0system32driversADIHdAud.sys [2006-05-02 229888]
R3 AEAudio;AE Audio Service; C:WINDOWS.0system32driversAEAudio.sys [2006-04-27 93824]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWS.0system32DRIVERSarp1394.sys [2004-08-17 60800]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver; C:WINDOWS.0system32DRIVERSCnxEtP.sys [2003-09-12 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:WINDOWS.0system32DRIVERSCnxEtU.sys [2003-09-12 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver; C:WINDOWS.0system32DRIVERSCnxTgN.sys [2003-10-29 108675]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWS.0system32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWS.0system32DRIVERShidusb.sys [2001-08-17 9600]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWS.0system32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWS.0system32DRIVERSnic1394.sys [2004-08-17 61824]
R3 nv;nv; C:WINDOWS.0system32DRIVERSnv4_mini.sys [2006-02-13 3642784]
R3 NWRDR;NetWare Rdr; C:WINDOWS.0system32DRIVERSnwrdr.sys [2006-10-13 163584]
R3 SenFiltService;SenFilt Service; C:WINDOWS.0system32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWS.0system32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWS.0system32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWS.0system32DRIVERSusbohci.sys [2004-08-03 17024]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWS.0system32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 CCDECODE;Closed Caption декодер; C:WINDOWS.0system32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWS.0system32DRIVERSHidBatt.sys [2001-08-17 19200]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:WINDOWS.0system32DRIVERSL8042Kbd.sys [2007-06-12 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:WINDOWS.0system32DRIVERSL8042mou.Sys [2007-06-12 63376]
S3 LMouKE;SetPoint Mouse Filter Driver; C:WINDOWS.0system32DRIVERSLMouKE.Sys [2007-06-12 79376]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWS.0system32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWS.0system32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWS.0system32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWS.0system32DRIVERSSLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:WINDOWS.0system32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWS.0System32Driversusbaapl.sys []
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWS.0system32driversusbaudio.sys [2004-08-04 59264]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWS.0system32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbscan;Драйвер USB-сканера; C:WINDOWS.0system32DRIVERSusbscan.sys [2004-08-03 15104]
S3 Winag75;Winag75; ??C:WINDOWS.0System32driversWinag75.sys []
S3 Winah63;Winah63; ??C:WINDOWS.0System32driversWinah63.sys []
S3 Winjq63;Winjq63; ??C:WINDOWS.0System32driversWinjq63.sys []
S3 Winov85;Winov85; ??C:WINDOWS.0System32driversWinov85.sys []
S3 Winrx41;Winrx41; ??C:WINDOWS.0System32driversWinrx41.sys []
S3 Winsa06;Winsa06; ??C:WINDOWS.0System32driversWinsa06.sys []
S3 Winuc74;Winuc74; ??C:WINDOWS.0System32driversWinuc74.sys []
S3 Winwd17;Winwd17; ??C:WINDOWS.0System32driversWinwd17.sys []
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWS.0system32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:WINDOWS.0system32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWS.0System32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
R2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWS.0ATKKBService.exe [2005-10-18 241152]
R2 avast!antivirus;avast!antivirus; C:WINDOWS.0System32avast!Antivirus.exe [2009-05-29 32768]
R2 Crypkey License;Crypkey License; C:WINDOWS.0system32crypserv.exe [2000-06-29 52224]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWS.0system32nvsvc32.exe [2006-02-13 143426]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWS.0system32svchost.exe [2004-08-17 14336]
S2 APCSENSWmiApSrv;APC UPS Service APCSENSWmiApSrv; р%Ђ|x srv []
S2 APCShellHWDetectiondmserver;APC UPS Service APCShellHWDetectiondmserver; р%Ђ|x srv []
S2 AppleDhcp;Apple Mobile Device AppleDhcp; р%Ђ|x srv []
S2 BITSATKKeyboardService;Фоновая интеллектуальная служба передачи (BITS) BITSATKKeyboardService; р%Ђ|x srv []
S2 BonjourAlerter;Bonjour Service BonjourAlerter; р%Ђ|x srv []
S2 BrowserccEvtMgr;Обозреватель компьютеров BrowserccEvtMgr; р%Ђ|x srv []
S2 ccEvtMgrdmserver;Symantec Event Manager ccEvtMgrdmserver; р%Ђ|x srv []
S2 ccEvtMgrdmserverwuauservsrservice;Symantec Event Manager ccEvtMgrdmserver ccEvtMgrdmserverwuauservsrservice; р%Ђ|x srv []
S2 CiSvcBrowser;Служба индексирования CiSvcBrowser; р%Ђ|x srv []
S2 CiSvcSCardSvr;Служба индексирования CiSvcSCardSvr; р%Ђ|x srv []
S2 DhcpccPwdSvc;DHCP-клиент DhcpccPwdSvc; р%Ђ|x srv []
S2 DhcpHidServ;DHCP-клиент DhcpHidServ; р%Ђ|x srv []
S2 dmadminRemoteAccess;Служба администрирования диспетчера логических дисков dmadminRemoteAccess; р%Ђ|x srv []
S2 dmserver UPS Service;Диспетчер логических дисков dmserver UPS Service; р%Ђ|x srv []
S2 dmserverNWCWorkstation;Диспетчер логических дисков dmserverNWCWorkstation; р%Ђ|x srv []
S2 dmserverNWCWorkstationSysmonLog;Диспетчер логических дисков dmserverNWCWorkstation dmserverNWCWorkstationSysmonLog; р%Ђ|x srv []
S2 ERSvcRpcSsxmlprov;Служба регистрации ошибок ERSvcRpcSsxmlprov; р%Ђ|x srv []
S2 Eventlog License;Журнал событий Eventlog License; р%Ђ|x srv []
S2 EventlogLmHosts;Журнал событий EventlogLmHosts; р%Ђ|x srv []
S2 ImapiServicexmlprov;Служба COM записи компакт-дисков IMAPI ImapiServicexmlprov; р%Ђ|x srv []
S2 ImapiServiceZZZsvc_lich;Служба COM записи компакт-дисков IMAPI ImapiServiceZZZsvc_lich; р%Ђ|x srv []
S2 lanmanworkstationccSetMgr;Рабочая станция lanmanworkstationccSetMgr; р%Ђ|x srv []
S2 lanmanworkstationSPBBCSvc;Рабочая станция lanmanworkstationSPBBCSvc; р%Ђ|x srv []
S2 lanmanworkstationSPBBCSvcTermService;Рабочая станция lanmanworkstationSPBBCSvc lanmanworkstationSPBBCSvcTermService; р%Ђ|x srv []
S2 mnmsrvcSpooler;NetMeeting Remote Desktop Sharing mnmsrvcSpooler; р%Ђ|x srv []
S2 mnmsrvcSpoolerRSVPNWCWorkstationxmlprov;NetMeeting Remote Desktop Sharing mnmsrvcSpooler mnmsrvcSpoolerRSVPNWCWorkstationxmlprov; р%Ђ|x srv []
S2 MSIServerBrowserccEvtMgr;Windows Installer MSIServerBrowserccEvtMgr; р%Ђ|x srv []
S2 NetDDEdsdmALG;Диспетчер сетевого DDE NetDDEdsdmALG; р%Ђ|x srv []
S2 NetDDEdsdmseclogonZZZsvc_lichxmlprov;Диспетчер сетевого DDE NetDDEdsdmseclogonZZZsvc_lichxmlprov; р%Ђ|x srv []
S2 NetmanUPS;Сетевые подключения NetmanUPS; р%Ђ|x srv []
S2 nod32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe []
S2 NWCWorkstationxmlprov;Клиент для сетей NetWare NWCWorkstationxmlprov; р%Ђ|x srv []
S2 oseMSDTC;Office Source Engine oseMSDTC; р%Ђ|x srv []
S2 oseMSDTCZZZsvc_lich;Office Source Engine oseMSDTC oseMSDTCZZZsvc_lich; р%Ђ|x srv []
S2 oseMSDTCZZZsvc_lichClipSrv;Office Source Engine oseMSDTC oseMSDTCZZZsvc_lich oseMSDTCZZZsvc_lichClipSrv; р%Ђ|x srv []
S2 ProtectedStoragelanmanworkstationccSetMgr;Защищенное хранилище ProtectedStoragelanmanworkstationccSetMgr; р%Ђ|x srv []
S2 RasAutoSymantecNWCWorkstation;Диспетчер авто-подключений удаленного доступа RasAutoSymantecNWCWorkstation; р%Ђ|x srv []
S2 RasAutoSymantecNWCWorkstationWmdmPmSN;Диспетчер авто-подключений удаленного доступа RasAutoSymantecNWCWorkstation RasAutoSymantecNWCWorkstationWmdmPmSN; р%Ђ|x srv []
S2 RasManRpcSsxmlprov;Диспетчер подключений удаленного доступа RasManRpcSsxmlprov; р%Ђ|x srv []
S2 RemoteRegistryNWCWorkstationxmlprov;Удаленный реестр RemoteRegistryNWCWorkstationxmlprov; р%Ђ|x srv []
S2 RpcSsxmlprov;Удаленный вызов процедур (RPC) RpcSsxmlprov; р%Ђ|x srv []
S2 RpcSsxmlprovRpcSsxmlprov;Удаленный вызов процедур (RPC) RpcSsxmlprov RpcSsxmlprovRpcSsxmlprov; р%Ђ|x srv []
S2 RSVPNWCWorkstationxmlprov;QoS RSVP RSVPNWCWorkstationxmlprov; р%Ђ|x srv []
S2 seclogonSCardSvr;Вторичный вход в систему seclogonSCardSvr; р%Ђ|x srv []
S2 seclogonZZZsvc_lichxmlprov;Вторичный вход в систему seclogonZZZsvc_lichxmlprov; р%Ђ|x srv []
S2 SENSNWCWorkstation;Уведомление о системных событиях SENSNWCWorkstation; р%Ђ|x srv []
S2 SENSWmiApSrv;Уведомление о системных событиях SENSWmiApSrv; р%Ђ|x srv []
S2 ShellHWDetectiondmserver;Определение оборудования оболочки ShellHWDetectiondmserver; р%Ђ|x srv []
S2 ShellHWDetectionSwPrv;Определение оборудования оболочки ShellHWDetectionSwPrv; р%Ђ|x srv []
S2 SPBBCSvcdmadmin;Symantec SPBBCSvc SPBBCSvcdmadmin; р%Ђ|x srv []
S2 SpoolerDefWatch;Диспетчер очереди печати SpoolerDefWatch; р%Ђ|x srv []
S2 SwPrvRemoteRegistryNWCWorkstationxmlprov;MS Software Shadow Copy Provider SwPrvRemoteRegistryNWCWorkstationxmlprov; р%Ђ|x srv []
S2 SymantecNWCWorkstation;Symantec AntiVirus SymantecNWCWorkstation; р%Ђ|x srv []
S2 TermServicelanmanworkstation;Службы терминалов TermServicelanmanworkstation; р%Ђ|x srv []
S2 UPSsdAuxService;Источник бесперебойного питания UPSsdAuxService; р%Ђ|x srv []
S2 UPSwuauserv;Источник бесперебойного питания UPSwuauserv; р%Ђ|x srv []
S2 VSSmnmsrvc;Теневое копирование тома VSSmnmsrvc; р%Ђ|x srv []
S2 W32TimeEventSystem;Служба времени Windows W32TimeEventSystem; р%Ђ|x srv []
S2 w32timeremoteregistry;Служба времени Windows W32TimeRemoteRegistry; C:WINDOWS.0system32actmoviey.exe [2009-05-18 52736]
S2 winmgmt Service;Инструментарий управления Windows winmgmt Service; р%Ђ|x srv []
S2 winmgmtVSSmnmsrvc;Инструментарий управления Windows winmgmtVSSmnmsrvc; р%Ђ|x srv []
S2 WmdmPmSNMSIServer;Служба серийных номеров переносных устройств мультимедиа WmdmPmSNMSIServer; р%Ђ|x srv []
S2 WmiRDSessMgr;Расширения драйверов WMI (Windows Management Instrumentation) WmiRDSessMgr; р%Ђ|x srv []
S2 wuauservsrservice;Автоматическое обновление wuauservsrservice; р%Ђ|x srv []
S2 WZCSVCMSDTC;Беспроводная настройка WZCSVCMSDTC; р%Ђ|x srv []
S2 ZZZsvc_lichCryptSvc;ZZZsvc_lich ZZZsvc_lichCryptSvc; р%Ђ|x srv []
S2 ZZZsvc_lichxmlprov;ZZZsvc_lich ZZZsvc_lichxmlprov; р%Ђ|x srv []
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-02-25 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Кроме описанной вами проблемы компьютер ещё заражён несколькими троянами.
Запустите HijackThis, для этого кликните Пуск, Выполнить, введитеC:Program Filestrend microJulik.exeи нажмите Enter.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:F2 - REG:system.ini: UserInit=C:WINDOWS.0system32userinit.exe,C:WINDOWS.0system32sdra64.exe,
O4 - HKCU..Run: [Malware Doctor] C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe
O4 - HKUS.DEFAULT..Run: [braviax] C:WINDOWS.0system32braviax.exe (User 'Default user')Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:Drivers to delete:
Winag75
Winah63
Winjq63
Winov85
Winrx41
Winsa06
Winuc74
Winwd17
Registry values to delete:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun | lphcv1pj0ec2p
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun | Malware Doctor
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad | oledll
Registry keys to delete:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinCtrl32
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinag75.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinah63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinbi63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinbi85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci31.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWincj41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinck06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindj30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindj52.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindk17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindk63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinek86.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinel52.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfl53.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinhn20.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinho63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinip30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinip41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinjq63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkq18.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkq28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkr30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkr74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinlr85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinls17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinms41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinnu74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinov85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpv63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpw06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqw07.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqx06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqx85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx18.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinry63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinry85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsa06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsa74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsy17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsy74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinta30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintb06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWintb28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinub74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinub85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinuc74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwd17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwe06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwf28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxe06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxe52.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyg63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyh28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinyh85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinag75.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinah28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinah30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinah63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinbi63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinbi85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci31.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWincj41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinck06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindj30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindj52.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindk17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindk63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinek86.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinel52.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfl53.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinhn20.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinho63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinip30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinip41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinjq63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkq18.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkq28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkr30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkr74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinlr85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinls17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinms41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinnu74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinov85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpv63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpw06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqw07.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqx06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqx85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx18.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx41.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinry63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinry85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsa06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsa74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsy17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsy74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinta30.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintb06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWintb28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinub74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinub85.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinuc74.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwd17.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwe06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwf28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxe06.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxe52.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyg63.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyh28.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinyh85.sys
Files to delete:
C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe
C:WINDOWS.0system32wm0dap.dll
C:WINDOWS.0System32driversWinag75.sys
C:WINDOWS.0System32driversWinah63.sys
C:WINDOWS.0System32driversWinjq63.sys
C:WINDOWS.0System32driversWinjq63.sys
C:WINDOWS.0System32driversWinov85.sys
C:WINDOWS.0System32driversWinrx41.sys
C:WINDOWS.0System32driversWinsa06.sys
C:WINDOWS.0System32driversWinuc74.sys
C:WINDOWS.0System32driversWinwd17.sysКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ. И ещё приложите свежий RSIT лог.ОГРОМНОЕ спасибо! Не знаю, как выразить мою благодарность. Мальваре исчезла. Про трояны знаю, ни один антивирус не хотел из-за мальваре работать. В ходе операции: «O4 — HKCU..Run: [Malware Doctor] C:Documents and SettingsLocalService.NT AUTHORITY.000Application Data691447002.exe» было 2, на всякий случай выделила все.
[attachment=0:cxj3sjiq]RIST log.txt[/attachment:cxj3sjiq]
[attachment=1:cxj3sjiq]avenger log.txt[/attachment:cxj3sjiq]Нужно подчистить ещё немного.
Запустите HijackThis (смтрите моё предыдущее сообщение).
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:F2 - REG:system.ini: UserInit=C:WINDOWS.0SYSTEM32Userinit.exe,C:WINDOWS.0system32sdra64.exe,Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
- Для ответа в этой теме необходимо авторизоваться.
