- This topic has 4 ответа, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Включил комп, там порно-информер — новостная лента. Предлагает для того, чтобы она исчезла sms отправить. Не хочу! Еще и зарегестрироваться мне мешала.
Помогите пожалуйста! Просканировал при помощи Hijack This. Info file почему-то не появился… Мой log file:Logfile of random’s system information tool 1.05 (written by random/random)
Run by Wormann at 2009-01-13 01:59:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (13%) free of 30 GB
Total RAM: 2047 MB (64% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:56, on 13.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.exe
C:WINDOWSsystem32csrcs.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesEsetnod32kui.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesUpsPilotWinpower.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSuperCopier2SuperCopier2.exe
C:Program FilesStatistXPStatistXP.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesDownload Masterdmaster.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesEsetnod32krn.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1UpsPilotmonitor.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:WINDOWSSystem32alg.exe
C:PROGRA~1UpsPilotwpRMI.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesMicrosoft OfficeOffice12WINWORD.EXE
C:Program FilesWinampWinamp.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:DownloadsПрограммыRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microWormann.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 — BHO: xaelibP — {757FF18E-494C-46AC-AF9D-6A6012C315A3} — C:Documents and SettingsAll UsersApplication Dataxaelib.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.6.0_03binjusched.exe
O4 — HKLM..Run: [Winpower] C:Program FilesUpsPilotWinpower.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [StatistXP] C:Program FilesStatistXPStatistXP.exe
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{213FDE4F-BE95-4ECC-9C59-1DA930CE0C3E}: NameServer = 85.95.165.60 85.95.164.60
O17 — HKLMSystemCCSServicesTcpip..{FA2518DE-C7A6-4262-B822-577EC603CEDE}: NameServer = 10.2.120.101,10.2.120.103,10.1.0.19
O20 — AppInit_DLLs: prio.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Winpowermanager — Macrovision — C:PROGRA~1UpsPilotmanager.exe
O23 — Service: Winpowermonitor — Macrovision — C:PROGRA~1UpsPilotmonitor.exe
O23 — Service: WinpowerRMI — Macrovision — C:PROGRA~1UpsPilotwpRMI.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9647 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-07-31 1933256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{757FF18E-494C-46AC-AF9D-6A6012C315A3}]
SHN Data Decoder — C:Documents and SettingsAll UsersApplication Dataxaelib.dll [2009-01-13 322560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-22 1090824]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — Megaupload Toolbar — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-07-31 1933256][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-09-25 90112]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-05-18 16207872]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-02-14 917504]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_03binjusched.exe [2007-09-25 132496]
«Winpower»=C:Program FilesUpsPilotWinpower.exe [2008-12-17 114688][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«SuperCopier2.exe»=C:Program FilesSuperCopier2SuperCopier2.exe [2007-05-08 1052672]
«StatistXP»=C:Program FilesStatistXPStatistXP.exe [2007-02-03 1687552]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2007-07-02 220544]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2003-11-12 207872]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-11-18 3297280]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-22 449800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»prio.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-12-17 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesAzureusAzureus.exe»=»C:Program FilesAzureusAzureus.exe:*:Enabled:Azureus»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesSEGAMedieval II Total Warkingdoms.exe»=»C:Program FilesSEGAMedieval II Total Warkingdoms.exe:*:Enabled:Medieval 2 Total War: Kingdoms»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f97d050-30c2-11dd-bb84-00161798a4e5}]
shellAutoRuncommand — H:
shellexplorecommand — RECYCLERautorun.exe -ExploreCurDir
shellopencommand — RECYCLERautorun.exe -OpenCurDir[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3b9fe559-f1d5-11dc-bb48-00161798a4e5}]
shellAutoRuncommand — H:rckdht.exe
shellexplorecommand — H:rckdht.exe
shellopencommand — H:rckdht.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3dc43f99-42ac-11dd-bb98-00161798a4e5}]
shellAutoRuncommand — H:qrzuqq.exe
shellexplorecommand — H:qrzuqq.exe
shellopencommand — H:qrzuqq.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7abe3f4f-daf3-11dc-bffb-806d6172696f}]
shellAutoRuncommand — F:Setup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a6b0f18f-b8cb-11dd-bbd8-00161798a4e5}]
shellAutoRuncommand — H:rckdht.exe
shellexplorecommand — H:rckdht.exe
shellopencommand — H:rckdht.exe======List of files/folders created in the last 1 months======
2009-01-13 01:59:41 —-D—- C:Program Filestrend micro
2009-01-13 01:59:40 —-D—- C:rsit
2009-01-13 00:27:54 —-A—- C:WINDOWSsystem32stu2.exe
2009-01-13 00:27:18 —-A—- C:Documents and SettingsAll UsersApplication Dataxaelib.dll
2009-01-12 14:55:57 —-A—- C:WINDOWSsystem32ub.exe
2009-01-06 14:31:41 —-A—- C:WINDOWSsystem32ptpusb.dll
2009-01-06 14:31:40 —-A—- C:WINDOWSsystem32ptpusd.dll
2008-12-19 22:23:33 —-D—- C:Program FilesAkella Games
2008-12-19 03:00:37 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2008-12-19 03:00:25 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2008-12-17 14:01:54 —-D—- C:WINDOWSPrefetch
2008-12-17 13:59:51 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-17 13:59:47 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-17 13:59:43 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-17 13:59:38 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-17 13:59:34 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-17 13:59:30 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-17 13:59:25 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-17 13:59:21 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-17 13:59:17 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-17 13:59:13 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2008-12-17 13:59:09 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-12-17 13:59:04 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2008-12-17 13:59:00 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2008-12-17 13:58:57 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-17 13:58:53 —-HDC—- C:WINDOWS$NtUninstallKB951376$
2008-12-17 13:58:48 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-12-17 13:58:44 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2008-12-17 13:58:40 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2008-12-17 13:58:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2008-12-17 13:58:32 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-17 13:57:13 —-D—- C:WINDOWSl2schemas
2008-12-17 13:55:31 —-D—- C:WINDOWSServicePackFiles
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32TrayIcon12.dll
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32smemory.dll
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinRnia.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinRni.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinNm.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWin.dll
2008-12-17 13:53:08 —-HD—- C:Program FilesZero G Registry
2008-12-17 13:53:08 —-D—- C:Program FilesUpsPilot
2008-12-17 13:53:06 —-A—- C:WINDOWSsystem32spupdsvc.exe
2008-12-17 13:52:26 —-HDC—- C:WINDOWS$NtServicePackUninstall$======List of files/folders modified in the last 1 months======
2009-01-13 01:59:41 —-RD—- C:Program Files
2009-01-13 01:48:56 —-D—- C:WINDOWSTemp
2009-01-13 01:47:32 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-13 01:40:24 —-D—- C:Documents and SettingsWormannApplication DataAzureus
2009-01-13 00:48:18 —-D—- C:Downloads
2009-01-13 00:41:47 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-13 00:39:24 —-A—- C:WINDOWSwinamp.ini
2009-01-13 00:27:54 —-D—- C:WINDOWSsystem32
2009-01-13 00:27:52 —-A—- C:WINDOWSsystem32userinit.exe
2009-01-12 19:07:20 —-D—- C:Program FileseMule
2009-01-12 18:52:27 —-A—- C:WINDOWSNeroDigital.ini
2009-01-12 14:52:13 —-D—- C:WINDOWS
2009-01-12 12:08:22 —-D—- C:WINDOWSsystem32config
2009-01-11 00:02:14 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-01-10 21:53:45 —-D—- C:Program FilesDownload Master
2009-01-10 21:43:16 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-10 21:15:01 —-D—- C:Program FilesOpera
2009-01-10 15:55:49 —-D—- C:Documents and SettingsWormannApplication DatauTorrent
2009-01-10 15:44:40 —-D—- C:Documents and SettingsWormannApplication DataDownload Master
2009-01-06 14:31:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-06 14:31:41 —-D—- C:WINDOWSsystem32drivers
2009-01-04 17:31:07 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-28 13:20:24 —-HD—- C:WINDOWSinf
2008-12-19 03:00:35 —-A—- C:WINDOWSimsins.BAK
2008-12-19 03:00:32 —-HD—- C:WINDOWS$hf_mig$
2008-12-19 03:00:32 —-D—- C:WINDOWSie7updates
2008-12-17 14:03:21 —-A—- C:WINDOWSOEWABLog.txt
2008-12-17 14:01:56 —-A—- C:WINDOWSsetuplog.txt
2008-12-17 14:01:35 —-RSD—- C:WINDOWSFonts
2008-12-17 14:01:35 —-D—- C:WINDOWSsystem32wbem
2008-12-17 14:01:35 —-D—- C:WINDOWSsystem32Setup
2008-12-17 14:01:35 —-D—- C:WINDOWSAppPatch
2008-12-17 14:00:30 —-D—- C:WINDOWSsecurity
2008-12-17 13:59:52 —-D—- C:WINDOWSsystem32CatRoot
2008-12-17 13:58:37 —-D—- C:Program FilesMessenger
2008-12-17 13:57:25 —-D—- C:WINDOWSWinSxS
2008-12-17 13:57:18 —-D—- C:WINDOWSsystem32inetsrv
2008-12-17 13:57:18 —-D—- C:WINDOWSehome
2008-12-17 13:57:17 —-D—- C:WINDOWSnetwork diagnostic
2008-12-17 13:57:17 —-D—- C:WINDOWSime
2008-12-17 13:57:17 —-D—- C:WINDOWSHelp
2008-12-17 13:57:14 —-D—- C:WINDOWSsystem32usmt
2008-12-17 13:57:14 —-D—- C:WINDOWSsystem32ru-ru
2008-12-17 13:57:13 —-D—- C:WINDOWSsystem32ru
2008-12-17 13:57:13 —-D—- C:WINDOWSsystem32bits
2008-12-17 13:57:13 —-D—- C:WINDOWSPeerNet
2008-12-17 13:57:13 —-D—- C:Program FilesMovie Maker
2008-12-17 13:55:19 —-D—- C:WINDOWSsystem32Restore
2008-12-17 13:55:18 —-D—- C:WINDOWSsystem32npp
2008-12-17 13:55:18 —-D—- C:WINDOWSmsagent
2008-12-17 13:55:17 —-D—- C:WINDOWSsrchasst
2008-12-17 13:55:17 —-D—- C:Program FilesNetMeeting
2008-12-17 13:55:16 —-D—- C:WINDOWSsystem32Com
2008-12-17 13:55:15 —-D—- C:Program FilesWindows NT
2008-12-17 13:55:15 —-D—- C:Program FilesWindows Media Player
2008-12-17 13:55:15 —-D—- C:Program FilesOutlook Express
2008-12-17 13:55:14 —-D—- C:Program FilesCommon FilesSystem
2008-12-17 13:55:06 —-D—- C:WINDOWSsystem32oobe
2008-12-17 13:55:05 —-D—- C:WINDOWSsystem
2008-12-15 09:05:02 —-D—- C:WINDOWSMinidump======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 Prio;Prio; C:WINDOWSSystem32driversprio.sys [2007-09-11 34064]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; ??C:WINDOWSsystem32driversamon.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2007-12-04 11868]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-12-17 1918464]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-05-16 4275712]
R3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-03-22 18944]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 aduwthad;aduwthad; C:WINDOWSsystem32driversaduwthad.sys []
S3 autorun;autorun; ??c:huadio.tmp []
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 mchInjDrv;mchInjDrv; ??C:DOCUME~1WormannLOCALS~1Tempmc26.tmp []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-12-17 434176]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2006-10-19 61440]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-02-14 495616]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 Winpowermonitor;Winpowermonitor; C:PROGRA~1UpsPilotmonitor.exe [2008-12-17 114688]
R3 WinpowerRMI;WinpowerRMI; C:PROGRA~1UpsPilotwpRMI.exe [2008-12-17 114688]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-12-20 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Winpowermanager;Winpowermanager; C:PROGRA~1UpsPilotmanager.exe [2008-12-17 114688]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
ОбновленNODNNOD32 вроде бы убил этого трояна. Посылаю log после последней проверки — посмотрите, поджалуйста, что антивирус не заметил:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Wormann at 2009-01-13 13:46:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (26%) free of 30 GB
Total RAM: 2047 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:01, on 13.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.exe
C:WINDOWSsystem32csrcs.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesEsetnod32kui.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesUpsPilotWinpower.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSuperCopier2SuperCopier2.exe
C:Program FilesStatistXPStatistXP.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesDownload Masterdmaster.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesEsetnod32krn.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1UpsPilotmonitor.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:WINDOWSSystem32alg.exe
C:PROGRA~1UpsPilotwpRMI.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesMicrosoft OfficeOffice12WINWORD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesOperaOpera.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSsystem32net.exe
C:DownloadsПрограммыRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microWormann.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 — BHO: xaelibP — {757FF18E-494C-46AC-AF9D-6A6012C315A3} — C:Documents and SettingsAll UsersApplication Dataxaelib.dll (file missing)
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.6.0_03binjusched.exe
O4 — HKLM..Run: [Winpower] C:Program FilesUpsPilotWinpower.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [StatistXP] C:Program FilesStatistXPStatistXP.exe
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKLM..PoliciesExplorerRun: [csrcs] C:WINDOWSsystem32csrcs.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{213FDE4F-BE95-4ECC-9C59-1DA930CE0C3E}: NameServer = 85.95.165.60 85.95.164.60
O17 — HKLMSystemCCSServicesTcpip..{FA2518DE-C7A6-4262-B822-577EC603CEDE}: NameServer = 10.2.120.101,10.2.120.103,10.1.0.19
O20 — AppInit_DLLs: prio.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Winpowermanager — Macrovision — C:PROGRA~1UpsPilotmanager.exe
O23 — Service: Winpowermonitor — Macrovision — C:PROGRA~1UpsPilotmonitor.exe
O23 — Service: WinpowerRMI — Macrovision — C:PROGRA~1UpsPilotwpRMI.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9794 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-07-31 1933256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{757FF18E-494C-46AC-AF9D-6A6012C315A3}]
SHN Data Decoder — C:Documents and SettingsAll UsersApplication Dataxaelib.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-22 1090824]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — Megaupload Toolbar — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-07-31 1933256][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-09-25 90112]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-05-18 16207872]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-02-14 917504]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_03binjusched.exe [2007-09-25 132496]
«Winpower»=C:Program FilesUpsPilotWinpower.exe [2008-12-17 114688][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«csrcs»=C:WINDOWSsystem32csrcs.exe [2008-04-14 346028][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«SuperCopier2.exe»=C:Program FilesSuperCopier2SuperCopier2.exe [2007-05-08 1052672]
«StatistXP»=C:Program FilesStatistXPStatistXP.exe [2007-02-03 1687552]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2007-07-02 220544]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2003-11-12 207872]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-11-18 3297280]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-22 449800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»prio.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-12-17 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesAzureusAzureus.exe»=»C:Program FilesAzureusAzureus.exe:*:Enabled:Azureus»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesSEGAMedieval II Total Warkingdoms.exe»=»C:Program FilesSEGAMedieval II Total Warkingdoms.exe:*:Enabled:Medieval 2 Total War: Kingdoms»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f97d050-30c2-11dd-bb84-00161798a4e5}]
shellAutoRuncommand — H:
shellexplorecommand — RECYCLERautorun.exe -ExploreCurDir
shellopencommand — RECYCLERautorun.exe -OpenCurDir[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3b9fe559-f1d5-11dc-bb48-00161798a4e5}]
shellAutoRuncommand — H:rckdht.exe
shellexplorecommand — H:rckdht.exe
shellopencommand — H:rckdht.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3dc43f99-42ac-11dd-bb98-00161798a4e5}]
shellAutoRuncommand — H:qrzuqq.exe
shellexplorecommand — H:qrzuqq.exe
shellopencommand — H:qrzuqq.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7abe3f4f-daf3-11dc-bffb-806d6172696f}]
shellAutoRuncommand — F:Setup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a6b0f18f-b8cb-11dd-bbd8-00161798a4e5}]
shellAutoRuncommand — H:rckdht.exe
shellexplorecommand — H:rckdht.exe
shellopencommand — H:rckdht.exe======List of files/folders created in the last 1 months======
2009-01-13 01:59:41 —-D—- C:Program Filestrend micro
2009-01-13 01:59:40 —-D—- C:rsit
2009-01-13 00:27:54 —-A—- C:WINDOWSsystem32stu2.exe
2009-01-12 14:55:57 —-A—- C:WINDOWSsystem32ub.exe
2009-01-06 14:31:41 —-A—- C:WINDOWSsystem32ptpusb.dll
2009-01-06 14:31:40 —-A—- C:WINDOWSsystem32ptpusd.dll
2008-12-19 22:23:33 —-D—- C:Program FilesAkella Games
2008-12-19 03:00:37 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2008-12-19 03:00:25 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2008-12-17 14:01:54 —-D—- C:WINDOWSPrefetch
2008-12-17 13:59:51 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-17 13:59:47 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-17 13:59:43 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-17 13:59:38 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-17 13:59:34 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-17 13:59:30 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-17 13:59:25 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-17 13:59:21 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-17 13:59:17 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-17 13:59:13 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2008-12-17 13:59:09 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-12-17 13:59:04 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2008-12-17 13:59:00 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2008-12-17 13:58:57 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-17 13:58:53 —-HDC—- C:WINDOWS$NtUninstallKB951376$
2008-12-17 13:58:48 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-12-17 13:58:44 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2008-12-17 13:58:40 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2008-12-17 13:58:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2008-12-17 13:58:32 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-17 13:57:13 —-D—- C:WINDOWSl2schemas
2008-12-17 13:55:31 —-D—- C:WINDOWSServicePackFiles
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32TrayIcon12.dll
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32smemory.dll
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinRnia.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinRni.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinNm.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWin.dll
2008-12-17 13:53:08 —-HD—- C:Program FilesZero G Registry
2008-12-17 13:53:08 —-D—- C:Program FilesUpsPilot
2008-12-17 13:53:06 —-A—- C:WINDOWSsystem32spupdsvc.exe
2008-12-17 13:52:26 —-HDC—- C:WINDOWS$NtServicePackUninstall$======List of files/folders modified in the last 1 months======
2009-01-13 13:45:53 —-D—- C:Documents and SettingsWormannApplication DataAzureus
2009-01-13 12:48:05 —-D—- C:WINDOWSTemp
2009-01-13 07:33:30 —-A—- C:WINDOWSwinamp.ini
2009-01-13 07:07:43 —-D—- C:Downloads
2009-01-13 01:59:41 —-RD—- C:Program Files
2009-01-13 01:47:32 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-13 00:41:47 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-13 00:27:54 —-D—- C:WINDOWSsystem32
2009-01-13 00:27:52 —-A—- C:WINDOWSsystem32userinit.exe
2009-01-12 19:07:20 —-D—- C:Program FileseMule
2009-01-12 18:52:27 —-A—- C:WINDOWSNeroDigital.ini
2009-01-12 14:52:13 —-D—- C:WINDOWS
2009-01-12 12:08:22 —-D—- C:WINDOWSsystem32config
2009-01-11 00:02:14 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-01-10 21:53:45 —-D—- C:Program FilesDownload Master
2009-01-10 21:43:16 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-10 21:15:01 —-D—- C:Program FilesOpera
2009-01-10 15:55:49 —-D—- C:Documents and SettingsWormannApplication DatauTorrent
2009-01-10 15:44:40 —-D—- C:Documents and SettingsWormannApplication DataDownload Master
2009-01-06 14:31:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-06 14:31:41 —-D—- C:WINDOWSsystem32drivers
2009-01-04 17:31:07 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-28 13:20:24 —-HD—- C:WINDOWSinf
2008-12-19 03:00:35 —-A—- C:WINDOWSimsins.BAK
2008-12-19 03:00:32 —-HD—- C:WINDOWS$hf_mig$
2008-12-19 03:00:32 —-D—- C:WINDOWSie7updates
2008-12-17 14:03:21 —-A—- C:WINDOWSOEWABLog.txt
2008-12-17 14:01:56 —-A—- C:WINDOWSsetuplog.txt
2008-12-17 14:01:35 —-RSD—- C:WINDOWSFonts
2008-12-17 14:01:35 —-D—- C:WINDOWSsystem32wbem
2008-12-17 14:01:35 —-D—- C:WINDOWSsystem32Setup
2008-12-17 14:01:35 —-D—- C:WINDOWSAppPatch
2008-12-17 14:00:30 —-D—- C:WINDOWSsecurity
2008-12-17 13:59:52 —-D—- C:WINDOWSsystem32CatRoot
2008-12-17 13:58:37 —-D—- C:Program FilesMessenger
2008-12-17 13:57:25 —-D—- C:WINDOWSWinSxS
2008-12-17 13:57:18 —-D—- C:WINDOWSsystem32inetsrv
2008-12-17 13:57:18 —-D—- C:WINDOWSehome
2008-12-17 13:57:17 —-D—- C:WINDOWSnetwork diagnostic
2008-12-17 13:57:17 —-D—- C:WINDOWSime
2008-12-17 13:57:17 —-D—- C:WINDOWSHelp
2008-12-17 13:57:14 —-D—- C:WINDOWSsystem32usmt
2008-12-17 13:57:14 —-D—- C:WINDOWSsystem32ru-ru
2008-12-17 13:57:13 —-D—- C:WINDOWSsystem32ru
2008-12-17 13:57:13 —-D—- C:WINDOWSsystem32bits
2008-12-17 13:57:13 —-D—- C:WINDOWSPeerNet
2008-12-17 13:57:13 —-D—- C:Program FilesMovie Maker
2008-12-17 13:55:19 —-D—- C:WINDOWSsystem32Restore
2008-12-17 13:55:18 —-D—- C:WINDOWSsystem32npp
2008-12-17 13:55:18 —-D—- C:WINDOWSmsagent
2008-12-17 13:55:17 —-D—- C:WINDOWSsrchasst
2008-12-17 13:55:17 —-D—- C:Program FilesNetMeeting
2008-12-17 13:55:16 —-D—- C:WINDOWSsystem32Com
2008-12-17 13:55:15 —-D—- C:Program FilesWindows NT
2008-12-17 13:55:15 —-D—- C:Program FilesWindows Media Player
2008-12-17 13:55:15 —-D—- C:Program FilesOutlook Express
2008-12-17 13:55:14 —-D—- C:Program FilesCommon FilesSystem
2008-12-17 13:55:06 —-D—- C:WINDOWSsystem32oobe
2008-12-17 13:55:05 —-D—- C:WINDOWSsystem
2008-12-15 09:05:02 —-D—- C:WINDOWSMinidump======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 Prio;Prio; C:WINDOWSSystem32driversprio.sys [2007-09-11 34064]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; ??C:WINDOWSsystem32driversamon.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2007-12-04 11868]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-12-17 1918464]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-05-16 4275712]
R3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-03-22 18944]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 aduwthad;aduwthad; C:WINDOWSsystem32driversaduwthad.sys []
S3 autorun;autorun; ??c:huadio.tmp []
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 mchInjDrv;mchInjDrv; ??C:DOCUME~1WormannLOCALS~1Tempmc26.tmp []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-12-17 434176]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2006-10-19 61440]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-02-14 495616]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 Winpowermonitor;Winpowermonitor; C:PROGRA~1UpsPilotmonitor.exe [2008-12-17 114688]
R3 WinpowerRMI;WinpowerRMI; C:PROGRA~1UpsPilotwpRMI.exe [2008-12-17 114688]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-12-20 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Winpowermanager;Winpowermanager; C:PROGRA~1UpsPilotmanager.exe [2008-12-17 114688]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
Здравствуйте. добро пожаловать на Spyware-ru форум.
Судя по RSIT логу ваш компьютер так же заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:F2 - REG:system.ini: Shell=Explorer.exe csrcs.exeКликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
aduwthad
mchInjDrv
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{757FF18E-494C-46AC-AF9D-6A6012C315A3}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
"csrcs"=-
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f97d050-30c2-11dd-bb84-00161798a4e5}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3b9fe559-f1d5-11dc-bb48-00161798a4e5}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3dc43f99-42ac-11dd-bb98-00161798a4e5}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7abe3f4f-daf3-11dc-bffb-806d6172696f}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a6b0f18f-b8cb-11dd-bbd8-00161798a4e5}]
:files
C:WINDOWSsystem32driversaduwthad.sys
C:Documents and SettingsAll UsersApplication Dataxaelib.dll
c:RECYCLERautorun.exe
C:WINDOWSsystem32csrcs.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же к вашему ответу приложите свежий RSIT лог.OTMoveIt3 by OldTimer log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service aduwthad .
Unable to stop service mchInjDrv .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{757FF18E-494C-46AC-AF9D-6A6012C315A3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\csrcs deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f97d050-30c2-11dd-bb84-00161798a4e5}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3b9fe559-f1d5-11dc-bb48-00161798a4e5}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3dc43f99-42ac-11dd-bb98-00161798a4e5}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7abe3f4f-daf3-11dc-bffb-806d6172696f}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a6b0f18f-b8cb-11dd-bbd8-00161798a4e5}\ deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSsystem32driversaduwthad.sys not found.
File/Folder C:Documents and SettingsAll UsersApplication Dataxaelib.dll not found.
File/Folder c:RECYCLERautorun.exe not found.
C:WINDOWSsystem32csrcs.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1WormannLOCALS~1TempRar$DI00.516ProzorovL-1.doc scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1WormannLOCALS~1Temphsperfdata_Wormann1112 scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1WormannLOCALS~1Tempin4.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1WormannLOCALS~1Temp~DF3B7F.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStemphsperfdata_SYSTEM2968 scheduled to be deleted on reboot.
File delete failed. C:WINDOWStemphsperfdata_SYSTEM3488 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01152009_134254
Files moved on Reboot…
C:DOCUME~1WormannLOCALS~1TempRar$DI00.516ProzorovL-1.doc moved successfully.
File C:DOCUME~1WormannLOCALS~1Temphsperfdata_Wormann1112 not found!
C:DOCUME~1WormannLOCALS~1Tempin4.tmp moved successfully.
File C:DOCUME~1WormannLOCALS~1Temp~DF3B7F.tmp not found!
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.
File move failed. C:WINDOWStemphsperfdata_SYSTEM2968 scheduled to be moved on reboot.
File move failed. C:WINDOWStemphsperfdata_SYSTEM3488 scheduled to be moved on reboot.RSIT лог :
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Wormann at 2009-01-15 13:52:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (39%) free of 30 GB
Total RAM: 2047 MB (68% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:51, on 15.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32CNAB4RPK.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesEsetnod32kui.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesUpsPilotWinpower.exe
C:WINDOWSSystem32rs32net.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSuperCopier2SuperCopier2.exe
C:Program FilesStatistXPStatistXP.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesDownload Masterdmaster.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:WINDOWSSystem32rs32net.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesEsetnod32krn.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1UpsPilotmonitor.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:WINDOWSSystem32alg.exe
C:PROGRA~1UpsPilotwpRMI.exe
C:Program FilesUpsPilotjrebinjavaw.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesOperaOpera.exe
C:DownloadsПрограммыRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesTrend MicroHijackThisWormann.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.6.0_03binjusched.exe
O4 — HKLM..Run: [Winpower] C:Program FilesUpsPilotWinpower.exe
O4 — HKLM..Run: [rs32net] C:WINDOWSSystem32rs32net.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [StatistXP] C:Program FilesStatistXPStatistXP.exe
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [rs32net] C:WINDOWSSystem32rs32net.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{213FDE4F-BE95-4ECC-9C59-1DA930CE0C3E}: NameServer = 85.95.165.60 85.95.164.60
O17 — HKLMSystemCCSServicesTcpip..{FA2518DE-C7A6-4262-B822-577EC603CEDE}: NameServer = 10.2.120.101,10.2.120.103,10.1.0.19
O20 — AppInit_DLLs: prio.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Winpowermanager — Macrovision — C:PROGRA~1UpsPilotmanager.exe
O23 — Service: Winpowermonitor — Macrovision — C:PROGRA~1UpsPilotmonitor.exe
O23 — Service: WinpowerRMI — Macrovision — C:PROGRA~1UpsPilotwpRMI.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9839 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-07-31 1933256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-22 1090824]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — Megaupload Toolbar — C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [2007-07-31 1933256][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-09-25 90112]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-05-18 16207872]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-02-14 917504]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_03binjusched.exe [2007-09-25 132496]
«Winpower»=C:Program FilesUpsPilotWinpower.exe [2008-12-17 114688]
«rs32net»=C:WINDOWSSystem32rs32net.exe [2009-01-13 22016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«SuperCopier2.exe»=C:Program FilesSuperCopier2SuperCopier2.exe [2007-05-08 1052672]
«StatistXP»=C:Program FilesStatistXPStatistXP.exe [2007-02-03 1687552]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2007-07-02 220544]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2003-11-12 207872]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-11-18 3297280]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-22 449800]
«rs32net»=C:WINDOWSSystem32rs32net.exe [2009-01-13 22016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»prio.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-12-17 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati0yfxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1pvxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2flxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3vcxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4cixx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6ioxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7jpxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati0yfxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1pvxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2flxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3vcxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4cixx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6ioxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7jpxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32CNAB4RPK.EXE»=»C:WINDOWSsystem32CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesAzureusAzureus.exe»=»C:Program FilesAzureusAzureus.exe:*:Enabled:Azureus»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesSEGAMedieval II Total Warkingdoms.exe»=»C:Program FilesSEGAMedieval II Total Warkingdoms.exe:*:Enabled:Medieval 2 Total War: Kingdoms»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{871d0e54-daf9-11dc-bb29-806d6172696f}]
shellAutoRuncommand — F:Launch.exe======List of files/folders created in the last 1 months======
2009-01-15 13:42:54 —-D—- C:_OTMoveIt
2009-01-15 13:32:06 —-RASHD—- C:autorun.inf
2009-01-15 13:02:21 —-RHD—- C:Documents and SettingsWormannApplication DataSecuROM
2009-01-15 03:02:00 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-15 03:01:55 —-A—- C:WINDOWSsystem32MRT.INI
2009-01-13 15:12:16 —-A—- C:WINDOWSsystem32rs32net.exe
2009-01-13 01:59:41 —-D—- C:Program Filestrend micro
2009-01-13 01:59:40 —-D—- C:rsit
2009-01-13 00:27:54 —-A—- C:WINDOWSsystem32stu2.exe
2009-01-12 14:55:57 —-A—- C:WINDOWSsystem32ub.exe
2009-01-06 14:31:41 —-A—- C:WINDOWSsystem32ptpusb.dll
2009-01-06 14:31:40 —-A—- C:WINDOWSsystem32ptpusd.dll
2008-12-19 22:23:33 —-D—- C:Program FilesAkella Games
2008-12-19 03:00:37 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2008-12-19 03:00:25 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2008-12-17 14:01:54 —-D—- C:WINDOWSPrefetch
2008-12-17 13:59:51 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-17 13:59:47 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-17 13:59:43 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-17 13:59:38 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-17 13:59:34 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-17 13:59:30 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-17 13:59:25 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-17 13:59:21 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-17 13:59:17 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-17 13:59:13 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2008-12-17 13:59:09 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-12-17 13:59:04 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2008-12-17 13:59:00 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2008-12-17 13:58:57 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-17 13:58:53 —-HDC—- C:WINDOWS$NtUninstallKB951376$
2008-12-17 13:58:48 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-12-17 13:58:44 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2008-12-17 13:58:40 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2008-12-17 13:58:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2008-12-17 13:58:32 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-17 13:57:13 —-D—- C:WINDOWSl2schemas
2008-12-17 13:55:31 —-D—- C:WINDOWSServicePackFiles
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32TrayIcon12.dll
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32smemory.dll
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinRnia.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinRni.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWinNm.DLL
2008-12-17 13:53:51 —-A—- C:WINDOWSsystem32jspWin.dll
2008-12-17 13:53:08 —-HD—- C:Program FilesZero G Registry
2008-12-17 13:53:08 —-D—- C:Program FilesUpsPilot
2008-12-17 13:53:06 —-A—- C:WINDOWSsystem32spupdsvc.exe
2008-12-17 13:52:26 —-HDC—- C:WINDOWS$NtServicePackUninstall$======List of files/folders modified in the last 1 months======
2009-01-15 13:50:49 —-D—- C:WINDOWSTemp
2009-01-15 13:48:55 —-D—- C:WINDOWSsystem32drivers
2009-01-15 13:43:59 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-15 13:43:45 —-A—- C:WINDOWSwinamp.ini
2009-01-15 13:42:54 —-D—- C:WINDOWSsystem32
2009-01-15 13:21:57 —-D—- C:Documents and SettingsWormannApplication DataAzureus
2009-01-15 11:57:05 —-A—- C:WINDOWSNeroDigital.ini
2009-01-15 11:15:17 —-D—- C:Downloads
2009-01-15 03:17:34 —-D—- C:WINDOWS
2009-01-15 03:02:31 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-01-15 03:02:29 —-SHD—- C:WINDOWSInstaller
2009-01-15 03:02:06 —-HD—- C:WINDOWSinf
2009-01-15 03:02:02 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-15 03:01:58 —-HD—- C:WINDOWS$hf_mig$
2009-01-14 12:54:44 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-14 11:07:36 —-A—- C:WINDOWSsystem32userinit.exe
2009-01-13 21:26:19 —-D—- C:WINDOWSsystem32config
2009-01-13 01:59:41 —-RD—- C:Program Files
2009-01-12 19:07:20 —-D—- C:Program FileseMule
2009-01-11 00:02:14 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-01-10 21:53:45 —-D—- C:Program FilesDownload Master
2009-01-10 21:43:16 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-10 21:15:01 —-D—- C:Program FilesOpera
2009-01-10 15:55:49 —-D—- C:Documents and SettingsWormannApplication DatauTorrent
2009-01-10 15:44:40 —-D—- C:Documents and SettingsWormannApplication DataDownload Master
2009-01-10 04:35:28 —-A—- C:WINDOWSsystem32MRT.exe
2009-01-04 17:31:07 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-19 03:00:41 —-A—- C:WINDOWSimsins.BAK
2008-12-19 03:00:32 —-D—- C:WINDOWSie7updates
2008-12-17 14:03:21 —-A—- C:WINDOWSOEWABLog.txt
2008-12-17 14:01:56 —-A—- C:WINDOWSsetuplog.txt
2008-12-17 14:01:35 —-RSD—- C:WINDOWSFonts
2008-12-17 14:01:35 —-D—- C:WINDOWSsystem32wbem
2008-12-17 14:01:35 —-D—- C:WINDOWSsystem32Setup
2008-12-17 14:01:35 —-D—- C:WINDOWSAppPatch
2008-12-17 14:00:30 —-D—- C:WINDOWSsecurity
2008-12-17 13:59:52 —-D—- C:WINDOWSsystem32CatRoot
2008-12-17 13:58:37 —-D—- C:Program FilesMessenger
2008-12-17 13:57:25 —-D—- C:WINDOWSWinSxS
2008-12-17 13:57:18 —-D—- C:WINDOWSsystem32inetsrv
2008-12-17 13:57:18 —-D—- C:WINDOWSehome
2008-12-17 13:57:17 —-D—- C:WINDOWSnetwork diagnostic
2008-12-17 13:57:17 —-D—- C:WINDOWSime
2008-12-17 13:57:17 —-D—- C:WINDOWSHelp
2008-12-17 13:57:14 —-D—- C:WINDOWSsystem32usmt
2008-12-17 13:57:14 —-D—- C:WINDOWSsystem32ru-ru
2008-12-17 13:57:13 —-D—- C:WINDOWSsystem32ru
2008-12-17 13:57:13 —-D—- C:WINDOWSsystem32bits
2008-12-17 13:57:13 —-D—- C:WINDOWSPeerNet
2008-12-17 13:57:13 —-D—- C:Program FilesMovie Maker
2008-12-17 13:55:19 —-D—- C:WINDOWSsystem32Restore
2008-12-17 13:55:18 —-D—- C:WINDOWSsystem32npp
2008-12-17 13:55:18 —-D—- C:WINDOWSmsagent
2008-12-17 13:55:17 —-D—- C:WINDOWSsrchasst
2008-12-17 13:55:17 —-D—- C:Program FilesNetMeeting
2008-12-17 13:55:16 —-D—- C:WINDOWSsystem32Com
2008-12-17 13:55:15 —-D—- C:Program FilesWindows NT
2008-12-17 13:55:15 —-D—- C:Program FilesWindows Media Player
2008-12-17 13:55:15 —-D—- C:Program FilesOutlook Express
2008-12-17 13:55:14 —-D—- C:Program FilesCommon FilesSystem
2008-12-17 13:55:06 —-D—- C:WINDOWSsystem32oobe
2008-12-17 13:55:05 —-D—- C:WINDOWSsystem======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 Prio;Prio; C:WINDOWSSystem32driversprio.sys [2007-09-11 34064]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; ??C:WINDOWSsystem32driversamon.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2007-12-04 11868]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-12-17 1918464]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-05-16 4275712]
R3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-03-22 18944]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 afbuyv0d;afbuyv0d; C:WINDOWSsystem32driversafbuyv0d.sys []
S3 autorun;autorun; ??c:huadio.tmp []
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 mchInjDrv;mchInjDrv; ??C:DOCUME~1WormannLOCALS~1Tempmc24.tmp []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-12-17 434176]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2006-10-19 61440]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-02-14 495616]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 Winpowermonitor;Winpowermonitor; C:PROGRA~1UpsPilotmonitor.exe [2008-12-17 114688]
R3 WinpowerRMI;WinpowerRMI; C:PROGRA~1UpsPilotwpRMI.exe [2008-12-17 114688]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-12-20 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Winpowermanager;Winpowermanager; C:PROGRA~1UpsPilotmanager.exe [2008-12-17 114688]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:Drivers to delete:
mchInjDrv
Registry values to delete:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun | rs32net
Registry keys to delete:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati0yfxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1pvxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2flxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3vcxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4cixx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6ioxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7jpxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati0yfxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1pvxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2flxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3vcxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4cixx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6ioxx.sys
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7jpxx.sys
Files to delete:
C:WINDOWSsystem32stu2.exe
C:WINDOWSsystem32ub.exe
C:WINDOWSSystem32rs32net.exeКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог (c:avenger.txt), пожалуйста вставьте его в ваш ответ.Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.
:reg
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"rs32net"=-Кликните по кнопке MoveIt!. В окне с зелёным загловком будет показан результат, вставьте его в ваш ответ.
Таким образом жду от вас:
avenger лог
результат работы OTMoveIt
свежий RSIT лог
- Для ответа в этой теме необходимо авторизоваться.
