• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › ПОМОГИТЕ, ПОЖАЛУЙСТА!!!!
Adguard
 

ПОМОГИТЕ, ПОЖАЛУЙСТА!!!!

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › ПОМОГИТЕ, ПОЖАЛУЙСТА!!!!

  • This topic has 7 ответов, 2 участника, and was last updated 16 years, 2 months назад by Admin.
Просмотр 8 сообщений - с 1 по 8 (из 8 всего)
  • Автор
    Сообщения
  • 7 февраля, 2009 в 11:52 пп #16260
    Natusic
    Participant
    • Темы:1
    • Сообщений:4
    • ☆

    сижу уже часов 5 и не могу разобраться 😥
    Буду сильно плакать!!! Вам, конечно, огромное спасибо, что вы есть, только сейчас мне это не помогает…..
    У меня в Internet Exploer эта гадкая новостная срока. И самое обидное было, что я даже зарегистрироваться не могла…. Пришлось устанавливать Opera. Я загрузила программку Flash_Disinfector и запустила ее, как вы и указали, только ничего не произошло. Совсем ничего и еще у меня нет ComboFix, а где его взять я вообще не знаю 😥
    Как и сказано посылаю вам отчеты и… помогите, пожалуйста 😥 😥 😥

    info.txt logfile of random’s system information tool 1.05 2008-02-08 02:41:03

    ======Uninstall list======

    —>C:Program FilesDivXConverterUninstall.exe /CONVERTER
    —>MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{28B97CAB-828F-49D8-A30A-675476F9BA92}setup.exe» -l0x19 /cont -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4E7DC12A-3597-4A94-9429-F6C6987361B1}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6813C983-427E-4511-8456-E98FCAA1A125}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7DADB304-AF20-48C3-A780-4B4133A08817}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{ACE66099-E18E-4037-83C8-9D182E5B9FA8}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B34B6E67-FCDD-4E03-8742-B5701427FAFB}setup.exe» -l0x19 -removeonly
    —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}setup.exe» -l0x19 -removeonly
    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    ArtMoney SE v7.21—>»C:Program FilesArtMoneyUninstallunins000.exe»
    ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
    ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
    ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Biohazard 4—>C:PROGRA~1BIOHAZ~1UNWISE.EXE C:PROGRA~1BIOHAZ~1INSTALL.LOG
    Catalyst Control Center — Branding—>MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    Come See Me Tonight—>»c:GAMESTriadaCome See Me Tonightunins000.exe»
    Crystal Player Professional 1.9—>C:Program FilesCrystal PlayerUninstall.exe
    DAEMON Tools—>MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
    DivX 5.0.3 Bundle—>C:WINDOWSunvise32.exe C:Program FilesDivXuninstal.log
    DivX Content Uploader—>C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter—>C:Program FilesDivXConverterUninstall.exe /CONVERTER
    DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
    DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
    ESET NOD32 Antivirus—>MsiExec.exe /I{FAC088DD-FE02-430D-85AD-7CF5AD669619}
    Gothic II—>»C:gamesGothic IIunins000.exe»
    HP Deskjet 3740—>msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
    HP Software Update—>MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
    K-Lite Codec Pack 3.9.5 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
    Knights of Xentar—>C:WINDOWSIsUninst.exe -f»C:GAMESTRIADAKnights of XentarUninst.isu»
    Mail.Ru Агент 5.3 (сборка 2564, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
    Mail.Ru Спутник 2.0.1.54—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
    Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
    Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
    Microsoft XML Parser and SDK—>MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
    Migo—>C:Documents and SettingsлёхаApplication DataPowerhouseMigoMigoCleanup.exe
    Nokia Connectivity Cable Driver—>MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}Nokia_PC_Suite_6_84_10_3_EA.exe
    Nokia PC Suite—>MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
    OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
    Opera—>C:PROGRA~1Operauninstunwise.exe C:PROGRA~1Operauninstinstall.log
    PC Connectivity Solution—>MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
    Penumbra Overture Episode 1—>»C:gamesPenumbra Overture Episode 1unins000.exe»
    Picture Package Music Transfer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CE2121C6-C94D-4A73-8EA4-6943F33EE335}setup.exe» -l0x19 -removeonly
    Pirates of the Caribbean — At Worlds End—>C:gamesPOTC-3UNWISE.EXE C:gamesPOTC-3INSTALL.LOG
    PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
    Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
    Sony Picture Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe» -l0x19 /removeonly uninstall -removeonly
    Sony USB Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}setup.exe» -l0x19 UNINSTALL -removeonly
    The Playa—>»C:Program FilesThe Playauninstall.exe»
    Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
    World of Warcraft FREE Trial—>MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
    Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
    Корсары: Возвращение Легенды ver.1.0.7.0129—>»C:gamesKVLunwise.exe»
    Корсары: Возвращение Легенды—>C:gamesKVLUNWISE.EXE C:gamesKVLINSTALL.LOG
    Пакет драйверов Windows — Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4pccswpddriver.inf
    Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
    Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_F12A08B6F776984A95553486F64C541356F86E38pccs_bluetooth.inf
    Пакет драйверов Windows — Nokia Modem (05/24/2007 6.84.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108nokbtmdm.inf

    ======Hosts File======

    195.98.56.151 moodle

    ======Security center information======

    AV: ESET NOD32 Antivirus 3.0

    System event log

    Computer Name: D8A2C4C673D944D
    Event Code: 7036
    Message: Служба «Совместимость быстрого переключения пользователей» перешла в состояние Работает.

    Record Number: 9050
    Source Name: Service Control Manager
    Time Written: 20081231225231.000000+180
    Event Type: информация
    User:

    Computer Name: D8A2C4C673D944D
    Event Code: 7035
    Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».

    Record Number: 9049
    Source Name: Service Control Manager
    Time Written: 20081231225231.000000+180
    Event Type: информация
    User: NT AUTHORITYSYSTEM

    Computer Name: D8A2C4C673D944D
    Event Code: 7036
    Message: Служба «Службы терминалов» перешла в состояние Работает.

    Record Number: 9048
    Source Name: Service Control Manager
    Time Written: 20081231225231.000000+180
    Event Type: информация
    User:

    Computer Name: D8A2C4C673D944D
    Event Code: 6005
    Message: Запущена служба журнала событий.

    Record Number: 9047
    Source Name: EventLog
    Time Written: 20081231225056.000000+180
    Event Type: информация
    User:

    Computer Name: D8A2C4C673D944D
    Event Code: 6009
    Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

    Record Number: 9046
    Source Name: EventLog
    Time Written: 20081231225056.000000+180
    Event Type: информация
    User:

    Application event log

    Computer Name: D8A2C4C673D944D
    Event Code: 1800
    Message: Служба центра обеспечения безопасности Windows запущена.

    Record Number: 5163
    Source Name: SecurityCenter
    Time Written: 20080219213206.000000+180
    Event Type: информация
    User:

    Computer Name: D8A2C4C673D944D
    Event Code: 105
    Message: The service was started.

    Record Number: 5162
    Source Name: ATI Smart
    Time Written: 20080219213132.000000+180
    Event Type: информация
    User:

    Computer Name: D8A2C4C673D944D
    Event Code: 1517
    Message: Реестр пользователя D8A2C4C673D944Dлёха был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.

    Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

    Record Number: 5161
    Source Name: Userenv
    Time Written: 20080218234407.000000+180
    Event Type: предупреждение
    User: NT AUTHORITYSYSTEM

    Computer Name: D8A2C4C673D944D
    Event Code: 101
    Message: wuauclt (2496) Ядро базы данных остановлено.

    Record Number: 5160
    Source Name: ESENT
    Time Written: 20080218162001.000000+180
    Event Type: информация
    User:

    Computer Name: D8A2C4C673D944D
    Event Code: 103
    Message: wuaueng.dll (2496) SUS20ClientDataStore: Ядро базы данных остановило работу экземпляра (0).

    Record Number: 5159
    Source Name: ESENT
    Time Written: 20080218162001.000000+180
    Event Type: информация
    User:

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=15
    «PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    «PROCESSOR_REVISION»=0401
    «NUMBER_OF_PROCESSORS»=1
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP
    «MIGO_DRIVE»=E

    EOF


    Logfile of random’s system information tool 1.05 (written by random/random)
    Run by лёха at 2008-02-08 02:39:59
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 2 GB (3%) free of 76 GB
    Total RAM: 511 MB (27% free)

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}]
    LTAC Data Helper Object — C:Documents and SettingsAll UsersApplication Datamzdlib.dll [2008-02-07 322560]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
    «WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
    «HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
    «HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
    «HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
    «AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp [2008-02-01 120832]
    «DAEMON Tools-1033″=C:Program FilesDRToolsdaemon.exe [2004-08-22 81920]
    «PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
    «StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
    «egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952]
    «services»=
    []
    «lsass driver»=C:WINDOWSmsauc.exe [2008-02-07 76800]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    «services»=
    []

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
    «services»=
    []

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    «services»=
    []

    C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
    Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlog

    9 февраля, 2009 в 3:20 пп #21841
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    Второй (log.txt) RSIT лог не полный.
    Запустите программу снова и получившийся лог вставьте в ваше следующее сообщение.

    9 марта, 2009 в 3:28 пп #21842
    Natusic
    Participant
    • Темы:1
    • Сообщений:4
    • ☆

    Logfile of random’s system information tool 1.05 (written by random/random)
    Run by лёха at 2008-03-09 18:16:41
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 16 GB (21%) free of 76 GB
    Total RAM: 511 MB (24% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:16:49, on 09.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesESETESET NOD32 Antivirusekrn.exe
    C:Program FilesPhotodexProShowProducerScsiAccess.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32ctfmon.exe
    C:WINDOWSSOUNDMAN.EXE
    C:Program FilesWinampwinampa.exe
    C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
    C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
    C:Program FilesHPhpcoretechhpcmpmgr.exe
    C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesESETESET NOD32 Antivirusegui.exe
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
    C:Program FilesMail.RuAgentMAgent.exe
    C:WINDOWSservices.exe
    C:WINDOWSmsauc.exe
    C:Program FilesPC Connectivity SolutionServiceLayer.exe
    C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:WINDOWSsystem32cmd.exe
    C:WINDOWSservices.exe
    C:Program FilesOperaOpera.exe
    C:Program FilesInternet ExplorerIEXPLORE.EXE
    C:WINDOWSsystem32NOTEPAD.EXE
    C:Documents and SettingsлёхаРабочий столRSIT.exe
    C:Program Filestrend microлёха.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~18D8E~1LOCALS~1Tempinit.exe
    O1 — Hosts: 195.98.56.151 moodle
    O2 — BHO: jgnlibP — {469C7F34-476F-43A4-A8EC-39FFB42D4EB9} — C:Documents and SettingsAll UsersApplication Datajgnlib.dll
    O2 — BHO: mzdlibP — {753A8E27-66CF-424B-9DF1-D821231E7E9F} — C:Documents and SettingsAll UsersApplication Datamzdlib.dll
    O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
    O4 — HKLM..Run: [HP Software Update] «C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe»
    O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
    O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
    O4 — HKLM..Run: [AdVantage Setup] C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp
    O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
    O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
    O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..Run: [services] C:WINDOWSservices.exe
    O4 — HKLM..Run: [lsass driver] C:WINDOWSmsauc.exe
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [services]

    O4 — HKLM..PoliciesExplorerRun: [services]

    O4 — HKCU..PoliciesExplorerRun: [services]

    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
    O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
    O17 — HKLMSystemCCSServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O17 — HKLMSystemCCSServicesTcpip..{C36A8DF0-4D3E-44BB-BA28-7C144CC8BD6F}: NameServer = 213.177.96.1 213.177.97.1
    O17 — HKLMSystemCS2ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O17 — HKLMSystemCS3ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O20 — Winlogon Notify: crypt — C:WINDOWSSYSTEM32crypts.dll
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
    O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
    O24 — Desktop Component 0: (no name) — http://line.romanticcollection.ru/ba/15_14b_42543FC0_RdoCenxke_13.gif

    —
    End of file — 8313 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{469C7F34-476F-43A4-A8EC-39FFB42D4EB9}]
    Realtime Media Provider — C:Documents and SettingsAll UsersApplication Datajgnlib.dll [2008-02-11 314880]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}]
    LTAC Data Helper Object — C:Documents and SettingsAll UsersApplication Datamzdlib.dll [2008-02-07 322560]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
    «WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
    «HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
    «HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
    «HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
    «AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp [2008-02-01 120832]
    «PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
    «StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
    «egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952]
    «services»=C:WINDOWSservices.exe [2008-02-11 43009]
    «lsass driver»=C:WINDOWSmsauc.exe [2008-02-11 82945]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    «services»=
    []

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
    «services»=
    []

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    «services»=
    []

    C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
    Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt]
    C:WINDOWSsystem32crypts.dll [2008-02-07 32256]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
    «authentication packages»=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
    «SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=36
    «NoDriveAutoRun»=FFFFFFFF

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:gamesCounter Strike — Sourcehl2.exe»=»C:gamesCounter Strike — Sourcehl2.exe:*:Enabled:hl2»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{951e681c-ca14-11dd-862e-00016cb29477}]
    shellAutoRuncommand — E:cfdnvq.exe
    shellexplorecommand — E:cfdnvq.exe
    shellopencommand — E:cfdnvq.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{da35d8a3-c881-11dd-862a-00016cb29477}]
    shellAutoRuncommand — E:cfdnvq.exe
    shellexplorecommand — E:cfdnvq.exe
    shellopencommand — E:cfdnvq.exe

    ======List of files/folders created in the last 1 months======

    2008-12-12 22:32:14 —-D—- C:Documents and SettingsлёхаApplication DataPowerHouse
    2008-12-04 11:41:38 —-D—- C:Documents and SettingsлёхаApplication DataMedia Player Classic
    2008-12-04 11:36:33 —-D—- C:Program FilesESET
    2008-12-04 11:36:33 —-D—- C:Documents and SettingsAll UsersApplication DataESET
    2008-12-04 11:33:48 —-A—- C:WINDOWSsystem32yv12vfw.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidvfw.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidcore.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32divx.dll
    2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
    2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll
    2008-12-04 11:33:45 —-D—- C:Program FilesK-Lite Codec Pack
    2008-12-04 11:31:51 —-D—- C:Documents and SettingsAll UsersApplication DataATI
    2008-12-04 11:29:30 —-D—- C:Program FilesATI
    2008-12-04 11:27:53 —-N—- C:WINDOWSsystem32ati2sgag.exe
    2008-12-04 11:27:26 —-D—- C:Program FilesATI Technologies
    2008-12-04 11:26:45 —-D—- C:ATI
    2008-10-29 05:23:22 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
    2008-10-29 05:11:35 —-A—- C:WINDOWSsystem32atipdlxx.dll
    2008-10-29 05:11:21 —-A—- C:WINDOWSsystem32Oemdspif.dll
    2008-10-29 05:11:12 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
    2008-10-29 05:11:03 —-A—- C:WINDOWSsystem32ati2edxx.dll
    2008-10-29 05:10:59 —-A—- C:WINDOWSsystem32atioglxx.dll
    2008-10-29 05:10:45 —-A—- C:WINDOWSsystem32ati2evxx.dll
    2008-10-29 05:09:10 —-A—- C:WINDOWSsystem32ati2evxx.exe
    2008-10-29 05:07:44 —-A—- C:WINDOWSsystem32ATIDDC.DLL
    2008-10-29 04:49:31 —-A—- C:WINDOWSsystem32atiiiexx.dll
    2008-10-29 04:25:31 —-A—- C:WINDOWSsystem32amdpcom32.dll
    2008-10-29 04:21:21 —-A—- C:WINDOWSsystem32atikvmag.dll
    2008-10-29 04:19:50 —-A—- C:WINDOWSsystem32atiadlxx.dll
    2008-10-29 04:19:40 —-A—- C:WINDOWSsystem32atitvo32.dll
    2008-10-29 04:18:30 —-A—- C:WINDOWSsystem32atiok3x2.dll
    2008-10-26 22:37:57 —-D—- C:Program FilesBiohazard 4
    2008-10-21 20:51:43 —-A—- C:WINDOWSsystem32atibrtmon.exe
    2008-10-19 22:07:30 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wups2.dll
    2008-10-16 14:08:56 —-A—- C:WINDOWSsystem32wucltui.dll.mui
    2008-10-16 14:08:12 —-A—- C:WINDOWSsystem32wuapi.dll.mui
    2008-10-16 14:07:32 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
    2008-10-02 17:33:12 —-A—- C:WINDOWSModemLog_Nokia GSM Phone USB Modem.txt
    2008-08-14 13:41:55 —-D—- C:Documents and SettingsлёхаApplication DataSony Corporation
    2008-08-14 13:40:07 —-D—- C:Drivers
    2008-08-14 13:40:07 —-A—- C:WINDOWSsystem32SONYHCY.DLL
    2008-08-14 13:38:21 —-D—- C:Program FilesSony
    2008-07-21 20:01:20 —-A—- C:WINDOWSWININIT.INI
    2008-07-21 10:22:39 —-A—- C:WINDOWSsystem32ptpusb.dll
    2008-07-21 10:22:37 —-A—- C:WINDOWSsystem32ptpusd.dll
    2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesPCSuite
    2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesNokia
    2008-07-21 10:13:03 —-D—- C:Program FilesPC Connectivity Solution
    2008-07-21 10:10:16 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
    2008-06-29 16:34:16 —-D—- C:WINDOWSCSC
    2008-05-08 10:52:22 —-A—- C:WINDOWSsystem32Vb5db.dll
    2008-05-06 18:28:28 —-A—- C:WINDOWSntbtlog.txt
    2008-05-06 15:09:44 —-A—- C:WINDOWSsystem32~GLH0062.TMP
    2008-05-05 21:19:12 —-D—- C:WINDOWSMinidump
    2008-03-05 16:30:18 —-N—- C:Program FilesDXSETUP.exe
    2008-03-05 16:30:18 —-N—- C:Program Filesdsetup32.dll
    2008-03-05 16:30:18 —-N—- C:Program FilesDSETUP.dll
    2008-03-05 08:45:56 —-D—- C:Program FilesuTorrent
    2008-03-05 08:45:49 —-D—- C:Documents and SettingsлёхаApplication DatauTorrent
    2008-02-25 19:37:41 —-D—- C:Program FilesSemagic
    2008-02-23 22:37:32 —-D—- C:divx
    2008-02-21 14:41:35 —-D—- C:Documents and SettingsлёхаApplication DataZoundry
    2008-02-20 23:29:49 —-D—- C:Program FilesPhoto Frames PRO
    2008-02-18 15:18:36 —-A—- C:WINDOWSsystem32BASSMOD.dll
    2008-02-18 14:31:35 —-A—- C:Program Filesinstall_flash_player.exe
    2008-02-17 23:27:38 —-D—- C:Program FilesPhotodex Presenter
    2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataNetscape
    2008-02-17 23:27:14 —-D—- C:Program FilesPhotodex
    2008-02-17 23:26:52 —-D—- C:Documents and SettingsлёхаApplication DataPhotodex
    2008-02-17 22:15:21 —-D—- C:Documents and SettingsлёхаApplication DataMyScreensaver
    2008-02-17 21:57:29 —-D—- C:Documents and SettingsлёхаApplication DataMy Gallery Player
    2008-02-13 12:43:23 —-D—- C:Program FilesMicrosoft Visual Studio
    2008-02-13 11:35:49 —-D—- C:Program FilesMSECache
    2008-02-12 18:04:10 —-D—- C:Documents and SettingsлёхаApplication DataMozilla
    2008-02-12 18:04:07 —-D—- C:Program FilesDeer Park Alpha 2
    2008-02-11 21:15:09 —-D—- C:Program FilesteXet
    2008-02-11 09:06:51 —-A—- C:Documents and SettingsAll UsersApplication Datajgnlib.dll
    2008-02-11 09:02:37 —-A—- C:WINDOWSsystem32digeste.dll

    ======List of files/folders modified in the last 1 months======

    2009-01-08 19:49:04 —-D—- C:Program FilesArtMoney
    2008-12-05 22:13:54 —-SHD—- C:Program FilesCommon FilesSystem
    2008-12-04 11:29:15 —-RSD—- C:WINDOWSassembly
    2008-12-04 11:29:03 —-D—- C:WINDOWSWinSxS
    2008-12-04 11:28:12 —-HD—- C:Program FilesInstallShield Installation Information
    2008-10-29 05:22:02 —-A—- C:WINDOWSsystem32ati2dvag.dll
    2008-10-29 04:57:58 —-A—- C:WINDOWSsystem32ati3duag.dll
    2008-10-29 04:41:13 —-A—- C:WINDOWSsystem32ativvaxx.dll
    2008-10-29 04:12:51 —-A—- C:WINDOWSsystem32ati2cqag.dll
    2008-10-26 22:28:48 —-D—- C:Program FilesCyberLink
    2008-10-19 22:07:37 —-DC—- C:WINDOWSsystem32DRVSTORE
    2008-10-19 22:07:26 —-D—- C:Program FilesNokia
    2008-10-16 21:28:10 —-D—- C:WINDOWSsystem32DirectX
    2008-10-16 21:24:39 —-D—- C:WINDOWSsystem32CatRoot
    2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuweb.dll
    2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuaueng.dll
    2008-10-16 14:12:22 —-A—- C:WINDOWSsystem32wucltui.dll
    2008-10-16 14:12:20 —-A—- C:WINDOWSsystem32wuapi.dll
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wuauclt.exe
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32cdm.dll
    2008-10-16 14:08:58 —-A—- C:WINDOWSsystem32wups.dll
    2008-10-05 00:04:50 —-A—- C:WINDOWSOEWABLog.txt
    2008-08-14 13:37:21 —-D—- C:Program FilesCommon FilesInstallShield
    2008-08-08 20:37:11 —-D—- C:Documents and Settings
    2008-08-03 18:59:13 —-A—- C:WINDOWSsetuplog.txt
    2008-08-03 17:35:35 —-D—- C:WINDOWSsystem32appmgmt
    2008-07-21 10:17:04 —-D—- C:Documents and SettingsлёхаApplication DataNokia
    2008-07-21 10:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-07-21 10:13:13 —-D—- C:Program FilesDIFX
    2008-07-12 18:29:00 —-A—- C:WINDOWSRtlRack.ini
    2008-06-25 17:51:07 —-A—- C:WINDOWSDUMP6cc3.tmp
    2008-06-25 17:43:53 —-A—- C:WINDOWSDUMP5d81.tmp
    2008-05-25 02:06:26 —-D—- C:Program FilesWindows Media Player
    2008-05-06 18:25:35 —-A—- C:WINDOWSDUMP5ff2.tmp
    2008-04-24 18:37:23 —-SHD—- C:RECYCLER
    2008-03-21 23:30:08 —-A—- C:WINDOWSsystem32qt-dx331.dll
    2008-03-21 23:28:54 —-A—- C:WINDOWSsystem32dpl100.dll
    2008-03-16 22:02:37 —-D—- C:Program FilesWinamp
    2008-03-09 18:16:47 —-D—- C:Program Filestrend micro
    2008-03-09 18:16:24 —-D—- C:WINDOWSTemp
    2008-03-09 18:13:50 —-D—- C:WINDOWSPrefetch
    2008-03-09 17:39:59 —-D—- C:Documents and SettingsлёхаApplication DataMra
    2008-03-09 15:04:05 —-A—- C:WINDOWSwinamp.ini
    2008-03-09 13:40:04 —-D—- C:WINDOWS
    2008-03-09 11:30:12 —-A—- C:WINDOWSSchedLgU.Txt
    2008-03-08 21:17:54 —-A—- C:WINDOWSwin.ini
    2008-03-08 21:13:41 —-D—- C:games
    2008-03-08 21:13:17 —-D—- C:WINDOWSsystem32
    2008-03-07 19:36:39 —-D—- C:фильмы
    2008-03-05 08:45:56 —-RD—- C:Program Files
    2008-03-05 03:08:37 —-D—- C:музыка
    2008-02-26 02:52:54 —-D—- C:WINDOWSsystem32CatRoot2
    2008-02-25 20:47:03 —-D—- C:Documents and SettingsлёхаApplication DataHelp
    2008-02-25 14:34:49 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
    2008-02-19 16:35:17 —-D—- C:книги
    2008-02-19 16:00:17 —-HD—- C:WINDOWSinf
    2008-02-19 16:00:17 —-D—- C:WINDOWSsystem32drivers
    2008-02-19 16:00:00 —-SHD—- C:WINDOWSInstaller
    2008-02-18 17:33:45 —-D—- C:WINDOWSsystem32config
    2008-02-13 20:23:01 —-D—- C:Program FilesMicrosoft Office
    2008-02-13 13:02:52 —-SHD—- C:System Volume Information
    2008-02-13 12:43:42 —-SD—- C:Documents and SettingsлёхаApplication DataMicrosoft
    2008-02-13 12:43:26 —-SHD—- C:Program FilesCommon FilesMicrosoft Shared
    2008-02-13 11:36:33 —-RSD—- C:WINDOWSFonts
    2008-02-11 09:02:54 —-A—- C:WINDOWSmsauc.exe
    2008-02-11 09:02:36 —-A—- C:WINDOWSservices.exe
    2008-02-10 22:34:37 —-D—- C:Documents and SettingsлёхаApplication DataCyberLink

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
    R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
    R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
    R2 SVKP;SVKP; ??C:WINDOWSsystem32SVKP.sys []
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
    R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
    R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
    R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
    R3 SISNIC;SiS PCI Fast Ethernet адаптер, драйвер; C:WINDOWSsystem32DRIVERSsisnic.sys [2004-08-04 32768]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
    R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
    S3 FXDRV;FXDRV; ??D:Fxdrv.sys []
    S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
    S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
    S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
    S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
    R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
    R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
    R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-02-17 181312]
    R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
    S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]

    EOF


    Ничего не понимаю…Первое сообщение, которое я только что послало не дошло по ходу…Ну ладно, напишу заново. 🙄
    В первый раз мне программка выдала 2 блокнота, а в этот раз только один, может влиять, то что я через Opera зашла?

    11 марта, 2009 в 4:14 пп #21843
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Судя по логам ваш компьютер кроме описанной вами проблемы заражён autorun.inf трояном.

    Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

    * Отключите ваш антивирус.
    * Скачайте и запустите Flash_Disinfector.
    * По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

    Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

    Запустите HijackThis, для этого кликните Пуск, Выполнить, введите 

    C:Program Filestrend microлёха.exe

    и нажмите Enter.
    Кликните по кнопке Do a system scan only.
    Далее отметьте галочкой (слева) следующую строку, если она присутствует:

    F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~18D8E~1LOCALS~1Tempinit.exe

    Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
    Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.

    Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
    Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

    :Processes
    
explorer.exe
    

    
:services
    

    
:reg
    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{469C7F34-476F-43A4-A8EC-39FFB42D4EB9}]
    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}]
    

    
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    
"services"=-
    
"lsass driver"=-
    

    
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    
"services"=-
    

    
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    
"services"=-
    

    
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
    
"services"=-
    

    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt]
    

    
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
    
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    

    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{951e681c-ca14-11dd-862e-00016cb29477}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{da35d8a3-c881-11dd-862a-00016cb29477}]
    

    
:files
    
E:cfdnvq.exe
    
%windir%digeste.dll
    
C:WINDOWSsystem32crypts.dll
    
C:WINDOWSmsauc.exe
    
C:WINDOWSservices.exe
    
C:Documents and SettingsAll UsersApplication Datamzdlib.dll
    
C:Documents and SettingsAll UsersApplication Datajgnlib.dll
    

    
:Commands
    
[emptytemp]
    
[start explorer]
    
[Reboot]

    Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
    По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

    Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.

    12 марта, 2009 в 7:24 дп #21844
    Natusic
    Participant
    • Темы:1
    • Сообщений:4
    • ☆

    Вот что вышло

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{469C7F34-476F-43A4-A8EC-39FFB42D4EB9}\ not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}\ not found.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\services deleted successfully.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\lsass driver not found.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\services not found.
    Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\services not found.
    Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\services not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt\ not found.
    HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{951e681c-ca14-11dd-862e-00016cb29477}\ not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{da35d8a3-c881-11dd-862a-00016cb29477}\ not found.
    ========== FILES ==========
    File/Folder E:cfdnvq.exe not found.
    Folder C:WINDOWSdigeste.dll not found.
    File/Folder C:WINDOWSsystem32crypts.dll not found.
    File/Folder C:WINDOWSmsauc.exe not found.
    File/Folder C:WINDOWSservices.exe not found.
    File/Folder C:Documents and SettingsAll UsersApplication Datamzdlib.dll not found.
    File/Folder C:Documents and SettingsAll UsersApplication Datajgnlib.dll not found.
    ========== COMMANDS ==========
    File delete failed. C:DOCUME~18D8E~1LOCALS~1TempieD0.tmp scheduled to be deleted on reboot.
    File delete failed. C:DOCUME~18D8E~1LOCALS~1TempinC9.tmp scheduled to be deleted on reboot.
    File delete failed. C:DOCUME~18D8E~1LOCALS~1Tempinit.exe scheduled to be deleted on reboot.
    File delete failed. C:DOCUME~18D8E~1LOCALS~1Temp~DF450.tmp scheduled to be deleted on reboot.
    User’s Temp folder emptied.
    User’s Temporary Internet Files folder emptied.
    User’s Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 03122008_101629

    Files moved on Reboot…
    C:DOCUME~18D8E~1LOCALS~1TempieD0.tmp moved successfully.
    C:DOCUME~18D8E~1LOCALS~1TempinC9.tmp moved successfully.
    C:DOCUME~18D8E~1LOCALS~1Tempinit.exe moved successfully.
    C:DOCUME~18D8E~1LOCALS~1Temp~DF450.tmp moved successfully.
    File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.

    И вот это

    Logfile of random’s system information tool 1.05 (written by random/random)
    Run by лёха at 2008-03-12 10:22:24
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 18 GB (24%) free of 76 GB
    Total RAM: 511 MB (25% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:22:42, on 12.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesESETESET NOD32 Antivirusekrn.exe
    C:Program FilesPhotodexProShowProducerScsiAccess.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSsystem32ctfmon.exe
    C:WINDOWSsystem32wuauclt.exe
    C:WINDOWSnotepad.exe
    C:WINDOWSSOUNDMAN.EXE
    C:Program FilesWinampwinampa.exe
    C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
    C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
    C:Program FilesHPhpcoretechhpcmpmgr.exe
    C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesESETESET NOD32 Antivirusegui.exe
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
    C:Program FilesMail.RuAgentMAgent.exe
    C:Program FilesPC Connectivity SolutionServiceLayer.exe
    C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
    C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
    C:Program FilesOperaOpera.exe
    C:Documents and SettingsлёхаРабочий столRSIT.exe
    C:Program Filestrend microлёха.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:DOCUME~18D8E~1LOCALS~1Tempinit.exe
    O1 — Hosts: 195.98.56.151 moodle
    O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
    O4 — HKLM..Run: [HP Software Update] «C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe»
    O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
    O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
    O4 — HKLM..Run: [AdVantage Setup] C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp
    O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
    O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
    O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
    O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
    O17 — HKLMSystemCCSServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O17 — HKLMSystemCCSServicesTcpip..{C36A8DF0-4D3E-44BB-BA28-7C144CC8BD6F}: NameServer = 213.177.96.1 213.177.97.1
    O17 — HKLMSystemCS2ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O17 — HKLMSystemCS3ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
    O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
    O24 — Desktop Component 0: (no name) — http://line.romanticcollection.ru/ba/15_14b_42543FC0_RdoCenxke_13.gif

    —
    End of file — 7253 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
    «WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
    «HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
    «HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
    «HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
    «AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp []
    «PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
    «StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
    «egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]

    C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
    Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
    «authentication packages»=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=36
    «NoDriveAutoRun»=FFFFFFFF

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:gamesCounter Strike — Sourcehl2.exe»=»C:gamesCounter Strike — Sourcehl2.exe:*:Enabled:hl2»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    ======List of files/folders created in the last 1 months======

    2008-12-12 22:32:14 —-D—- C:Documents and SettingsлёхаApplication DataPowerHouse
    2008-12-04 11:41:38 —-D—- C:Documents and SettingsлёхаApplication DataMedia Player Classic
    2008-12-04 11:36:33 —-D—- C:Program FilesESET
    2008-12-04 11:36:33 —-D—- C:Documents and SettingsAll UsersApplication DataESET
    2008-12-04 11:33:48 —-A—- C:WINDOWSsystem32yv12vfw.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidvfw.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidcore.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32divx.dll
    2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
    2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll
    2008-12-04 11:33:45 —-D—- C:Program FilesK-Lite Codec Pack
    2008-12-04 11:31:51 —-D—- C:Documents and SettingsAll UsersApplication DataATI
    2008-12-04 11:29:30 —-D—- C:Program FilesATI
    2008-12-04 11:27:53 —-N—- C:WINDOWSsystem32ati2sgag.exe
    2008-12-04 11:27:26 —-D—- C:Program FilesATI Technologies
    2008-12-04 11:26:45 —-D—- C:ATI
    2008-10-29 05:23:22 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
    2008-10-29 05:11:35 —-A—- C:WINDOWSsystem32atipdlxx.dll
    2008-10-29 05:11:21 —-A—- C:WINDOWSsystem32Oemdspif.dll
    2008-10-29 05:11:12 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
    2008-10-29 05:11:03 —-A—- C:WINDOWSsystem32ati2edxx.dll
    2008-10-29 05:10:59 —-A—- C:WINDOWSsystem32atioglxx.dll
    2008-10-29 05:10:45 —-A—- C:WINDOWSsystem32ati2evxx.dll
    2008-10-29 05:09:10 —-A—- C:WINDOWSsystem32ati2evxx.exe
    2008-10-29 05:07:44 —-A—- C:WINDOWSsystem32ATIDDC.DLL
    2008-10-29 04:49:31 —-A—- C:WINDOWSsystem32atiiiexx.dll
    2008-10-29 04:25:31 —-A—- C:WINDOWSsystem32amdpcom32.dll
    2008-10-29 04:21:21 —-A—- C:WINDOWSsystem32atikvmag.dll
    2008-10-29 04:19:50 —-A—- C:WINDOWSsystem32atiadlxx.dll
    2008-10-29 04:19:40 —-A—- C:WINDOWSsystem32atitvo32.dll
    2008-10-29 04:18:30 —-A—- C:WINDOWSsystem32atiok3x2.dll
    2008-10-26 22:37:57 —-D—- C:Program FilesBiohazard 4
    2008-10-21 20:51:43 —-A—- C:WINDOWSsystem32atibrtmon.exe
    2008-10-19 22:07:30 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wups2.dll
    2008-10-16 14:08:56 —-A—- C:WINDOWSsystem32wucltui.dll.mui
    2008-10-16 14:08:12 —-A—- C:WINDOWSsystem32wuapi.dll.mui
    2008-10-16 14:07:32 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
    2008-10-02 17:33:12 —-A—- C:WINDOWSModemLog_Nokia GSM Phone USB Modem.txt
    2008-08-14 13:41:55 —-D—- C:Documents and SettingsлёхаApplication DataSony Corporation
    2008-08-14 13:40:07 —-D—- C:Drivers
    2008-08-14 13:40:07 —-A—- C:WINDOWSsystem32SONYHCY.DLL
    2008-08-14 13:38:21 —-D—- C:Program FilesSony
    2008-07-21 20:01:20 —-A—- C:WINDOWSWININIT.INI
    2008-07-21 10:22:39 —-A—- C:WINDOWSsystem32ptpusb.dll
    2008-07-21 10:22:37 —-A—- C:WINDOWSsystem32ptpusd.dll
    2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesPCSuite
    2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesNokia
    2008-07-21 10:13:03 —-D—- C:Program FilesPC Connectivity Solution
    2008-07-21 10:10:16 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
    2008-06-29 16:34:16 —-D—- C:WINDOWSCSC
    2008-05-08 10:52:22 —-A—- C:WINDOWSsystem32Vb5db.dll
    2008-05-06 18:28:28 —-A—- C:WINDOWSntbtlog.txt
    2008-05-06 15:09:44 —-A—- C:WINDOWSsystem32~GLH0062.TMP
    2008-05-05 21:19:12 —-D—- C:WINDOWSMinidump
    2008-03-12 10:09:24 —-D—- C:_OTMoveIt
    2008-03-05 16:30:18 —-N—- C:Program FilesDXSETUP.exe
    2008-03-05 16:30:18 —-N—- C:Program Filesdsetup32.dll
    2008-03-05 16:30:18 —-N—- C:Program FilesDSETUP.dll
    2008-03-05 08:45:56 —-D—- C:Program FilesuTorrent
    2008-03-05 08:45:49 —-D—- C:Documents and SettingsлёхаApplication DatauTorrent
    2008-02-25 19:37:41 —-D—- C:Program FilesSemagic
    2008-02-23 22:37:32 —-D—- C:divx
    2008-02-21 14:41:35 —-D—- C:Documents and SettingsлёхаApplication DataZoundry
    2008-02-20 23:29:49 —-D—- C:Program FilesPhoto Frames PRO
    2008-02-18 15:18:36 —-A—- C:WINDOWSsystem32BASSMOD.dll
    2008-02-18 14:31:35 —-A—- C:Program Filesinstall_flash_player.exe
    2008-02-17 23:27:38 —-D—- C:Program FilesPhotodex Presenter
    2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataNetscape
    2008-02-17 23:27:14 —-D—- C:Program FilesPhotodex
    2008-02-17 23:26:52 —-D—- C:Documents and SettingsлёхаApplication DataPhotodex
    2008-02-17 22:15:21 —-D—- C:Documents and SettingsлёхаApplication DataMyScreensaver
    2008-02-17 21:57:29 —-D—- C:Documents and SettingsлёхаApplication DataMy Gallery Player
    2008-02-13 12:43:23 —-D—- C:Program FilesMicrosoft Visual Studio
    2008-02-13 11:35:49 —-D—- C:Program FilesMSECache

    ======List of files/folders modified in the last 1 months======

    2009-01-08 19:49:04 —-D—- C:Program FilesArtMoney
    2008-12-05 22:13:54 —-SHD—- C:Program FilesCommon FilesSystem
    2008-12-04 11:29:15 —-RSD—- C:WINDOWSassembly
    2008-12-04 11:29:03 —-D—- C:WINDOWSWinSxS
    2008-12-04 11:28:12 —-HD—- C:Program FilesInstallShield Installation Information
    2008-10-29 05:22:02 —-A—- C:WINDOWSsystem32ati2dvag.dll
    2008-10-29 04:57:58 —-A—- C:WINDOWSsystem32ati3duag.dll
    2008-10-29 04:41:13 —-A—- C:WINDOWSsystem32ativvaxx.dll
    2008-10-29 04:12:51 —-A—- C:WINDOWSsystem32ati2cqag.dll
    2008-10-26 22:28:48 —-D—- C:Program FilesCyberLink
    2008-10-19 22:07:37 —-DC—- C:WINDOWSsystem32DRVSTORE
    2008-10-19 22:07:26 —-D—- C:Program FilesNokia
    2008-10-16 21:28:10 —-D—- C:WINDOWSsystem32DirectX
    2008-10-16 21:24:39 —-D—- C:WINDOWSsystem32CatRoot
    2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuweb.dll
    2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuaueng.dll
    2008-10-16 14:12:22 —-A—- C:WINDOWSsystem32wucltui.dll
    2008-10-16 14:12:20 —-A—- C:WINDOWSsystem32wuapi.dll
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wuauclt.exe
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32cdm.dll
    2008-10-16 14:08:58 —-A—- C:WINDOWSsystem32wups.dll
    2008-10-05 00:04:50 —-A—- C:WINDOWSOEWABLog.txt
    2008-08-14 13:37:21 —-D—- C:Program FilesCommon FilesInstallShield
    2008-08-08 20:37:11 —-D—- C:Documents and Settings
    2008-08-03 18:59:13 —-A—- C:WINDOWSsetuplog.txt
    2008-08-03 17:35:35 —-D—- C:WINDOWSsystem32appmgmt
    2008-07-21 10:17:04 —-D—- C:Documents and SettingsлёхаApplication DataNokia
    2008-07-21 10:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-07-21 10:13:13 —-D—- C:Program FilesDIFX
    2008-07-12 18:29:00 —-A—- C:WINDOWSRtlRack.ini
    2008-06-25 17:51:07 —-A—- C:WINDOWSDUMP6cc3.tmp
    2008-06-25 17:43:53 —-A—- C:WINDOWSDUMP5d81.tmp
    2008-05-25 02:06:26 —-D—- C:Program FilesWindows Media Player
    2008-05-06 18:25:35 —-A—- C:WINDOWSDUMP5ff2.tmp
    2008-04-24 18:37:23 —-SHD—- C:RECYCLER
    2008-03-21 23:30:08 —-A—- C:WINDOWSsystem32qt-dx331.dll
    2008-03-21 23:28:54 —-A—- C:WINDOWSsystem32dpl100.dll
    2008-03-16 22:02:37 —-D—- C:Program FilesWinamp
    2008-03-12 10:22:39 —-D—- C:Program Filestrend micro
    2008-03-12 10:22:04 —-D—- C:WINDOWSTemp
    2008-03-12 10:21:17 —-D—- C:WINDOWSPrefetch
    2008-03-12 10:17:47 —-A—- C:WINDOWSSchedLgU.Txt
    2008-03-12 10:09:24 —-D—- C:WINDOWSsystem32
    2008-03-12 10:09:24 —-D—- C:WINDOWS
    2008-03-11 03:38:45 —-A—- C:WINDOWSwinamp.ini
    2008-03-11 01:48:23 —-D—- C:Documents and SettingsлёхаApplication DataMra
    2008-03-08 21:17:54 —-A—- C:WINDOWSwin.ini
    2008-03-08 21:13:41 —-D—- C:games
    2008-03-07 19:36:39 —-D—- C:фильмы
    2008-03-05 08:45:56 —-RD—- C:Program Files
    2008-03-05 03:08:37 —-D—- C:музыка
    2008-02-26 21:29:12 —-D—- C:Program FilesteXet
    2008-02-26 02:52:54 —-D—- C:WINDOWSsystem32CatRoot2
    2008-02-25 20:47:03 —-D—- C:Documents and SettingsлёхаApplication DataHelp
    2008-02-25 14:34:49 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
    2008-02-19 16:35:17 —-D—- C:книги
    2008-02-19 16:00:17 —-HD—- C:WINDOWSinf
    2008-02-19 16:00:17 —-D—- C:WINDOWSsystem32drivers
    2008-02-19 16:00:00 —-SHD—- C:WINDOWSInstaller
    2008-02-18 17:33:45 —-D—- C:WINDOWSsystem32config
    2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataMozilla
    2008-02-13 20:23:01 —-D—- C:Program FilesMicrosoft Office
    2008-02-13 13:02:52 —-SHD—- C:System Volume Information
    2008-02-13 12:43:42 —-SD—- C:Documents and SettingsлёхаApplication DataMicrosoft
    2008-02-13 12:43:26 —-SHD—- C:Program FilesCommon FilesMicrosoft Shared
    2008-02-13 11:36:33 —-RSD—- C:WINDOWSFonts

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
    R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
    R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
    R2 SVKP;SVKP; ??C:WINDOWSsystem32SVKP.sys []
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
    R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
    R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
    R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
    R3 SISNIC;SiS PCI Fast Ethernet адаптер, драйвер; C:WINDOWSsystem32DRIVERSsisnic.sys [2004-08-04 32768]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
    R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
    S3 FXDRV;FXDRV; ??D:Fxdrv.sys []
    S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
    S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
    S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
    S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
    R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
    R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
    R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-02-17 181312]
    R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
    S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]

    EOF

    12 марта, 2009 в 4:46 пп #21845
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Выглядит получше 🙂

    Запустите HijackThis, для этого кликните Пуск, Выполнить, введите

    C:Program Filestrend microлёха.exe

    и нажмите Enter.
    Кликните по кнопке Do a system scan only.
    Далее отметьте галочкой (слева) следующую строку, если она присутствует:

    F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~18D8E~1LOCALS~1Tempinit.exe

    Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
    Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
    Перезапустите компьютер.

    Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
    Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.

    Жду от вас MBAM лог и свежий RSIT лог.

    13 марта, 2009 в 7:26 дп #21846
    Natusic
    Participant
    • Темы:1
    • Сообщений:4
    • ☆

    Офигеть!!!! 125 зараженных объектов нашел…А это ведь с учетом того, что у меня антивирусник стоит… 😮
    Вот результаты

    Malwarebytes’ Anti-Malware 1.34
    Версия базы данных: 1842
    Windows 5.1.2600 Service Pack 2

    13.03.2008 10:22:49
    mbam-log-2008-03-13 (10-22-49).txt

    Тип проверки: Быстрая
    Проверено объектов: 70837
    Прошло времени: 4 minute(s), 20 second(s)

    Заражено процессов в памяти: 0
    Заражено модулей в памяти: 0
    Заражено ключей реестра: 115
    Заражено значений реестра: 0
    Заражено параметров реестра: 2
    Заражено папок: 0
    Заражено файлов: 8

    Заражено процессов в памяти:
    (Вредоносные программы не обнаружены)

    Заражено модулей в памяти:
    (Вредоносные программы не обнаружены)

    Заражено ключей реестра:
    HKEY_CLASSES_ROOTCLSID{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsEGHOST.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsVSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsloaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRas.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsruniep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsshcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssymlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNPFMntor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsicesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAST.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsupiea.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUSBCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFYFireWall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

    Заражено значений реестра:
    (Вредоносные программы не обнаружены)

    Заражено параметров реестра:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: c:windowssystem32userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: system32userinit.exe -> Quarantined and deleted successfully.

    Заражено папок:
    (Вредоносные программы не обнаружены)

    Заражено файлов:
    C:WINDOWSsystem32wpv671234083698.cpx (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32wpv151230262430.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32wpv661230262534.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32wpv831234083759.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:Documents and SettingsлёхаLocal SettingsTempie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:WINDOWSsystem32sexit.dat (Trojan.Agent) -> Quarantined and deleted successfully.

    И RSIT

    Logfile of random’s system information tool 1.05 (written by random/random)
    Run by лёха at 2008-03-13 10:25:08
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 18 GB (24%) free of 76 GB
    Total RAM: 511 MB (36% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:25:19, on 13.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesESETESET NOD32 Antivirusekrn.exe
    C:Program FilesPhotodexProShowProducerScsiAccess.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32ctfmon.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSOUNDMAN.EXE
    C:Program FilesWinampwinampa.exe
    C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
    C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
    C:Program FilesHPhpcoretechhpcmpmgr.exe
    C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesESETESET NOD32 Antivirusegui.exe
    C:Program FilesMail.RuAgentMAgent.exe
    C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
    C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
    C:Program FilesPC Connectivity SolutionServiceLayer.exe
    C:Program FilesOperaOpera.exe
    C:Documents and SettingsлёхаРабочий столRSIT.exe
    C:Program Filestrend microлёха.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
    R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O1 — Hosts: 195.98.56.151 moodle
    O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
    O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
    O4 — HKLM..Run: [HP Software Update] «C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe»
    O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
    O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
    O4 — HKLM..Run: [AdVantage Setup] C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp
    O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
    O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
    O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
    O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
    O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
    O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
    O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
    O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
    O17 — HKLMSystemCCSServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O17 — HKLMSystemCCSServicesTcpip..{C36A8DF0-4D3E-44BB-BA28-7C144CC8BD6F}: NameServer = 213.177.96.1 213.177.97.1
    O17 — HKLMSystemCS2ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O17 — HKLMSystemCS3ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
    O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
    O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
    O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
    O24 — Desktop Component 0: (no name) — http://line.romanticcollection.ru/ba/15_14b_42543FC0_RdoCenxke_13.gif

    —
    End of file — 7215 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
    MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
    «WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
    «HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
    «HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
    «HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
    «AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp []
    «PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
    «RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
    «StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
    «egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
    «MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
    «Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2009-02-11 399504]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]

    C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
    Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
    «authentication packages»=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=36
    «NoDriveAutoRun»=FFFFFFFF

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:gamesCounter Strike — Sourcehl2.exe»=»C:gamesCounter Strike — Sourcehl2.exe:*:Enabled:hl2»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

    ======List of files/folders created in the last 1 months======

    2008-12-12 22:32:14 —-D—- C:Documents and SettingsлёхаApplication DataPowerHouse
    2008-12-04 11:41:38 —-D—- C:Documents and SettingsлёхаApplication DataMedia Player Classic
    2008-12-04 11:36:33 —-D—- C:Program FilesESET
    2008-12-04 11:36:33 —-D—- C:Documents and SettingsAll UsersApplication DataESET
    2008-12-04 11:33:48 —-A—- C:WINDOWSsystem32yv12vfw.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidvfw.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidcore.dll
    2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32divx.dll
    2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
    2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll
    2008-12-04 11:33:45 —-D—- C:Program FilesK-Lite Codec Pack
    2008-12-04 11:31:51 —-D—- C:Documents and SettingsAll UsersApplication DataATI
    2008-12-04 11:29:30 —-D—- C:Program FilesATI
    2008-12-04 11:27:53 —-N—- C:WINDOWSsystem32ati2sgag.exe
    2008-12-04 11:27:26 —-D—- C:Program FilesATI Technologies
    2008-12-04 11:26:45 —-D—- C:ATI
    2008-10-29 05:23:22 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
    2008-10-29 05:11:35 —-A—- C:WINDOWSsystem32atipdlxx.dll
    2008-10-29 05:11:21 —-A—- C:WINDOWSsystem32Oemdspif.dll
    2008-10-29 05:11:12 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
    2008-10-29 05:11:03 —-A—- C:WINDOWSsystem32ati2edxx.dll
    2008-10-29 05:10:59 —-A—- C:WINDOWSsystem32atioglxx.dll
    2008-10-29 05:10:45 —-A—- C:WINDOWSsystem32ati2evxx.dll
    2008-10-29 05:09:10 —-A—- C:WINDOWSsystem32ati2evxx.exe
    2008-10-29 05:07:44 —-A—- C:WINDOWSsystem32ATIDDC.DLL
    2008-10-29 04:49:31 —-A—- C:WINDOWSsystem32atiiiexx.dll
    2008-10-29 04:25:31 —-A—- C:WINDOWSsystem32amdpcom32.dll
    2008-10-29 04:21:21 —-A—- C:WINDOWSsystem32atikvmag.dll
    2008-10-29 04:19:50 —-A—- C:WINDOWSsystem32atiadlxx.dll
    2008-10-29 04:19:40 —-A—- C:WINDOWSsystem32atitvo32.dll
    2008-10-29 04:18:30 —-A—- C:WINDOWSsystem32atiok3x2.dll
    2008-10-26 22:37:57 —-D—- C:Program FilesBiohazard 4
    2008-10-21 20:51:43 —-A—- C:WINDOWSsystem32atibrtmon.exe
    2008-10-19 22:07:30 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wups2.dll
    2008-10-16 14:08:56 —-A—- C:WINDOWSsystem32wucltui.dll.mui
    2008-10-16 14:08:12 —-A—- C:WINDOWSsystem32wuapi.dll.mui
    2008-10-16 14:07:32 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
    2008-10-02 17:33:12 —-A—- C:WINDOWSModemLog_Nokia GSM Phone USB Modem.txt
    2008-08-14 13:41:55 —-D—- C:Documents and SettingsлёхаApplication DataSony Corporation
    2008-08-14 13:40:07 —-D—- C:Drivers
    2008-08-14 13:40:07 —-A—- C:WINDOWSsystem32SONYHCY.DLL
    2008-08-14 13:38:21 —-D—- C:Program FilesSony
    2008-07-21 20:01:20 —-A—- C:WINDOWSWININIT.INI
    2008-07-21 10:22:39 —-A—- C:WINDOWSsystem32ptpusb.dll
    2008-07-21 10:22:37 —-A—- C:WINDOWSsystem32ptpusd.dll
    2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesPCSuite
    2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesNokia
    2008-07-21 10:13:03 —-D—- C:Program FilesPC Connectivity Solution
    2008-07-21 10:10:16 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
    2008-06-29 16:34:16 —-D—- C:WINDOWSCSC
    2008-05-08 10:52:22 —-A—- C:WINDOWSsystem32Vb5db.dll
    2008-05-06 18:28:28 —-A—- C:WINDOWSntbtlog.txt
    2008-05-06 15:09:44 —-A—- C:WINDOWSsystem32~GLH0062.TMP
    2008-05-05 21:19:12 —-D—- C:WINDOWSMinidump
    2008-03-13 10:12:06 —-D—- C:Documents and SettingsлёхаApplication DataMalwarebytes
    2008-03-13 10:11:59 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2008-03-13 10:11:58 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
    2008-03-12 10:09:24 —-D—- C:_OTMoveIt
    2008-03-05 16:30:18 —-N—- C:Program FilesDXSETUP.exe
    2008-03-05 16:30:18 —-N—- C:Program Filesdsetup32.dll
    2008-03-05 16:30:18 —-N—- C:Program FilesDSETUP.dll
    2008-03-05 08:45:56 —-D—- C:Program FilesuTorrent
    2008-03-05 08:45:49 —-D—- C:Documents and SettingsлёхаApplication DatauTorrent
    2008-02-25 19:37:41 —-D—- C:Program FilesSemagic
    2008-02-23 22:37:32 —-D—- C:divx
    2008-02-21 14:41:35 —-D—- C:Documents and SettingsлёхаApplication DataZoundry
    2008-02-20 23:29:49 —-D—- C:Program FilesPhoto Frames PRO
    2008-02-18 15:18:36 —-A—- C:WINDOWSsystem32BASSMOD.dll
    2008-02-18 14:31:35 —-A—- C:Program Filesinstall_flash_player.exe
    2008-02-17 23:27:38 —-D—- C:Program FilesPhotodex Presenter
    2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataNetscape
    2008-02-17 23:27:14 —-D—- C:Program FilesPhotodex
    2008-02-17 23:26:52 —-D—- C:Documents and SettingsлёхаApplication DataPhotodex
    2008-02-17 22:15:21 —-D—- C:Documents and SettingsлёхаApplication DataMyScreensaver
    2008-02-17 21:57:29 —-D—- C:Documents and SettingsлёхаApplication DataMy Gallery Player

    ======List of files/folders modified in the last 1 months======

    2009-01-08 19:49:04 —-D—- C:Program FilesArtMoney
    2008-12-05 22:13:54 —-SHD—- C:Program FilesCommon FilesSystem
    2008-12-04 11:29:15 —-RSD—- C:WINDOWSassembly
    2008-12-04 11:29:03 —-D—- C:WINDOWSWinSxS
    2008-12-04 11:28:12 —-HD—- C:Program FilesInstallShield Installation Information
    2008-10-29 05:22:02 —-A—- C:WINDOWSsystem32ati2dvag.dll
    2008-10-29 04:57:58 —-A—- C:WINDOWSsystem32ati3duag.dll
    2008-10-29 04:41:13 —-A—- C:WINDOWSsystem32ativvaxx.dll
    2008-10-29 04:12:51 —-A—- C:WINDOWSsystem32ati2cqag.dll
    2008-10-26 22:28:48 —-D—- C:Program FilesCyberLink
    2008-10-19 22:07:37 —-DC—- C:WINDOWSsystem32DRVSTORE
    2008-10-19 22:07:26 —-D—- C:Program FilesNokia
    2008-10-16 21:28:10 —-D—- C:WINDOWSsystem32DirectX
    2008-10-16 21:24:39 —-D—- C:WINDOWSsystem32CatRoot
    2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuweb.dll
    2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuaueng.dll
    2008-10-16 14:12:22 —-A—- C:WINDOWSsystem32wucltui.dll
    2008-10-16 14:12:20 —-A—- C:WINDOWSsystem32wuapi.dll
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wuauclt.exe
    2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32cdm.dll
    2008-10-16 14:08:58 —-A—- C:WINDOWSsystem32wups.dll
    2008-10-05 00:04:50 —-A—- C:WINDOWSOEWABLog.txt
    2008-08-14 13:37:21 —-D—- C:Program FilesCommon FilesInstallShield
    2008-08-08 20:37:11 —-D—- C:Documents and Settings
    2008-08-03 18:59:13 —-A—- C:WINDOWSsetuplog.txt
    2008-08-03 17:35:35 —-D—- C:WINDOWSsystem32appmgmt
    2008-07-21 10:17:04 —-D—- C:Documents and SettingsлёхаApplication DataNokia
    2008-07-21 10:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
    2008-07-21 10:13:13 —-D—- C:Program FilesDIFX
    2008-07-12 18:29:00 —-A—- C:WINDOWSRtlRack.ini
    2008-06-25 17:51:07 —-A—- C:WINDOWSDUMP6cc3.tmp
    2008-06-25 17:43:53 —-A—- C:WINDOWSDUMP5d81.tmp
    2008-05-25 02:06:26 —-D—- C:Program FilesWindows Media Player
    2008-05-06 18:25:35 —-A—- C:WINDOWSDUMP5ff2.tmp
    2008-04-24 18:37:23 —-SHD—- C:RECYCLER
    2008-03-21 23:30:08 —-A—- C:WINDOWSsystem32qt-dx331.dll
    2008-03-21 23:28:54 —-A—- C:WINDOWSsystem32dpl100.dll
    2008-03-16 22:02:37 —-D—- C:Program FilesWinamp
    2008-03-13 10:25:17 —-D—- C:Program Filestrend micro
    2008-03-13 10:23:54 —-D—- C:WINDOWSTemp
    2008-03-13 10:22:49 —-D—- C:WINDOWSsystem32
    2008-03-13 10:12:06 —-D—- C:WINDOWSPrefetch
    2008-03-13 10:12:03 —-D—- C:WINDOWSsystem32drivers
    2008-03-13 10:11:58 —-RD—- C:Program Files
    2008-03-13 02:33:09 —-A—- C:WINDOWSSchedLgU.Txt
    2008-03-13 01:52:26 —-D—- C:Documents and SettingsлёхаApplication DataMra
    2008-03-12 10:09:24 —-D—- C:WINDOWS
    2008-03-11 03:38:45 —-A—- C:WINDOWSwinamp.ini
    2008-03-08 21:17:54 —-A—- C:WINDOWSwin.ini
    2008-03-08 21:13:41 —-D—- C:games
    2008-03-07 19:36:39 —-D—- C:фильмы
    2008-03-05 03:08:37 —-D—- C:музыка
    2008-02-26 21:29:12 —-D—- C:Program FilesteXet
    2008-02-26 02:52:54 —-D—- C:WINDOWSsystem32CatRoot2
    2008-02-25 20:47:03 —-D—- C:Documents and SettingsлёхаApplication DataHelp
    2008-02-25 14:34:49 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
    2008-02-19 16:35:17 —-D—- C:книги
    2008-02-19 16:00:17 —-HD—- C:WINDOWSinf
    2008-02-19 16:00:00 —-SHD—- C:WINDOWSInstaller
    2008-02-18 17:33:45 —-D—- C:WINDOWSsystem32config
    2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataMozilla

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
    R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
    R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
    R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
    R2 SVKP;SVKP; ??C:WINDOWSsystem32SVKP.sys []
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
    R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
    R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
    R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
    R3 SISNIC;SiS PCI Fast Ethernet адаптер, драйвер; C:WINDOWSsystem32DRIVERSsisnic.sys [2004-08-04 32768]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
    R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
    S3 FXDRV;FXDRV; ??D:Fxdrv.sys []
    S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
    S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
    S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
    S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
    S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
    R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
    R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
    R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-02-17 181312]
    R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
    S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]

    EOF


    Спасибо Вам за такую оперативность 😛 Не знаю, чтобы без Вас делала 😀

    14 марта, 2009 в 3:57 пп #21847
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    RSIT лог выглядит нормально.
    Но нужно проверить ещё немножко.

    Проверим ваш компьютер с помощью программы которая ищет руткиты.

    Скачайте программу GMER кликнув по этой ссылке.
    Распакуйте программу на ваш рабочий стол.
    Отключите Интернет и все антивирусы.
    Запустите программу.
    В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
    Кликните по кнопке Scan.
    Когда сканирование закончится, кликните по кнопке Copy.
    Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
    Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.

    Вставьте содержимое GMER лога в ваш ответ.

  • Автор
    Сообщения
Просмотр 8 сообщений - с 1 по 8 (из 8 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 6 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 7 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    5 years, 9 months назад
  • Замучила реклама опубликовано Данила Беспятов
    5 years, 10 months назад
  • Замучила реклама опубликовано Марк
    5 years, 7 months назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    5 years, 9 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 1 month назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)