- This topic has 5 ответов, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
при поиске sds2d2017.exe находилась,я её удалила,но она появилась в новом месте и недоступна к удалению.
еще был kkkfucku.удалила,в поиске не находится,но я не уверена,что его нет.спасибо ! )
log
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Пользователь at 2009-01-08 16:22:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 37 GB (72%) free of 52 GB
Total RAM: 2039 MB (72% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:05, on 08.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32acs.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesASUSATK MediaDMEDIA.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesAdobeAdobe Acrobat 6.0Distillracrotray.exe
C:WINDOWSATK0100ATKOSD.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesOperaopera.exe
C:WINDOWSexplorer.exe
C:Documents and SettingsПользовательРабочий столRSIT.exe
C:Program Filestrend microПользователь.exeR1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://store.adobe.com/store/general/redirect.jhtml?serial=104510845631345102700158
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEToolbarHelper Class — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [HomeAlarm] C:Program FilesChameleon ClockChamClock.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: PowerReg SchedulerV2.exe
O4 — Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAdobe Acrobat 6.0Distillracrotray.exe
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Atheros Configuration Service (acs) — Atheros — C:WINDOWSsystem32acs.exe
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6920 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatActiveXAcroIEHelper.dll [2003-05-14 50376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll [2003-05-15 147456][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll [2003-05-15 147456][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2007-08-10 141848]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2007-08-10 166424]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2007-08-10 137752]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-10-14 110592]
«ATKMEDIA»=C:Program FilesASUSATK MediaDMEDIA.EXE [2006-06-08 53248]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-07-31 16806912]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2008-06-19 57344]
«BluetoothAuthenticationAgent»=C:WINDOWSsystem32bthprops.cpl [2004-08-17 110592]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe [2004-10-09 1159168]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-08-18 1447168][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-09-25 25565992]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-02-22 217544]
«HomeAlarm»=C:Program FilesChameleon ClockChamClock.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2
«wscsvc»=2C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Acrobat Assistant.lnk — C:Program FilesAdobeAdobe Acrobat 6.0Distillracrotray.exe
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXEC:Documents and SettingsПользовательГлавное менюПрограммыАвтозагрузка
PowerReg SchedulerV2.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2007-08-07 208896][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Documents and SettingsПользовательkkkfucku.exe»=»C:Documents and SettingsПользовательkkkfucku.exe:*:Enabled:Windows Messanger»
«C:RecycleX-5-4-27-2345678318-4567890223-4234567884-2341RisinG.exe»=»C:RecycleX-5-4-27-2345678318-4567890223-4234567884-2341RisinG.exe:*:Enabled:Windows Messanger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87ee45f5-a68b-11dd-9246-00221538c4a8}]
shellAutoRuncommand — F:SYSTEMS-1-5-21-1482476501-1644491937-682003330-1013OgarD.exe
shellopencommand — F:SYSTEMS-1-5-21-1482476501-1644491937-682003330-1013OgarD.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bfaf7561-aa53-11dd-9249-00221538c4a8}]
shellAutoRuncommand — F:�hct8ybw.bat
shellexplorecommand — F:�hct8ybw.bat
shellopencommand — F:�hct8ybw.bat[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bfaf7563-aa53-11dd-9249-00221538c4a8}]
shellAutoRuncommand — F:�hct8ybw.bat
shellexplorecommand — F:�hct8ybw.bat
shellopencommand — F:�hct8ybw.bat======List of files/folders created in the last 1 months======
2009-01-08 16:22:51 —-D—- C:rsit
2009-01-08 16:22:51 —-D—- C:Program Filestrend micro
2009-01-06 23:10:35 —-A—- C:WINDOWSModemLog_Agere Systems HDA Modem.txt
2009-01-06 18:51:23 —-RSHD—- C:Recycle
2009-01-05 17:51:13 —-RSHD—- C:SYSTEM
2008-12-27 01:47:18 —-A—- C:WINDOWSUNINST16.EXE
2008-12-13 02:07:03 —-D—- C:Program FilesMathSoft
2008-12-12 01:36:22 —-D—- C:Documents and SettingsПользовательApplication DataQIP
2008-12-12 01:35:43 —-D—- C:Program FilesQIP Infium======List of files/folders modified in the last 1 months======
2009-01-08 16:23:05 —-D—- C:WINDOWSTemp
2009-01-08 16:22:51 —-RD—- C:Program Files
2009-01-08 16:22:39 —-D—- C:WINDOWSPrefetch
2009-01-08 16:18:01 —-D—- C:Documents and SettingsПользовательApplication DataSkype
2009-01-08 16:07:22 —-D—- C:Documents and SettingsПользовательApplication DataskypePM
2009-01-08 02:28:11 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-08 02:24:00 —-D—- C:WINDOWS
2009-01-04 21:43:49 —-D—- C:WINDOWSsystem32
2009-01-04 21:43:49 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-04 21:42:10 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-02 22:33:33 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-02 17:44:58 —-D—- C:Documents and SettingsПользовательApplication DataAdobe
2008-12-13 02:09:03 —-SHD—- C:WINDOWSInstaller
2008-12-13 02:07:41 —-SD—- C:Documents and SettingsПользовательApplication DataMicrosoft
2008-12-13 02:07:08 —-D—- C:Program FilesCommon FilesInstallShield
2008-12-13 02:07:03 —-RSD—- C:WINDOWSFonts
2008-12-12 01:33:44 —-D—- C:Program FilesQIP======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-08-18 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 VD_FileDisk;VD_FileDisk; C:WINDOWSsystem32driversVD_FileDisk.sys [2006-01-13 15872]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-08-18 39944]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2008-03-21 1203776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSar5416.sys [2007-06-26 1296800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; ??C:WINDOWSATK0100ASNDIS5.SYS []
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-08-07 5776864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-08-12 4751360]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-09-19 101504]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WSIMD;wsimd Service; C:WINDOWSsystem32DRIVERSwsimd.sys [2007-05-14 57216]
S3 a211ammx;a211ammx; C:WINDOWSsystem32driversa211ammx.sys []
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2004-08-17 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 Tosrfcom;Tosrfcom; C:WINDOWSsystem32driversTosrfcom.sys []
S3 UIUSys;Conexant Setup API; C:WINDOWSsystem32DRIVERSUIUSYS.SYS []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acs;Atheros Configuration Service; C:WINDOWSsystem32acs.exe [2007-04-06 364628]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:WINDOWSsystem32agrsmsvc.exe [2008-03-18 13312]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-08-18 468224]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-02-25 125048]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-10-12 68096]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-08-18 19200]
S4 Abipnadr_se;Abipnadr_se; C:WINDOWSsystem32driverswanarp.sys [2004-08-18 34560]
EOF
info
info.txt logfile of random’s system information tool 1.05 2009-01-08 16:23:06======Uninstall list======
—>MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
—>RunDll32 «C:Program FilesCommon FilesInstallShieldProfessionalRunTime�701Intel32ctor.dll»,LaunchSetup «C:Program FilesInstallShield Installation Information{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}setup.exe»
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe» -l0x9
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY Lingvo 10 Multilingual Dictionary—>MsiExec.exe /I{AA10000A-C75E-487C-88FC-37AA1AACFB60}
Adobe Creative Suite—>C:PROGRA~1INSTAL~1{D52EC~1setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe SVG Viewer 3.0—>C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -fC:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallInstall.log
Agere Systems HDA Modem—>agrsmdel
Anti-banner for Opera 9.х—>»C:Program FilesDUHALABAnti-bannerunins000.exe»
ATK Media—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}Setup.exe» -l0x9
ATK0100 ACPI UTILITY—>C:WINDOWSATK0100XPunin.exe
Bluetooth Stack for Windows by Toshiba—>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Chameleon Clock 5.1—>»C:Program FilesChameleon Clockunins000.exe»
DjVu Solo 3.1—>C:WINDOWSIsUninst.exe -f»C:Program FilesLizardTechDjVu Solo 3.1Uninst.isu»
ESET NOD32 Antivirus—>MsiExec.exe /I{1A3D8A23-3215-46B7-AB97-E304ADABFC18}
Far Manager v1.70—>C:Program FilesFaruninstall.exe
Google SketchUp 6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{98736A65-3C79-49EC-B7E9-A3C77774B0E6}setup.exe» -l0x9 -removeonly
Google SketchUp 6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}setup.exe» -l0x9 -removeonly
Guitar Pro 5.2—>»C:Program FilesGuitar Pro 5unins000.exe»
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
K-Lite Codec Pack 3.3.0 Standard—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mathcad 2001 Professional—>MsiExec.exe /X{31A38B62-9168-4052-920A-F1405F43FEA8}
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 9—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A»
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Opera 9.52—>MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}
QIP Infium 2.0.9020 RC3—>»C:Program FilesQIP Infiumunins000.exe»
REALTEK GbE & FE Ethernet PCI NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}setup.exe» -l0x19 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Skype™ Beta 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}setup.dll» -l0x9 UNINSTALLFROMSYS
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe======Security center information======
AV: ESET NOD32 Antivirus 3.0 (outdated)
System event log
Computer Name: COMPUTER
Event Code: 7036
Message: Служба «Служба загрузки изображений (WIA)» перешла в состояние Работает.Record Number: 1622
Source Name: Service Control Manager
Time Written: 20081025090139.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 1000
Message: Компьютер утерял аренду на IP-адрес 81.89.187.237 для
сетевого адаптера с сетевым адресом 00221538C4A8.Record Number: 1621
Source Name: Dhcp
Time Written: 20081025090134.000000+240
Event Type: ошибка
User:Computer Name: COMPUTER
Event Code: 1003
Message: Компьютеру не удалось обновить адрес, полученный от DHCP-cервера, для
сетевого адаптера с сетевым адресом 00221538C4A8.
Произошла следующая ошибка:
Превышен таймаут семафора.
.
Компьютер продолжит попытки получить свой
собственный адрес от DHCP-cервера.Record Number: 1620
Source Name: Dhcp
Time Written: 20081025090134.000000+240
Event Type: предупреждение
User:Computer Name: COMPUTER
Event Code: 4319
Message: В сети TCP обнаружено повторяющееся имя. Адрес IP компьютера, пославшего
сообщение, содержится в данных. Для того чтобы определить, для какого имени
возникло конфликтное состояние, следует выполнить команду nbtstat -n.Record Number: 1619
Source Name: NetBT
Time Written: 20081024234236.000000+240
Event Type: ошибка
User:Computer Name: COMPUTER
Event Code: 4319
Message: В сети TCP обнаружено повторяющееся имя. Адрес IP компьютера, пославшего
сообщение, содержится в данных. Для того чтобы определить, для какого имени
возникло конфликтное состояние, следует выполнить команду nbtstat -n.Record Number: 1618
Source Name: NetBT
Time Written: 20081024234231.000000+240
Event Type: ошибка
User:Application event log
Computer Name: COMPUTER
Event Code: 0
Message:
Record Number: 112
Source Name: TOSHIBA Bluetooth Service
Time Written: 20081018140243.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 1000
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 111
Source Name: LoadPerf
Time Written: 20081018012009.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 1001
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) успешно удалены.
Данные записи содержат новые значения разделов системного реестра Last Counter
и Last Help.Record Number: 110
Source Name: LoadPerf
Time Written: 20081018012009.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 0
Message:
Record Number: 109
Source Name: TOSHIBA Bluetooth Service
Time Written: 20081017200526.000000+240
Event Type: информация
User:Computer Name: COMPUTER
Event Code: 0
Message:
Record Number: 108
Source Name: TOSHIBA Bluetooth Service
Time Written: 20081016180602.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Ваш компьютер заражён autorun.inf вирусом.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
a211ammx
:reg
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87ee45f5-a68b-11dd-9246-00221538c4a8}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bfaf7561-aa53-11dd-9249-00221538c4a8}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bfaf7563-aa53-11dd-9249-00221538c4a8}]
:files
C:Recycle
C:SYSTEM
C:WINDOWSsystem32driversa211ammx.sys
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же к ответу приложите свежий RSIT лог.вот только сейчас начала появлятся еще одна ошибка sdsdsd.exe
это того же вируса?OTMoveIt log
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service a211ammx .
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87ee45f5-a68b-11dd-9246-00221538c4a8}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bfaf7561-aa53-11dd-9249-00221538c4a8}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bfaf7563-aa53-11dd-9249-00221538c4a8}\ deleted successfully.
========== FILES ==========
C:RecycleX-5-4-27-2345678318-4567890223-4234567884-2341 moved successfully.
C:RecycleP-1-3-64-8794238531-8742492-9897532 moved successfully.
C:Recycle moved successfully.
C:SYSTEMS-1-5-21-1482476501-1644491937-682003330-1013 moved successfully.
C:SYSTEM moved successfully.
File/Folder C:WINDOWSsystem32driversa211ammx.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~186C2~1LOCALS~1Tempetilqs_fGq27f8bW8xPOh9CafVS scheduled to be deleted on reboot.
File delete failed. C:DOCUME~186C2~1LOCALS~1Tempetilqs_fGq27f8bW8xPOh9CafVS-journal scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01082009_200512
Files moved on Reboot…
File C:DOCUME~186C2~1LOCALS~1Tempetilqs_fGq27f8bW8xPOh9CafVS not found!
File C:DOCUME~186C2~1LOCALS~1Tempetilqs_fGq27f8bW8xPOh9CafVS-journal not found!
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�009wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�008wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�007wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�006wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�005wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�004wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�003wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�002wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�001wb.vx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000adoc.bx moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000md.dat moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000url.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000w.ax moved successfully.
C:Documents and SettingsПользовательLocal SettingsApplication DataOperaOperaProfilevps�000wb.vx moved successfully.
RSIT logLogfile of random’s system information tool 1.05 (written by random/random)
Run by Пользователь at 2009-01-08 20:12:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (76%) free of 52 GB
Total RAM: 2039 MB (76% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:37, on 08.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32acs.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSATK0100HControl.exe
C:Program FilesASUSATK MediaDMEDIA.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesAdobeAdobe Acrobat 6.0Distillracrotray.exe
C:WINDOWSATK0100ATKOSD.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsПользовательРабочий столRSIT.exe
C:Program Filestrend microПользователь.exeR1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://store.adobe.com/store/general/redirect.jhtml?serial=104510845631345102700158
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEToolbarHelper Class — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [HomeAlarm] C:Program FilesChameleon ClockChamClock.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: PowerReg SchedulerV2.exe
O4 — Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAdobe Acrobat 6.0Distillracrotray.exe
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Atheros Configuration Service (acs) — Atheros — C:WINDOWSsystem32acs.exe
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6944 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatActiveXAcroIEHelper.dll [2003-05-14 50376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll [2003-05-15 147456][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesAdobeAdobe Acrobat 6.0AcrobatAcroIEFavClient.dll [2003-05-15 147456][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2007-08-10 141848]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2007-08-10 166424]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2007-08-10 137752]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-10-14 110592]
«ATKMEDIA»=C:Program FilesASUSATK MediaDMEDIA.EXE [2006-06-08 53248]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-07-31 16806912]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2008-06-19 57344]
«BluetoothAuthenticationAgent»=C:WINDOWSsystem32bthprops.cpl [2004-08-17 110592]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe [2004-10-09 1159168]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-08-18 1447168][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-09-25 25565992]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-02-22 217544]
«HomeAlarm»=C:Program FilesChameleon ClockChamClock.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2
«wscsvc»=2C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Acrobat Assistant.lnk — C:Program FilesAdobeAdobe Acrobat 6.0Distillracrotray.exe
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXEC:Documents and SettingsПользовательГлавное менюПрограммыАвтозагрузка
PowerReg SchedulerV2.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2007-08-07 208896][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Documents and SettingsПользовательkkkfucku.exe»=»C:Documents and SettingsПользовательkkkfucku.exe:*:Enabled:Windows Messanger»
«C:RecycleX-5-4-27-2345678318-4567890223-4234567884-2341RisinG.exe»=»C:RecycleX-5-4-27-2345678318-4567890223-4234567884-2341RisinG.exe:*:Enabled:Windows Messanger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-01-08 20:05:12 —-D—- C:_OTMoveIt
2009-01-08 20:02:15 —-RASHD—- C:autorun.inf
2009-01-08 16:22:51 —-D—- C:rsit
2009-01-08 16:22:51 —-D—- C:Program Filestrend micro
2009-01-06 23:10:35 —-A—- C:WINDOWSModemLog_Agere Systems HDA Modem.txt
2008-12-27 01:47:18 —-A—- C:WINDOWSUNINST16.EXE
2008-12-13 02:07:03 —-D—- C:Program FilesMathSoft
2008-12-12 01:36:22 —-D—- C:Documents and SettingsПользовательApplication DataQIP
2008-12-12 01:35:43 —-D—- C:Program FilesQIP Infium======List of files/folders modified in the last 1 months======
2009-01-08 20:11:26 —-D—- C:Documents and SettingsПользовательApplication DataSkype
2009-01-08 20:11:14 —-D—- C:WINDOWSTemp
2009-01-08 20:10:12 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-08 20:05:23 —-D—- C:WINDOWSPrefetch
2009-01-08 20:04:11 —-D—- C:Documents and SettingsПользовательApplication DataskypePM
2009-01-08 16:22:51 —-RD—- C:Program Files
2009-01-08 02:24:00 —-D—- C:WINDOWS
2009-01-04 21:43:49 —-D—- C:WINDOWSsystem32
2009-01-04 21:43:49 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-04 21:42:10 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-02 22:33:33 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-02 17:44:58 —-D—- C:Documents and SettingsПользовательApplication DataAdobe
2008-12-13 02:09:03 —-SHD—- C:WINDOWSInstaller
2008-12-13 02:07:41 —-SD—- C:Documents and SettingsПользовательApplication DataMicrosoft
2008-12-13 02:07:08 —-D—- C:Program FilesCommon FilesInstallShield
2008-12-13 02:07:03 —-RSD—- C:WINDOWSFonts
2008-12-12 01:33:44 —-D—- C:Program FilesQIP======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-08-18 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-18 40448]
R1 VD_FileDisk;VD_FileDisk; C:WINDOWSsystem32driversVD_FileDisk.sys [2006-01-13 15872]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-08-18 39944]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2008-03-21 1203776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSar5416.sys [2007-06-26 1296800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; ??C:WINDOWSATK0100ASNDIS5.SYS []
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-08-07 5776864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-08-12 4751360]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-09-19 101504]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WSIMD;wsimd Service; C:WINDOWSsystem32DRIVERSwsimd.sys [2007-05-14 57216]
S3 axscdv9b;axscdv9b; C:WINDOWSsystem32driversaxscdv9b.sys []
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2004-08-17 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 Tosrfcom;Tosrfcom; C:WINDOWSsystem32driversTosrfcom.sys []
S3 UIUSys;Conexant Setup API; C:WINDOWSsystem32DRIVERSUIUSYS.SYS []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acs;Atheros Configuration Service; C:WINDOWSsystem32acs.exe [2007-04-06 364628]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:WINDOWSsystem32agrsmsvc.exe [2008-03-18 13312]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-08-18 468224]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-02-25 125048]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-10-12 68096]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-08-18 19200]
S4 Abipnadr_se;Abipnadr_se; C:WINDOWSsystem32driverswanarp.sys [2004-08-18 34560]
EOF
вроде ошибок больше не появляется.
Проверил лог, всё нормально.
Несколько завершающих действий.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
