- This topic has 6 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
Flash_Disinfector не помог, осталось всё тоже самое.
Лог RSIT:Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-02-10 13:44:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (45%) free of 51 GB
Total RAM: 2047 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:08, on 10.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSExplorer.EXE
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
C:Program FilesAd MuncherAdMunch.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FileslouderitLouderIt.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqgalry.exe
C:Program FilesQIP Infiuminfium.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSpchealthhelpctrSystempanelsblank.htm
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: flashget2 urlcatch — {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} — C:Program FilesFlashGet NetworkFlashGet universalComDllsbhoCATCH.dll
O2 — BHO: mzdlibP — {753A8E27-66CF-424B-9DF1-D821231E7E9F} — C:Documents and SettingsAll UsersApplication Datamzdlib.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [HP Software Update] «C:Program FilesHPHP Software UpdateHPWuSchd2.exe»
O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
O4 — HKLM..Run: [avgnt] «C:Program FilesAntiVir PersonalEdition Classicavgnt.exe» /min
O4 — HKLM..Run: [Ad Muncher] «C:Program FilesAd MuncherAdMunch.exe» /bt
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [louderit.exe] C:Program FileslouderitLouderIt.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 — Global Startup: Быстрый запуск HP Image Zone.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O8 — Extra context menu item: &Download All by FlashGet — C:Program FilesFlashGet NetworkFlashGet universalComDllsBhoall.htm
O8 — Extra context menu item: &Download by FlashGet — C:Program FilesFlashGet NetworkFlashGet universalComDllsBholink.htm
O8 — Extra context menu item: &Перевести — C:Program FilesArsenal CompanySOCRAT InternetHTMLWSocrat.js
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 — Extra context menu item: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 — Extra context menu item: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 — Extra context menu item: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 — Extra context menu item: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/zakladki.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/dic.htm
O9 — Extra button: (no name) — DctMapping — (no file)
O9 — Extra button: СОКРАТ Интернет 3.0 — {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: Настройки СОКРАТ Интернет 3.0 — {71F65890-5ED6-11d4-9665-00E02962D81A} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternetT.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Перевести страницу — {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O23 — Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 — Service: AntiVir PersonalEdition Classic Guard (AntiVirService) — Avira GmbH — C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: NST ToolTipFixer (TTFixerService) — NeoSmart Technologies — C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 12196 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl — C:Program FilesFlashGet NetworkFlashGet universalComDllsbhoCATCH.dll [2008-08-19 104016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}]
LTAC Data Helper Object — C:Documents and SettingsAll UsersApplication Datamzdlib.dll [2009-02-05 322560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-15 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-01-19 131072][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-12-23 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-12-30 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-15 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-15 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-12-26 849392]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-22 1090824]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-12-23 2403392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2004-02-12 49152]
«HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
«avgnt»=C:Program FilesAntiVir PersonalEdition Classicavgnt.exe [2007-04-02 327720]
«Ad Muncher»=C:Program FilesAd MuncherAdMunch.exe [2007-11-03 779776][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«louderit.exe»=C:Program FileslouderitLouderIt.exe [2008-02-19 41472]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2008-05-30 722112]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-10-24 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
C:Program FilesDRToolsdaemon.exe [2004-08-22 81920][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2008-08-04 36352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregxqkaiszu.exe]
C:WINDOWSxqkaiszu.exe [2009-02-05 3584][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-22 449800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«PnkBstrA»=2C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe
Быстрый запуск HP Image Zone.lnk — C:Program FilesHPDigital Imagingbinhpqthb08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesFlashGet NetworkFlashGet universalFlashGet.exe»=»C:Program FilesFlashGet NetworkFlashGet universalFlashGet.exe:*:Enabled:Flashget2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1fb697ff-b306-11dd-8362-806d6172696f}]
shellAutoRuncommand — E:run.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{446f1a16-cce8-11dd-b146-002215d0a8ae}]
shellAutoRuncommand — F:
shellExplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellFindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellOpencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab20ff0b-dcef-11dd-8cc8-002215d0a8ae}]
shellAutoRuncommand — G:n1deiect.com
shellexplorecommand — G:n1deiect.com
shellopencommand — G:n1deiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa62c6a2-e941-11dd-8a79-002215d0a8ae}]
shellAutoRuncommand — G:
shellExplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellFindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellOpencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music======List of files/folders created in the last 1 months======
2009-02-10 13:44:23 —-D—- C:Program Filestrend micro
2009-02-10 13:44:22 —-D—- C:rsit
2009-02-09 10:00:49 —-D—- C:_OTMoveIt
2009-02-07 19:50:34 —-D—- C:Program FilesMedal of Honor — Airborne
2009-02-07 12:24:43 —-D—- C:WINDOWS65F1CF6331E0450B96F34A88BE7361A6.TMP
2009-02-06 19:08:44 —-RASHD—- C:autorun.inf
2009-02-06 16:26:15 —-D—- C:Program FilesAd Muncher
2009-02-06 16:22:38 —-D—- C:Documents and SettingsAdminApplication DataOpera
2009-02-06 16:22:32 —-D—- C:Program FilesOpera
2009-02-06 16:16:35 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
2009-02-06 16:16:30 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-06 16:16:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-06 16:11:50 —-D—- C:WINDOWSpss
2009-02-05 18:32:15 —-D—- C:Program FilesPCGAME
2009-02-05 15:53:45 —-A—- C:Documents and SettingsAll UsersApplication Datamzdlib.dll
2009-02-05 15:51:30 —-A—- C:WINDOWSxqkaiszu.exe
2009-02-05 14:03:24 —-A—- C:WINDOWSActive Setup Log.txt
2009-02-05 10:19:16 —-D—- C:Program FilesNoviy Disk
2009-02-05 10:18:47 —-D—- C:Documents and SettingsAdminApplication DataInstallShield
2009-02-05 10:11:23 —-A—- C:WINDOWSPool.INI
2009-02-03 18:18:33 —-D—- C:WINDOWSLogs
2009-02-03 14:48:13 —-A—- C:WINDOWSunin0419.exe
2009-02-01 23:35:57 —-D—- C:Program FilesCommon FilesTotem Shared
2009-02-01 23:35:55 —-D—- C:Program FilesStripSaver2
2009-02-01 21:55:42 —-D—- C:WINDOWSspeech
2009-01-26 16:02:55 —-D—- C:Program FilesФото МИКСЕР
2009-01-23 16:18:53 —-D—- C:Program FilesProlific Publishing, Inc
2009-01-23 16:15:50 —-D—- C:Program FilesRipple Screensaver 2.0
2009-01-23 16:12:36 —-D—- C:Program FilesNature 3D Screensaver
2009-01-14 20:04:38 —-D—- C:Documents and SettingsAdminApplication DataMakeupGuide
2009-01-13 13:01:13 —-D—- C:Program FilesSereneScreen
2009-01-13 12:49:10 —-D—- C:Documents and SettingsAdminApplication DataChemTable Software======List of files/folders modified in the last 1 months======
2009-02-10 13:44:23 —-AD—- C:Program Files
2009-02-10 09:32:53 —-D—- C:WINDOWSTemp
2009-02-10 09:32:52 —-D—- C:WINDOWS
2009-02-10 09:31:44 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-09 17:11:26 —-A—- C:WINDOWSsystem32akelpad.ini
2009-02-09 13:51:58 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-07 21:18:02 —-SHD—- C:WINDOWSInstaller
2009-02-07 19:33:34 —-HD—- C:WINDOWSinf
2009-02-07 19:33:34 —-D—- C:WINDOWSsystem32DirectX
2009-02-07 19:33:31 —-RSD—- C:WINDOWSassembly
2009-02-07 12:24:41 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-02-06 18:29:03 —-D—- C:Documents and SettingsAdminApplication DataBITS
2009-02-06 17:28:17 —-D—- C:Downloads
2009-02-06 16:54:07 —-ASH—- C:boot.ini
2009-02-06 16:54:07 —-A—- C:WINDOWSwin.ini
2009-02-06 16:54:07 —-A—- C:WINDOWSsystem.ini
2009-02-06 16:40:16 —-D—- C:WINDOWSsystem32drivers
2009-02-06 16:20:08 —-AD—- C:WINDOWSsystem32
2009-02-06 09:19:33 —-D—- C:Program FilesvanBasco’s Karaoke Player
2009-02-05 23:01:53 —-D—- C:Games
2009-02-05 17:31:30 —-D—- C:WINDOWSNetwork Diagnostic
2009-02-05 16:30:02 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-02-05 10:19:21 —-HD—- C:Program FilesInstallShield Installation Information
2009-02-05 10:16:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-04 12:27:21 —-D—- C:Documents and SettingsAdminApplication DataQIP.Online
2009-02-04 12:12:07 —-D—- C:Program FilesQIP Infium
2009-02-03 11:53:53 —-RSD—- C:WINDOWSFonts
2009-02-01 23:35:57 —-AD—- C:Program FilesCommon Files
2009-02-01 21:55:47 —-D—- C:WINDOWSmsagent
2009-02-01 21:55:47 —-D—- C:WINDOWSHelp
2009-01-31 15:57:10 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2009-01-31 11:50:28 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-17 18:46:11 —-D—- C:Program FilesCommon FilesBinarySense
2009-01-17 14:42:17 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-14 15:50:19 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-01-13 12:48:56 —-D—- C:Program FilesReg Organizer======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2007-03-20 43584]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-14 8832]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 avgntflt;avgntflt; ??C:Program FilesAntiVir PersonalEdition Classicavgntflt.sys []
R3 HdAudAddService;VIA High Definition Audio Service; C:WINDOWSsystem32driversviahdb.sys [2007-08-17 203520]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-10-07 6133856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-08-08 111360]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S1 ethdfzcf;ethdfzcf; C:WINDOWSsystem32driversethdfzcf.sys [2009-02-05 137792]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-15 14720]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:WINDOWSsystem32DRIVERSk510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSk510mdm.sys [2006-02-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSk510mgmt.sys [2006-02-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSk510obex.sys [2006-02-17 83344]
S3 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:Program FilesAntiVir PersonalEdition Classicsched.exe [2007-04-16 57896]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:Program FilesAntiVir PersonalEdition Classicavguard.exe [2007-03-28 204840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-10-07 163908]
R2 TTFixerService;NST ToolTipFixer; C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [2007-06-27 10240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 138168]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-15 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
S4 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-21 66872]
EOF
info.txt logfile of random’s system information tool 1.05 2009-02-10 13:48:09======Uninstall list======
—>MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad Muncher—>C:Program FilesAd Muncheruninst.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Avira AntiVir PersonalEdition Classic—>C:Program FilesAntiVir PersonalEdition Classicsetup.exe /REMOVE
CPU-Z and GPU-Z—>C:Program FilesCPU-ZUninstall.exe
DAEMON Tools—>MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DirectX Update for Xp/Vista—>»C:Program FilesDirectX Updateunins000.exe»
Download Master version 5.5.7.1145—>»C:Program FilesDownload Masterunins000.exe»
Everest—>C:Program FilesEverestUninstall.exe
FlashGet 2.0—>C:Program FilesFlashGet NetworkFlashGet universaluninst.exe
Foxit Reader—>C:Program FilesFoxit ReaderUninstall.exe
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
HashTab&CDClose—>C:WINDOWSsystem32Uninstall.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HITMAN BLOOD MONEY—>MsiExec.exe /X{25AD5846-06D5-4650-A88A-FC3144019A2D}
HITMAN CODENAME 47—>MsiExec.exe /X{14F6B787-CDBE-4A65-BE56-99839A789D7D}
HITMAN CONTRACTS—>MsiExec.exe /X{A551FB38-F804-403F-B855-817577428541}
HITMAN SILENT ASSASSIN—>MsiExec.exe /X{0DF94E2E-74DB-4960-B685-7BACCC0B0C4A}
HP Image Zone 4.0—>C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP Scanjet 3770—>C:Program FilesHPDigital Imaging{7CFD1028-F6C9-4b3c-BD20-51D56E7C7C8D}setuphpzscr01.exe -datfile hpgscr01.dat
HP Software Update—>MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Icon Restore 1.0—>C:WINDOWSunins000.exe
Java(TM) 6 Update 10—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K-Lite Mega Codec Pack 4.1.7—>»C:Program FilesK-Lite Codec Packunins000.exe»
LifeGlobe Goldfish Aquarium—>»C:Program FilesProlific Publishing, Inc.Goldfish Aquariumunins000.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Mathcad 14 Help—>MsiExec.exe /I{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}
Mathcad 14 Resource Center—>MsiExec.exe /I{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}
Mathcad 14 Russian Pack—>C:WINDOWSMathcad 14 Russian Pack Uninstaller.exe
Mathcad 14—>MsiExec.exe /I{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}
Medal of Honor — Airborne—>»D:ИгрыMedal of Honor — Airborneunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MotoGP 2007—>C:PROGRA~1MOTOGP~1UNWISE.EXE C:PROGRA~1MOTOGP~1INSTALL.LOG
MSXML 4.0 SP2 (KB941833)—>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nature 3D Screensaver 1.0—>»C:Program FilesNature 3D Screensaverunins000.exe»
Nero 8 Lite v8.3.6.0—>»C:Program FilesNerounins000.exe»
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04—>MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Opera 9.62—>MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
Paint.NET v 3.36—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
Punto Switcher—>C:Program FilesPunto SwitcherUninstall.exe
QIP Infium 2.0.9024 RC4—>»C:Program FilesQIP Infiumunins000.exe»
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
Reg Organizer 4.22—>»C:Program FilesReg Organizerunins000.exe»
Ripple Screensaver 2.0—>»C:Program FilesRipple Screensaver 2.0uninstall.exe»
S.T.A.L.K.E.R. — Shadow of Chernobyl v1.0004—>»C:Program FilesS.T.A.L.K.E.R. — Shadow of Chernobylunins000.exe»
SereneScreen Aquarium—>»C:Program FilesSereneScreenAquariumunins000.exe»
Sony Noise Reduction Plug-In 2.0h—>MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0—>MsiExec.exe /X{4AEA9A23-D627-4699-8A0F-FC474308C2E6}
The KMPlayer 1432 R2—>»C:Program FilesThe KMPlayerunins000.exe»
ToolTipFixer 1.0.1—>C:Program FilesNeoSmart TechnologiesToolTipFixeruninstall.exe
Total Commander—>C:Program FilesTotal CommanderUninstall.exe
Ultimate Spider-Man (TM)—>C:GamesULTIMA~1UNWISE.EXE C:GamesULTIMA~1INSTALL.LOG
vanBasco’s Karaoke Player—>C:Program FilesvanBasco’s Karaoke Playeruninst.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Vista Games 1.3 XP—>C:Program FilesVista Gamesuninst.exe
Winamp 5.541—>C:Program FilesWinampUninstall.exe
XnView 1.82.4—>»C:Program FilesXnViewunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Большая рыбалка—>C:Program FilesInstallShield Installation Information{09067C87-A39C-499D-9295-5AC3CDAAC095}setup.exe -runfromtemp -l0x0019 -removeonly
МоторM4X—>»D:ИгрыМоторM4Xunins000.exe»
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
СОКРАТ Интернет 3.0 Полиглот—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1CE8874-17FC-4646-81F5-BA704330CD72}setup.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Фото Календарь 2009—>»C:Program FilesФото Календарьunins000.exe»
Яндекс.Бар для Internet Explorer 3.1.1—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
AV: Avira AntiVir PersonalEdition (outdated)
System event log
Computer Name: MICROSOF-AB960B
Event Code: 7036
Message: Служба «Служба сетевого расположения (NLA)» перешла в состояние Работает.Record Number: 7863
Source Name: Service Control Manager
Time Written: 20090203064708.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 7035
Message: Служба «Служба сетевого расположения (NLA)» успешно отправила управляющий элемент «запустить».Record Number: 7862
Source Name: Service Control Manager
Time Written: 20090203064708.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-AB960B
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 7861
Source Name: Service Control Manager
Time Written: 20090203064708.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 7036
Message: Служба «Служба обнаружения SSDP» перешла в состояние Работает.Record Number: 7860
Source Name: Service Control Manager
Time Written: 20090203064708.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 7035
Message: Служба «Служба обнаружения SSDP» успешно отправила управляющий элемент «запустить».Record Number: 7859
Source Name: Service Control Manager
Time Written: 20090203064708.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMApplication event log
Computer Name: MICROSOF-AB960B
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20081115113153.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20081115113150.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20081115113038.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20081115113023.000000+180
Event Type: информация
User:Computer Name: MICROSOF-AB960B
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20081115113013.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
«PROCESSOR_REVISION»=4303
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
У меня получилось убрать с помощью инструкции на этой страничке…
http://golden-b.ru/?p=306
После этого надо ещё что-то делать? Остались ещё следы? И как их удалить?Кроме информера: ваш компьютер заражён autorun.inf трояном.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
ethdfzcf
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}]
[-HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregxqkaiszu.exe]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1fb697ff-b306-11dd-8362-806d6172696f}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{446f1a16-cce8-11dd-b146-002215d0a8ae}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab20ff0b-dcef-11dd-8cc8-002215d0a8ae}]
:files
C:WINDOWSsystem32driversethdfzcf.sys
C:WINDOWSxqkaiszu.exe
C:Documents and SettingsAll UsersApplication Datamzdlib.dll
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. Так же приложите свежий RSIT лог.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service ethdfzcf stopped successfully.
Service ethdfzcf deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregxqkaiszu.exe\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1fb697ff-b306-11dd-8362-806d6172696f}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{446f1a16-cce8-11dd-b146-002215d0a8ae}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab20ff0b-dcef-11dd-8cc8-002215d0a8ae}\ deleted successfully.
========== FILES ==========
C:WINDOWSsystem32driversethdfzcf.sys moved successfully.
C:WINDOWSxqkaiszu.exe moved successfully.
C:Documents and SettingsAll UsersApplication Datamzdlib.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication Datamzdlib.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1AdminLOCALS~1Temp~DF4738.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps�001wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02122009_215139
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-02-15 20:45:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (45%) free of 51 GB
Total RAM: 2047 MB (80% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:21, on 15.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesAd MuncherAdMunch.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FileslouderitLouderIt.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqgalry.exe
C:Program FilesOperaopera.exe
C:Program FilesQIP Infiuminfium.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: flashget2 urlcatch — {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} — C:Program FilesFlashGet NetworkFlashGet universalComDllsbhoCATCH.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [HP Software Update] «C:Program FilesHPHP Software UpdateHPWuSchd2.exe»
O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
O4 — HKLM..Run: [avgnt] «C:Program FilesAntiVir PersonalEdition Classicavgnt.exe» /min
O4 — HKLM..Run: [Ad Muncher] «C:Program FilesAd MuncherAdMunch.exe» /bt
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [louderit.exe] C:Program FileslouderitLouderIt.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 — Global Startup: Быстрый запуск HP Image Zone.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O8 — Extra context menu item: &Download All by FlashGet — C:Program FilesFlashGet NetworkFlashGet universalComDllsBhoall.htm
O8 — Extra context menu item: &Download by FlashGet — C:Program FilesFlashGet NetworkFlashGet universalComDllsBholink.htm
O8 — Extra context menu item: Block frame with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 — Extra context menu item: Block image with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 — Extra context menu item: Block link with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 — Extra context menu item: Don’t filter page with Ad Muncher — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 — Extra context menu item: Report page to the Ad Muncher developers — http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O9 — Extra button: (no name) — DctMapping — (no file)
O9 — Extra button: СОКРАТ Интернет 3.0 — {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: Настройки СОКРАТ Интернет 3.0 — {71F65890-5ED6-11d4-9665-00E02962D81A} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternetT.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Перевести страницу — {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O23 — Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 — Service: AntiVir PersonalEdition Classic Guard (AntiVirService) — Avira GmbH — C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: NST ToolTipFixer (TTFixerService) — NeoSmart Technologies — C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10628 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl — C:Program FilesFlashGet NetworkFlashGet universalComDllsbhoCATCH.dll [2008-08-19 104016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-15 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-01-19 131072][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-12-23 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-12-30 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-15 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-15 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-12-26 849392]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-22 1090824]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-12-23 2403392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2004-02-12 49152]
«HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
«avgnt»=C:Program FilesAntiVir PersonalEdition Classicavgnt.exe [2007-04-02 327720]
«Ad Muncher»=C:Program FilesAd MuncherAdMunch.exe [2007-11-03 779776][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«louderit.exe»=C:Program FileslouderitLouderIt.exe [2008-02-19 41472]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2008-05-30 722112]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-10-24 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
C:Program FilesDRToolsdaemon.exe [2004-08-22 81920][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2008-08-04 36352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-22 449800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«PnkBstrA»=2C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe
Быстрый запуск HP Image Zone.lnk — C:Program FilesHPDigital Imagingbinhpqthb08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesFlashGet NetworkFlashGet universalFlashGet.exe»=»C:Program FilesFlashGet NetworkFlashGet universalFlashGet.exe:*:Enabled:Flashget2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa62c6a2-e941-11dd-8a79-002215d0a8ae}]
shellAutoRuncommand — G:
shellExplorecommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Select music location
shellFindcommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Control: Search music (radio-stations)
shellOpencommand — «.Nokia Music ManagerN-1-5-21-1895552279-3129831955-389522551-6003INFO2Playlist» Playback: Play music======List of files/folders created in the last 1 months======
2009-02-12 15:31:34 —-D—- C:Documents and SettingsAll UsersApplication DataNFS Underground
2009-02-10 13:44:23 —-D—- C:Program Filestrend micro
2009-02-10 13:44:22 —-D—- C:rsit
2009-02-09 10:00:49 —-D—- C:_OTMoveIt
2009-02-07 19:50:34 —-D—- C:Program FilesMedal of Honor — Airborne
2009-02-07 12:24:43 —-D—- C:WINDOWS65F1CF6331E0450B96F34A88BE7361A6.TMP
2009-02-06 19:08:44 —-RASHD—- C:autorun.inf
2009-02-06 16:26:15 —-D—- C:Program FilesAd Muncher
2009-02-06 16:22:38 —-D—- C:Documents and SettingsAdminApplication DataOpera
2009-02-06 16:22:32 —-D—- C:Program FilesOpera
2009-02-06 16:16:35 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
2009-02-06 16:16:30 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-06 16:16:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-06 16:11:50 —-D—- C:WINDOWSpss
2009-02-05 18:32:15 —-D—- C:Program FilesPCGAME
2009-02-05 14:03:24 —-A—- C:WINDOWSActive Setup Log.txt
2009-02-05 10:19:16 —-D—- C:Program FilesNoviy Disk
2009-02-05 10:18:47 —-D—- C:Documents and SettingsAdminApplication DataInstallShield
2009-02-05 10:11:23 —-A—- C:WINDOWSPool.INI
2009-02-03 18:18:33 —-D—- C:WINDOWSLogs
2009-02-03 14:48:13 —-A—- C:WINDOWSunin0419.exe
2009-02-01 23:35:57 —-D—- C:Program FilesCommon FilesTotem Shared
2009-02-01 21:55:42 —-D—- C:WINDOWSspeech
2009-01-23 16:18:53 —-D—- C:Program FilesProlific Publishing, Inc
2009-01-23 16:15:50 —-D—- C:Program FilesRipple Screensaver 2.0
2009-01-23 16:12:36 —-D—- C:Program FilesNature 3D Screensaver======List of files/folders modified in the last 1 months======
2009-02-15 20:02:35 —-D—- C:WINDOWSTemp
2009-02-15 20:00:45 —-D—- C:WINDOWS
2009-02-15 12:18:13 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-12 22:03:47 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-12 22:02:18 —-A—- C:WINDOWSsystem32akelpad.ini
2009-02-12 21:51:39 —-D—- C:WINDOWSsystem32drivers
2009-02-12 19:20:15 —-D—- C:Documents and SettingsAdminApplication DataBITS
2009-02-12 18:44:05 —-D—- C:Downloads
2009-02-12 15:07:17 —-AD—- C:WINDOWSsystem32
2009-02-11 12:56:27 —-AD—- C:Program Files
2009-02-10 22:07:45 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-02-07 21:18:02 —-SHD—- C:WINDOWSInstaller
2009-02-07 19:33:34 —-HD—- C:WINDOWSinf
2009-02-07 19:33:34 —-D—- C:WINDOWSsystem32DirectX
2009-02-07 19:33:31 —-RSD—- C:WINDOWSassembly
2009-02-07 12:24:41 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-02-06 16:54:07 —-ASH—- C:boot.ini
2009-02-06 16:54:07 —-A—- C:WINDOWSwin.ini
2009-02-06 16:54:07 —-A—- C:WINDOWSsystem.ini
2009-02-06 09:19:33 —-D—- C:Program FilesvanBasco’s Karaoke Player
2009-02-05 23:01:53 —-D—- C:Games
2009-02-05 17:31:30 —-D—- C:WINDOWSNetwork Diagnostic
2009-02-05 16:30:02 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-02-05 10:19:21 —-HD—- C:Program FilesInstallShield Installation Information
2009-02-05 10:16:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-04 12:27:21 —-D—- C:Documents and SettingsAdminApplication DataQIP.Online
2009-02-04 12:12:07 —-D—- C:Program FilesQIP Infium
2009-02-03 11:53:53 —-RSD—- C:WINDOWSFonts
2009-02-01 23:35:57 —-AD—- C:Program FilesCommon Files
2009-02-01 21:55:47 —-D—- C:WINDOWSmsagent
2009-02-01 21:55:47 —-D—- C:WINDOWSHelp
2009-01-31 15:57:10 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2009-01-31 11:50:28 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-17 18:46:11 —-D—- C:Program FilesCommon FilesBinarySense
2009-01-17 14:42:17 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2007-03-20 43584]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-14 8832]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 avgntflt;avgntflt; ??C:Program FilesAntiVir PersonalEdition Classicavgntflt.sys []
R3 HdAudAddService;VIA High Definition Audio Service; C:WINDOWSsystem32driversviahdb.sys [2007-08-17 203520]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-10-07 6133856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-08-08 111360]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-15 14720]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:WINDOWSsystem32DRIVERSk510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSk510mdm.sys [2006-02-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSk510mgmt.sys [2006-02-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSk510obex.sys [2006-02-17 83344]
S3 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:Program FilesAntiVir PersonalEdition Classicsched.exe [2007-04-16 57896]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:Program FilesAntiVir PersonalEdition Classicavguard.exe [2007-03-28 204840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-10-07 163908]
R2 TTFixerService;NST ToolTipFixer; C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [2007-06-27 10240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 138168]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-15 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
S4 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-21 66872]
EOF
Несколько завершающих действий.
1. Обновите ваши программы.
Обновите Java, у вас устаревшая версия. Прочитайте эту инструкцию: Как обновить Java.Зайдите на сайт update.microsoft.com и обновите Windows.
2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скавать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.3. Подойдите к защите вашего компьютера более серьёзно.
Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую установить и использовать Оперу или Firefox.
4. Создайте новую точку восстановления и удалите все старые.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
5. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
