• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Помогите убрать ленту новостей
Adguard
 

Помогите убрать ленту новостей

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Помогите убрать ленту новостей

  • This topic has 5 ответов, 2 участника, and was last updated 16 years, 5 months назад by mrRastishka.
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Автор
    Сообщения
  • 22 января, 2009 в 11:11 пп #16183
    mrRastishka
    Participant
    • Темы:1
    • Сообщений:3
    • ☆

    Помогите убрать спам баннер лента новостей из ИЕ! плз!
    вот два лога
    inf.txt

    info.txt logfile of random’s system information tool 1.05 2009-01-23 02:04:45

    ======Uninstall list======

    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    ACDSee 8—>MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
    Aditor Pro version 3.10—>»C:WINDOWSUNISTB32.EXE» /U «C:Program FilesAditorUNINST0.000» «C:Program FilesAditorUNINST1.000»
    Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
    Adobe Reader 7.0.5 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
    Adobe Shockwave Player 11—>C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
    AoA MP4 Converter—>»C:Program FilesAoA MP4 Converterunins000.exe»
    Apple Mobile Device Support—>MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
    ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
    ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Bonjour—>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    ffdshow—>»C:Program FilesK-Lite Codec Packffdshowuninstall.exe»
    HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
    Hotfix for Windows XP (KB909394)—>»C:WINDOWS$NtUninstallKB909394$spuninstspuninst.exe»
    iTunes—>MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
    K-Lite Mega Codec Pack 1.53—>»C:Program FilesK-Lite Codec Packunins000.exe»
    Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
    Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
    Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft ActiveSync—>MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
    MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
    Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
    neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NOD32 antivirus system—>C:Program FilesEsetSetupsetup.exe /UNINSTALL
    NOD32 FiX v2.1—>»C:Program FilesEsetunins000.exe»
    Norton Security Scan—>MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
    Opera 9.50—>MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
    Paint.NET v3.22—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFPaintDN.inf,Uninstall
    QIP 2005 8081—>»C:Program FilesQIPunins000.exe»
    QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
    QIP Infium 2.0.9022 RC4—>»C:Program FilesQIP Infiumunins000.exe»
    QuickTime—>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Real Alternative 1.50 Lite—>»C:Program FilesReal Alternativeunins000.exe»
    Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
    Safari—>MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
    Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
    Winamp—>»C:Program FilesWinampUninstWA.exe»
    WinRAR archiver—>C:Program FilesWinRARuninstall.exe
    x264 Revision 569 x264.nl (remove only)—>»C:Program Filesx264x264-uninstall.exe»

    ======Hosts File======

    127.0.0.1 mpa.one.microsoft.com
    208.109.46.212 http://www.driver-soft.com

    ======Security center information======

    AV: Eset NOD32 antivirus system 2.70

    System event log

    Computer Name: RASTISHKA
    Event Code: 62486
    Message: Invalid parameters

    Record Number: 20387
    Source Name: ati2mtag
    Time Written: 20081226092535.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 62486
    Message: Invalid parameters

    Record Number: 20386
    Source Name: ati2mtag
    Time Written: 20081226092535.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 62486
    Message: Invalid parameters

    Record Number: 20385
    Source Name: ati2mtag
    Time Written: 20081226092535.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 62486
    Message: Invalid parameters

    Record Number: 20384
    Source Name: ati2mtag
    Time Written: 20081226092535.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 62486
    Message: Invalid parameters

    Record Number: 20383
    Source Name: ati2mtag
    Time Written: 20081226092535.000000+180
    Event Type: информация
    User:

    Application event log

    Computer Name: RASTISHKA
    Event Code: 0
    Message:
    Record Number: 873
    Source Name: iPod Service
    Time Written: 20090122232733.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 1
    Message:
    Record Number: 872
    Source Name: Bonjour Service
    Time Written: 20090122232715.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 0
    Message:
    Record Number: 871
    Source Name: iPod Service
    Time Written: 20090122232508.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 1
    Message:
    Record Number: 870
    Source Name: Bonjour Service
    Time Written: 20090122232444.000000+180
    Event Type: информация
    User:

    Computer Name: RASTISHKA
    Event Code: 0
    Message:
    Record Number: 869
    Source Name: iPod Service
    Time Written: 20090122223201.000000+180
    Event Type: информация
    User:

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesATI TechnologiesATI Control Panel;C:Program FilesK-Lite Codec PackQuickTimeQTSystem
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=6
    «PROCESSOR_IDENTIFIER»=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    «PROCESSOR_REVISION»=0d08
    «NUMBER_OF_PROCESSORS»=1
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP
    «CLASSPATH»=.;C:Program FilesK-Lite Codec PackQuickTimeQTSystemQTJava.zip
    «QTJAVA»=C:Program FilesK-Lite Codec PackQuickTimeQTSystemQTJava.zip

    EOF

    log.txt

    Logfile of random’s system information tool 1.05 (written by random/random)
    Run by Admin at 2009-01-23 02:04:28
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (43%) free of 8 GB
    Total RAM: 511 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:04:42, on 23.01.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    C:Program FilesBonjourmDNSResponder.exe
    C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    C:Program FilesEsetnod32krn.exe
    C:WINDOWSSOUNDMAN.EXE
    C:Program FilesSynapticsSynTPSynTPEnh.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesMicrosoft ActiveSyncwcescomm.exe
    C:PROGRA~1MICROS~3rapimgr.exe
    C:Program FilesOperaopera.exe
    C:Documents and SettingsAdminРабочий столRSIT.exe
    C:Program Filestrend microAdmin.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://carnage.ru/
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.1.33:3128
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    O1 — Hosts: 208.109.46.212 http://www.driver-soft.com
    O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
    O2 — BHO: wxilibP — {7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE} — C:Documents and SettingsAll UsersApplication Datawxilib.dll
    O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] HDAShCut.exe
    O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 — HKLM..Run: [AlcWzrd] ALCWZRD.EXE
    O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
    O4 — HKLM..Run: [D_V_T] C:\dvt.exe /S C:\d_v_t.reg
    O4 — HKLM..Run: [QuickTime Task] «C:Program FilesK-Lite Codec PackQuickTimeqttask.exe» -atboottime
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
    O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
    O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
    O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
    O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
    O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

    —
    End of file — 6056 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksNorton Security Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE}]
    APE Data Feeder — C:Documents and SettingsAll UsersApplication Datawxilib.dll [2009-01-22 323584]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «Ярлык для страницы свойств High Definition Audio»=C:WINDOWSsystem32HDAShCut.exe [2005-12-26 61952]
    «ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-04-28 344064]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-06-21 90112]
    «AlcWzrd»=C:WINDOWSALCWZRD.EXE [2005-07-13 2806272]
    «SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2005-04-15 708697]
    «nod32kui»=C:Program FilesEsetnod32kui.exe [2008-07-23 1003912]
    «D_V_T»=C:\dvt.exe [2008-07-23 3584]
    «QuickTime Task»=C:Program FilesK-Lite Codec PackQuickTimeqttask.exe [2008-09-06 413696]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-03-15 30208]
    «H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
    C:WINDOWSsystem32ctfmon.exe [2008-03-15 30208]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
    C:Program FilesDAEMON Tools Litedaemon.exe [2008-02-14 486856]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
    C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
    C:Program FilesiTunesiTunesHelper.exe [2008-10-01 289576]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
    C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
    C:PROGRA~1MICROS~2Office10OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
    C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2005-09-24 29696]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2005-04-28 46080]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=323
    «NoSharedDocuments»=1
    «NoSMConfigurePrograms»=1
    «NoDriveAutoRun»=67108863
    «NoDrives»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveAutoRun»=
    «NoDriveTypeAutoRun»=
    «NoDrives»=

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
    «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
    «C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
    «C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
    «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
    «C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

    ======List of files/folders created in the last 1 months======

    2009-01-23 02:04:28 —-D—- C:rsit
    2009-01-23 02:04:28 —-D—- C:Program Filestrend micro
    2009-01-23 01:54:29 —-D—- C:WINDOWStemp
    2009-01-23 01:54:27 —-A—- C:ComboFix.txt
    2009-01-23 01:51:54 —-D—- C:ComboFix
    2009-01-23 01:12:38 —-A—- C:WINDOWSzip.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSVFIND.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSSWREG.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSsed.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSNIRCMD.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSgrep.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSfdsv.exe
    2009-01-23 01:12:37 —-A—- C:WINDOWSSWXCACLS.exe
    2009-01-23 01:12:37 —-A—- C:WINDOWSSWSC.exe
    2009-01-23 01:12:30 —-D—- C:WINDOWSERDNT
    2009-01-23 01:12:30 —-D—- C:Qoobox
    2009-01-22 22:13:32 —-A—- C:Documents and SettingsAll UsersApplication Datawxilib.dll
    2009-01-22 11:39:36 —-SHD—- C:found.001
    2009-01-18 21:43:42 —-D—- C:Documents and SettingsAdminApplication DataSkype
    2009-01-18 21:43:31 —-D—- C:Program FilesSkype
    2009-01-18 21:43:30 —-D—- C:Program FilesCommon FilesSkype

    ======List of files/folders modified in the last 1 months======

    2009-01-23 02:04:28 —-RD—- C:Program Files
    2009-01-23 01:54:56 —-A—- C:WINDOWSSchedLgU.Txt
    2009-01-23 01:54:30 —-D—- C:WINDOWSsystem32
    2009-01-23 01:54:29 —-D—- C:WINDOWS
    2009-01-23 01:53:43 —-D—- C:WINDOWSsystem32CatRoot2
    2009-01-23 01:53:30 —-A—- C:WINDOWSsystem.ini
    2009-01-23 01:53:04 —-D—- C:WINDOWSsystem32drivers
    2009-01-23 01:53:03 —-D—- C:WINDOWSAppPatch
    2009-01-23 01:53:03 —-D—- C:Program FilesCommon Files
    2009-01-23 01:31:08 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
    2009-01-23 01:27:39 —-D—- C:WINDOWSSoftwareDistribution
    2009-01-23 01:13:57 —-D—- C:Program FilesESET
    2009-01-23 01:12:37 —-SHD—- C:System Volume Information
    2009-01-23 01:12:37 —-D—- C:WINDOWSsystem32Restore
    2009-01-23 00:13:07 —-SH—- C:boot.ini
    2009-01-23 00:13:07 —-D—- C:WINDOWSpss
    2009-01-23 00:13:06 —-A—- C:WINDOWSwin.ini
    2009-01-22 23:49:44 —-D—- C:Program FilesInternet Explorer
    2009-01-22 21:33:15 —-D—- C:Program FilesQIP
    2009-01-22 11:02:33 —-D—- C:Program FilesQIP Infium
    2009-01-22 03:38:34 —-D—- C:Documents and SettingsAdminApplication DataskypePM
    2009-01-21 18:48:53 —-HD—- C:Program FilesInstallShield Installation Information
    2009-01-21 18:00:00 —-D—- C:Program FilesNorton Security Scan
    2009-01-18 21:43:39 —-SHD—- C:WINDOWSInstaller
    2009-01-18 21:43:34 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
    2009-01-02 20:11:59 —-A—- C:WINDOWSNeroDigital.ini
    2009-01-02 20:11:49 —-D—- C:Program FilesK-Lite Codec Pack
    2009-01-02 20:11:42 —-A—- C:WINDOWSsystem32x264vfw.dll
    2008-12-26 16:29:11 —-RSHDC—- C:WINDOWSsystem32dllcache

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-03-15 40448]
    R1 nod32drv;nod32drv; ??C:WINDOWSsystem32driversnod32drv.sys []
    R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-03-15 8832]
    R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
    R2 AMON;AMON; ??C:WINDOWSsystem32driversamon.sys []
    R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
    R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-03-15 60800]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-04-28 1132544]
    R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-03-15 14080]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-07-13 3851264]
    R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-03-15 61824]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2007-07-12 96384]
    R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2005-04-15 189664]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-03-15 30208]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-03-15 59520]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-03-15 20608]
    S3 aotsqd0t;aotsqd0t; C:WINDOWSsystem32driversaotsqd0t.sys []
    S3 catchme;catchme; ??C:ComboFixcatchme.sys []
    S3 HdAudAddService;Драйвер функции Microsoft UAA для службы High Definition Audio; C:WINDOWSsystem32driversHdAudio.sys [2005-12-26 145920]
    S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
    S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
    S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
    S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2008-10-01 32000]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-03-15 26496]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-04-28 364544]
    R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
    R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-07-23 635272]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
    S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2008-10-01 536872]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]

    EOF

    24 января, 2009 в 4:42 пп #21463
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
    Запустите программу и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

    :Processes
    
explorer.exe
    

    
:services
    
aotsqd0t
    

    
:reg
    
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE}]
    

    
:files
    
C:Documents and SettingsAll UsersApplication Datawxilib.dll
    
C:WINDOWSsystem32driversaotsqd0t.sys
    

    
:Commands
    
[emptytemp]
    
[start explorer]
    
[Reboot]

    Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
    По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
    Так же приложите свежий RSIT лог.

    25 января, 2009 в 11:05 дп #21467
    mrRastishka
    Participant
    • Темы:1
    • Сообщений:3
    • ☆

    спасибо за ответ!))
    Лог Мув ит
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Unable to stop service aotsqd0t .
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E3EDD51-48FD-40F2-ACE4-0D2D9F2889AE}\ deleted successfully.
    ========== FILES ==========
    C:Documents and SettingsAll UsersApplication Datawxilib.dll unregistered successfully.
    C:Documents and SettingsAll UsersApplication Datawxilib.dll moved successfully.
    File/Folder C:WINDOWSsystem32driversaotsqd0t.sys not found.
    ========== COMMANDS ==========
    File delete failed. C:DOCUME~1AdminLOCALS~1TempWCESLog.log scheduled to be deleted on reboot.
    User’s Temp folder emptied.
    User’s Temporary Internet Files folder emptied.
    User’s Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
    File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
    Opera cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01252009_135600

    Files moved on Reboot…
    C:DOCUME~1AdminLOCALS~1TempWCESLog.log moved successfully.
    C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001wb.vx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
    C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.

    лог. тхт RSit
    Logfile of random’s system information tool 1.05 (written by random/random)
    Run by Admin at 2009-01-25 13:58:53
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (43%) free of 8 GB
    Total RAM: 511 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:58:59, on 25.01.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSnotepad.exe
    C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    C:Program FilesBonjourmDNSResponder.exe
    C:Program FilesEsetnod32krn.exe
    C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    C:WINDOWSSOUNDMAN.EXE
    C:Program FilesSynapticsSynTPSynTPEnh.exe
    C:Program FilesEsetnod32kui.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesMicrosoft ActiveSyncwcescomm.exe
    C:PROGRA~1MICROS~3rapimgr.exe
    C:Program FilesOperaopera.exe
    C:Program FilesQIPqip.exe
    C:Documents and SettingsAdminРабочий столRSIT.exe
    C:WINDOWSsystem32wuauclt.exe
    C:Program Filestrend microAdmin.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://carnage.ru/
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.1.33:3128
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;
    R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
    O1 — Hosts: 208.109.46.212 http://www.driver-soft.com
    O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
    O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] HDAShCut.exe
    O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 — HKLM..Run: [AlcWzrd] ALCWZRD.EXE
    O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
    O4 — HKLM..Run: [D_V_T] C:\dvt.exe /S C:\d_v_t.reg
    O4 — HKLM..Run: [QuickTime Task] «C:Program FilesK-Lite Codec PackQuickTimeqttask.exe» -atboottime
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
    O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
    O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
    O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
    O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
    O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

    —
    End of file — 6054 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksNorton Security Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «Ярлык для страницы свойств High Definition Audio»=C:WINDOWSsystem32HDAShCut.exe [2005-12-26 61952]
    «ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-04-28 344064]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-06-21 90112]
    «AlcWzrd»=C:WINDOWSALCWZRD.EXE [2005-07-13 2806272]
    «SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2005-04-15 708697]
    «nod32kui»=C:Program FilesEsetnod32kui.exe [2008-07-23 1003912]
    «D_V_T»=C:\dvt.exe [2008-07-23 3584]
    «QuickTime Task»=C:Program FilesK-Lite Codec PackQuickTimeqttask.exe [2008-09-06 413696]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-03-15 30208]
    «H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
    C:WINDOWSsystem32ctfmon.exe [2008-03-15 30208]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
    C:Program FilesDAEMON Tools Litedaemon.exe [2008-02-14 486856]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
    C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
    C:Program FilesiTunesiTunesHelper.exe [2008-10-01 289576]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
    C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
    C:PROGRA~1MICROS~2Office10OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
    C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2005-09-24 29696]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2005-04-28 46080]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=323
    «NoSharedDocuments»=1
    «NoSMConfigurePrograms»=1
    «NoDriveAutoRun»=67108863
    «NoDrives»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveAutoRun»=
    «NoDriveTypeAutoRun»=
    «NoDrives»=

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
    «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
    «C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
    «C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
    «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
    «C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

    ======List of files/folders created in the last 1 months======

    2009-01-25 13:56:12 —-SHD—- C:RECYCLER
    2009-01-25 13:56:00 —-D—- C:_OTMoveIt
    2009-01-23 02:04:28 —-D—- C:rsit
    2009-01-23 02:04:28 —-D—- C:Program Filestrend micro
    2009-01-23 01:54:29 —-D—- C:WINDOWStemp
    2009-01-23 01:54:27 —-A—- C:ComboFix.txt
    2009-01-23 01:51:54 —-D—- C:ComboFix
    2009-01-23 01:12:38 —-A—- C:WINDOWSzip.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSVFIND.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSSWREG.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSsed.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSNIRCMD.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSgrep.exe
    2009-01-23 01:12:38 —-A—- C:WINDOWSfdsv.exe
    2009-01-23 01:12:37 —-A—- C:WINDOWSSWXCACLS.exe
    2009-01-23 01:12:37 —-A—- C:WINDOWSSWSC.exe
    2009-01-23 01:12:30 —-D—- C:WINDOWSERDNT
    2009-01-23 01:12:30 —-D—- C:Qoobox
    2009-01-22 11:39:36 —-SHD—- C:found.001
    2009-01-18 21:43:42 —-D—- C:Documents and SettingsAdminApplication DataSkype
    2009-01-18 21:43:31 —-D—- C:Program FilesSkype
    2009-01-18 21:43:30 —-D—- C:Program FilesCommon FilesSkype

    ======List of files/folders modified in the last 1 months======

    2009-01-25 13:56:28 —-A—- C:WINDOWSSchedLgU.Txt
    2009-01-24 14:30:32 —-D—- C:Documents and SettingsAdminApplication DataskypePM
    2009-01-24 14:25:41 —-RD—- C:Program Files
    2009-01-23 19:05:52 —-D—- C:Program FilesESET
    2009-01-23 19:04:57 —-SH—- C:boot.ini
    2009-01-23 19:04:57 —-A—- C:WINDOWSwin.ini
    2009-01-23 19:04:57 —-A—- C:WINDOWSsystem.ini
    2009-01-23 18:00:03 —-D—- C:Program FilesNorton Security Scan
    2009-01-23 01:54:30 —-D—- C:WINDOWSsystem32
    2009-01-23 01:54:29 —-D—- C:WINDOWS
    2009-01-23 01:53:43 —-D—- C:WINDOWSsystem32CatRoot2
    2009-01-23 01:53:04 —-D—- C:WINDOWSsystem32drivers
    2009-01-23 01:53:03 —-D—- C:WINDOWSAppPatch
    2009-01-23 01:53:03 —-D—- C:Program FilesCommon Files
    2009-01-23 01:31:08 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
    2009-01-23 01:27:39 —-D—- C:WINDOWSSoftwareDistribution
    2009-01-23 01:12:37 —-SHD—- C:System Volume Information
    2009-01-23 01:12:37 —-D—- C:WINDOWSsystem32Restore
    2009-01-23 00:13:07 —-D—- C:WINDOWSpss
    2009-01-22 23:49:44 —-D—- C:Program FilesInternet Explorer
    2009-01-22 21:33:15 —-D—- C:Program FilesQIP
    2009-01-21 18:48:53 —-HD—- C:Program FilesInstallShield Installation Information
    2009-01-18 21:43:39 —-SHD—- C:WINDOWSInstaller
    2009-01-18 21:43:34 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
    2009-01-02 20:11:59 —-A—- C:WINDOWSNeroDigital.ini
    2009-01-02 20:11:49 —-D—- C:Program FilesK-Lite Codec Pack
    2009-01-02 20:11:42 —-A—- C:WINDOWSsystem32x264vfw.dll
    2008-12-26 16:29:11 —-RSHDC—- C:WINDOWSsystem32dllcache

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-03-15 40448]
    R1 nod32drv;nod32drv; ??C:WINDOWSsystem32driversnod32drv.sys []
    R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-03-15 8832]
    R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
    R2 AMON;AMON; ??C:WINDOWSsystem32driversamon.sys []
    R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
    R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-03-15 60800]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-04-28 1132544]
    R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-03-15 14080]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
    R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-07-13 3851264]
    R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
    R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-03-15 61824]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2007-07-12 96384]
    R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2005-04-15 189664]
    R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-03-15 30208]
    R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-03-15 59520]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-03-15 20608]
    S3 a6vwnxnl;a6vwnxnl; C:WINDOWSsystem32driversa6vwnxnl.sys []
    S3 catchme;catchme; ??C:ComboFixcatchme.sys []
    S3 HdAudAddService;Драйвер функции Microsoft UAA для службы High Definition Audio; C:WINDOWSsystem32driversHdAudio.sys [2005-12-26 145920]
    S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
    S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2008-10-01 32000]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-03-15 26496]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-04-28 364544]
    R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
    R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-07-23 635272]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
    S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2008-10-01 536872]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]

    EOF

    25 января, 2009 в 4:45 пп #21464
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    RSIT лог выглядит нормально. Как работает компьютер ?

    25 января, 2009 в 6:44 пп #21466
    mrRastishka
    Participant
    • Темы:1
    • Сообщений:3
    • ☆

    спасибо все хорошо работает Лента пропала..:))
    Спасибо за помощь!))

    26 января, 2009 в 4:27 пп #21465
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Несколько завершающих действий.

    Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
    Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.

    Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ..

    Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.

    Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.

    После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.

    Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.

    Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.

    Всего доброго!

  • Автор
    Сообщения
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 8 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 9 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    5 years, 11 months назад
  • Замучила реклама опубликовано Данила Беспятов
    6 years назад
  • Замучила реклама опубликовано Марк
    5 years, 9 months назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years, 2 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    5 years, 11 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 3 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)