- This topic has 11 ответов, 2 участника, and was last updated 16 years, 7 months назад by
.
-
Сообщения
-
появились два значка в нижнем правом углу, один красный крестик и над ним всплывает окно:Your computer might de at risk Antivirus software might not be installed. другой красный щит и над ним всплывает окно: Internet Antivirus Pro hasdetected harmful sostwre in your system. We strongly recommendet you to register Internet Antivirus Pro to remove these threats immediately. мешает пользоваться интернетом 👿 Пожалуйста помогите!
Здравствуйте, добро пожаловать на Spyware-ru форум.
Для начала пожалуйста прочитайте и выполните третий шаг инструкции: Как вылечить компьютер, первые шаги.
Жду от вас HijackThis лог.
спасибо что ответили Valeri
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:07, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesRapidshare DownloaderRD.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe
C:program filesInternet Antivirus ProIAPro.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesTrend MicroHijackThisHijackThis.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daemon-search.com/startpage
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: flashget urlcatch — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — C:Program FilesRapidshare Downloaderjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACEcli.exe» runtime -Delay
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Flashget] C:Program FilesRapidshare DownloaderRD.exe /min
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe»
O4 — HKCU..Run: [Microsoft Windows logon process] C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe
O4 — HKCU..Run: [Internet Antivirus Pro] «C:program filesInternet Antivirus ProIAPro.exe» /s
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Download All with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_all.htm
O8 — Extra context menu item: &Download with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_link.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) — file://C:Program FilesWindows SidebarGadgetsxplugCam.gadgeten-USxplug.ocx
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 — HKLMSystemCCSServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS1ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS2ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O23 — Service: Ad-Aware 2007 Service (aawservice) — Lavasoft AB — C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Guard Service (ITGrdEngine) — Unknown owner — C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe—
End of file — 7658 bytesвот
Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:O4 - HKCU..Run: [Microsoft Windows logon process] C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe
O4 - HKCU..Run: [Internet Antivirus Pro] "C:program filesInternet Antivirus ProIAPro.exe" /sКликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.После этого, скачайте сканер RSIT кликнув по этой ссылке.
Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Жду от вас два RSIT лога.
я перезапустил компютер после этой процедуры но значки не исчезли все продолжается так же как и было.
Если это важно.
Вот то что вы просили.info.txt logfile of random’s system information tool 1.04 2008-11-23 17:49:52
======Uninstall list======
—>C:Program FilesNeroNero 7\nerouninstallUNNERO.exe /UNINSTALL
—>C:Program FilesWeflirt/uninstall.exe
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
4Musics Multiformat Converter 2.2—>»C:Program Files4Musics Multiformat Converterunins000.exe»
4U WMA MP3 Converter 5.9.3—>»C:Program Files4U ComputingWMA MP3 Converterunins000.exe»
Ad-Aware 2007—>MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color EU Recommended Settings—>MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings—>MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings—>MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>C:Program FilesCommon FilesAdobeInstallers5bc0f8414ec36c555a3e7e5ec2e225eSetup.exe
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop CS3—>MsiExec.exe /I{FD0399AC-A38B-4D4B-8164-D7B73AC24030}
Adobe Reader 8.1.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup—>MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alky for Applications (Windows XP)—>MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>MsiExec.exe /I{E74138F2-5F04-4E4F-8389-419E012C9B4C}
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{083F79E4-6FE9-46FB-A6C6-4F8862742947}setup.exe»
ATI Parental Control & Encoder—>MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
ConnectionServices—>»C:Program FilesConnectionServicesUninstall.exe»
DivX Content Uploader—>C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Do You Like Horny Bunnies 2—>C:WINDOWSIsUn0419.exe -f»C:GAMESTRIADADo You Like Horny Bunnies 2Uninst.isu»
DVD Shrink 3.2—>»C:Program FilesDVD Shrinkunins000.exe»
ESET NOD32 Antivirus—>MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
F-Strippoker—>C:Program FilesF-Strippokeruninstall.exe
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Java(TM) 6 Update 10—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K-Lite Codec Pack 3.5.3 Standard—>»C:Program FilesK-Lite Codec Packunins000.exe»
Media Project —>C:Program FilesNetProjectuninst.exe
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
Nero 7 Ultra Edition—>MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Online Sercive Tool —>C:Program FilesWeb Technologiesuninst.exe
OpenSSL 0.9.6m—>C:OpenSSLunins000.exe
Panda ActiveScan—>C:WINDOWSsystem32ASUninst.exe Panda ActiveScan
PDF Settings—>MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PhotoKit Color 2 Plug-In Module—>C:WINDOWSunvise32.exe C:Program FilesPixelGenius Toolbox Plug-In Modulepkc2_uninstal.log
PowerDVD—>»C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -l0x000409 /z-uninstall
Product Key Explorer 1.3—>»C:Program FilesNsasoftProductKeyExplorerunins000.exe»
Project64 1.6—>MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Rapidshare Downloader. Premium Master 1.8—>»C:Program FilesRapidshare Downloaderunins000.exe»
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
Siemens ADSL Router USB Driver—>C:Program FilesInstallShield Installation Information{4D72C47A-8A8C-49C4-BFAC-34EC5D65183B}setup.exe -runfromtemp -l0x0009 -removeonly FORCE_UNINSTALL
TM FilePacker—>C:Program FilesTM FilePackerUninstall.exe
uTorrent [tfile.ru edition]—>C:Program FilesuTorrent [tfile.ru]uninstall.exe
VirtualNetwork—>»C:Program FilesVirtualNetworkUninstall.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Говорит и показывает Фотошоп 1.0—>»C:PhotoshopTVunins000.exe»
Птички на проводе—>C:Program FilesReadMe.ruПтички на проводеuninstal.exe
Расширенный выпуск Microsoft Office 2000—>MsiExec.exe /I{00000419-78E1-11D2-B60F-006097C998E7}
Страна пазлов—>C:Program FilesAlawar.ruСтрана пазловUninstall.exe=====HijackThis Backups=====
O4 — HKCU..Run: [Internet Antivirus Pro] «C:program filesInternet Antivirus ProIAPro.exe» /s
O4 — HKCU..Run: [Microsoft Windows logon process] C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe======Security center information======
AV: ESET NOD32 Antivirus 3.0
======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesAlky for ApplicationsLibraries
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
«PROCESSOR_REVISION»=0a00
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«OPENSSL_CONF»=C:OpenSSLbinopenssl.cnf
EOF
Logfile of random’s system information tool 1.04 (written by random/random)
Run by User at 2008-11-23 17:49:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (27%) free of 76 GB
Total RAM: 511 MB (19% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:50, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
c:program filesInternet Antivirus ProIAPro.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesRapidshare DownloaderRD.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsUserDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daemon-search.com/startpage
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: flashget urlcatch — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — C:Program FilesRapidshare Downloaderjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACEcli.exe» runtime -Delay
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Flashget] C:Program FilesRapidshare DownloaderRD.exe /min
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe»
O4 — HKCU..Run: [Internet Antivirus Pro] «c:program filesInternet Antivirus ProIAPro.exe» /s
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Download All with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_all.htm
O8 — Extra context menu item: &Download with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_link.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) — file://C:Program FilesWindows SidebarGadgetsxplugCam.gadgeten-USxplug.ocx
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 — HKLMSystemCCSServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS1ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS2ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O23 — Service: Ad-Aware 2007 Service (aawservice) — Lavasoft AB — C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Guard Service (ITGrdEngine) — Unknown owner — C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe—
End of file — 7589 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl — C:Program FilesRapidshare Downloaderjccatch.dll [2007-03-27 75528][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-23 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a33fa729-d155-4b23-842b-2c665ecabdb6}]
The Pirate Bay Toolbar — C:Program FilesThe_Pirate_BaytbThe_.dll [2008-06-03 1542168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-23 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-23 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{a33fa729-d155-4b23-842b-2c665ecabdb6} — The Pirate Bay Toolbar — C:Program FilesThe_Pirate_BaytbThe_.dll [2008-06-03 1542168][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-01-08 68640]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-01-08 52256]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-01 153136]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-02-26 65024]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACEcli.exe [2006-01-02 45056]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2007-12-21 1443072]
«Flashget»=C:Program FilesRapidshare DownloaderRD.exe [2007-03-27 1708032]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-23 136600][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-05-16 153136]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2007-12-29 486856]
«Internet Antivirus Pro»=c:program filesInternet Antivirus ProIAPro.exe [2008-11-22 1373696]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-03-21 61440][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkclient32]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvsmon]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoDriveAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7344381a-210d-11dd-87fc-000c76334b75}]
shellAutoRuncommand — F:intro.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b0518c03-236e-11dc-ac82-806d6172696f}]
shellAutoRuncommand — D:setup.exe======List of files/folders created in the last 1 months======
2008-11-23 17:49:38 —-D—- C:rsit
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32javaws.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32javaw.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32java.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32deploytk.dll
2008-11-23 16:54:51 —-D—- C:Program FilesJava
2008-11-23 16:51:21 —-D—- C:Documents and SettingsUserApplication DataSun
2008-11-23 16:23:13 —-D—- C:Program FilesTrend Micro
2008-11-23 14:58:08 —-SHD—- C:RECYCLER
2008-11-23 14:48:57 —-D—- C:WINDOWStemp
2008-11-23 14:43:54 —-D—- C:WINDOWSERDNT
2008-11-22 19:36:40 —-A—- C:WINDOWSsystem32log.txt
2008-11-22 19:36:21 —-D—- C:Documents and SettingsUserApplication DataInternet Antivirus Pro
2008-11-22 19:36:06 —-D—- C:Program FilesInternet Antivirus Pro
2008-11-21 15:47:17 —-A—- C:Program FilesCommon Filesfile.exe
2008-11-21 15:02:34 —-A—- C:Program FilesCommon FilesInternetAntivirusPro.exe
2008-10-28 21:15:14 —-A—- C:WINDOWSWar3Unin.exe
2008-10-28 21:11:53 —-D—- C:Program FilesWarcraft III======List of files/folders modified in the last 1 months======
2008-11-23 17:49:43 —-D—- C:WINDOWSPrefetch
2008-11-23 17:48:14 —-D—- C:Program FilesMozilla Firefox
2008-11-23 17:48:07 —-D—- C:WINDOWS
2008-11-23 17:45:28 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-23 17:44:51 —-D—- C:Program FilesRapidshare Downloader
2008-11-23 16:56:11 —-SHD—- C:WINDOWSInstaller
2008-11-23 16:55:12 —-D—- C:WINDOWSsystem32
2008-11-23 16:54:51 —-RD—- C:Program Files
2008-11-23 14:57:38 —-SHD—- C:System Volume Information
2008-11-23 14:57:38 —-D—- C:WINDOWSsystem32Restore
2008-11-23 14:57:17 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-23 14:47:44 —-A—- C:WINDOWSsystem.ini
2008-11-23 14:46:09 —-D—- C:WINDOWSsystem32drivers
2008-11-23 14:46:07 —-D—- C:WINDOWSAppPatch
2008-11-23 14:46:07 —-D—- C:Program FilesCommon Files
2008-11-23 03:34:38 —-D—- C:Downloads
2008-11-22 00:35:40 —-D—- C:WINDOWSsystem32CatRoot2
2008-11-17 22:26:53 —-A—- C:WINDOWSNeroDigital.ini
2008-11-17 03:10:38 —-D—- C:Documents and SettingsUserApplication DatauTorrent
2008-11-09 22:29:56 —-D—- C:Program Filesloads
2008-11-07 20:42:33 —-D—- C:Documents and SettingsAll UsersApplication DataDVD Shrink
2008-10-29 09:51:19 —-SHD—- C:WINDOWSCSC
2008-10-28 18:29:23 —-D—- C:Program FilesWarcraft 3 — Frozen Throne======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; C:WINDOWSsystem32DRIVERSamdk7.sys [2004-08-03 37376]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2007-12-21 33800]
R1 PCISys;PCISys; C:WINDOWSsystem32driverspcisys.sys [2007-08-28 39520]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2007-12-21 39944]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-02-26 611820]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-03-21 1522688]
R3 gdihook5;gdihook5; C:WINDOWSsystem32DRIVERSgdihook5.sys [2007-07-20 31328]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENET.sys [2002-11-27 80896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 a5r3vr87;a5r3vr87; C:WINDOWSsystem32driversa5r3vr87.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WINDOWSSystem32DRIVERSASPI32.sys []
S3 catchme;catchme; ??C:DOCUME~1UserLOCALS~1Tempcatchme.sys []
S3 GMSIPCI;GMSIPCI; C:WINDOWSsystem32driversGMSIPCI.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 NTACCESS;NTACCESS; C:WINDOWSsystem32driversNTACCESS.sys []
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2007-12-27 47360]
S3 Profos;Profos; C:WINDOWSsystem32driversProfos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:WINDOWSsystem32DRIVERSse27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:WINDOWSsystem32DRIVERSse27unic.sys [2006-04-28 90800]
S3 sermouse;Serial Mouse Driver; C:WINDOWSsystem32DRIVERSsermouse.sys [2001-08-17 17664]
S3 SetupNTGLM7X;SetupNTGLM7X; C:WINDOWSsystem32driversSetupNTGLM7X.sys []
S3 Trufos;Trufos; C:WINDOWSsystem32driversTrufos.sys []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2004-08-11 18944]
S3 ZDCndis5;ZDCndis5 Protocol Driver; C:WINDOWSsystem32driversZDCndis5.sys []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversZDPSp50.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:Program FilesLavasoftAd-Aware 2007aawservice.exe [2007-06-07 561152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-03-21 405504]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 ITGrdEngine;Guard Service; C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe [2008-11-22 202240]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-23 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-08 171040]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-05-16 271920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-03-17 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-09-14 654848]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-04-13 792112]
EOF
Выглядит получше, но есть ещё над чем работать.
Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.Жду от вас:
— MBAM лог
— свежие RSIT логи.Здравствуйте Valeri! Все сделал как вы сказали, нашло 30 заражений, но значки не исчезли (перезагрузку я не делал)
вот то что вы просилиMalwarebytes’ Anti-Malware 1.30
Версия базы данных: 1419
Windows 5.1.2600 Service Pack 224.11.2008 15:49:27
mbam-log-2008-11-24 (15-49-27).txtТип проверки: Быстрая
Проверено объектов: 47654
Прошло времени: 3 minute(s), 42 second(s)Заражено процессов в памяти: 1
Заражено модулей в памяти: 0
Заражено ключей реестра: 9
Заражено значений реестра: 1
Заражено параметров реестра: 0
Заражено папок: 5
Заражено файлов: 14Заражено процессов в памяти:
c:program filesInternet Antivirus ProIAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOTbho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTbitaccelerator.bitaccelerator.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{37fb07d0-16b8-4975-a848-1db62fee0048} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{76bfb9cf-a8ab-4826-b2ab-02e04a202c73} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppID{f38636ed-e66e-4a37-822e-0c01f64d6605} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallInternet Antivirus Pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppIDwindivx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTwindivx.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRuninternet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
C:Program FilesInternet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Prodb (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesConnectionServices (Adware.BHO) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prodb (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.Заражено файлов:
C:Program FilesInternet Antivirus ProIAPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesInternet Antivirus Proworking.log (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesConnectionServicesUninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prosettings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prouill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prounins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus ProUninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus Prodbconfig.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataInternet Antivirus ProdbUrls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Program FilesCommon FilesInternetAntivirusPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllsys.dll (Stolen.Data) -> Quarantined and deleted successfully.
C:Program FilesCommon Filesfile.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowspguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:Documents and SettingsUserApplication DataMicrosoftWindowswinlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.Logfile of random’s system information tool 1.04 (written by random/random)
Run by User at 2008-11-24 15:50:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (22%) free of 76 GB
Total RAM: 511 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:16, on 24.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesRapidshare DownloaderRD.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsUserDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daemon-search.com/startpage
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: flashget urlcatch — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — C:Program FilesRapidshare Downloaderjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACEcli.exe» runtime -Delay
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Flashget] C:Program FilesRapidshare DownloaderRD.exe /min
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Download All with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_all.htm
O8 — Extra context menu item: &Download with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_link.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) — file://C:Program FilesWindows SidebarGadgetsxplugCam.gadgeten-USxplug.ocx
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 — HKLMSystemCCSServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS1ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS2ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O23 — Service: Ad-Aware 2007 Service (aawservice) — Lavasoft AB — C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Guard Service (ITGrdEngine) — Unknown owner — C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe—
End of file — 7447 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl — C:Program FilesRapidshare Downloaderjccatch.dll [2007-03-27 75528][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-23 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a33fa729-d155-4b23-842b-2c665ecabdb6}]
The Pirate Bay Toolbar — C:Program FilesThe_Pirate_BaytbThe_.dll [2008-06-03 1542168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-23 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-23 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{a33fa729-d155-4b23-842b-2c665ecabdb6} — The Pirate Bay Toolbar — C:Program FilesThe_Pirate_BaytbThe_.dll [2008-06-03 1542168][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-01-08 68640]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-01-08 52256]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-01 153136]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-02-26 65024]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACEcli.exe [2006-01-02 45056]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2007-12-21 1443072]
«Flashget»=C:Program FilesRapidshare DownloaderRD.exe [2007-03-27 1708032]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-23 136600][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2008-10-22 399504][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-05-16 153136]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2007-12-29 486856]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-03-21 61440][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkclient32]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvsmon]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoDriveAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7344381a-210d-11dd-87fc-000c76334b75}]
shellAutoRuncommand — F:intro.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b0518c03-236e-11dc-ac82-806d6172696f}]
shellAutoRuncommand — D:setup.exe======List of files/folders created in the last 1 months======
2008-11-24 15:41:20 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2008-11-24 15:41:13 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-11-24 15:41:12 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-11-23 23:52:21 —-SHD—- C:RECYCLER
2008-11-23 23:03:05 —-D—- C:ComboFix
2008-11-23 22:55:19 —-A—- C:ComboFix.txt
2008-11-23 17:49:38 —-D—- C:rsit
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32javaws.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32javaw.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32java.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32deploytk.dll
2008-11-23 16:54:51 —-D—- C:Program FilesJava
2008-11-23 16:51:21 —-D—- C:Documents and SettingsUserApplication DataSun
2008-11-23 16:23:13 —-D—- C:Program FilesTrend Micro
2008-11-23 14:48:57 —-D—- C:WINDOWStemp
2008-11-23 14:43:54 —-D—- C:WINDOWSERDNT
2008-11-22 19:36:40 —-A—- C:WINDOWSsystem32log.txt
2008-10-28 21:15:14 —-A—- C:WINDOWSWar3Unin.exe
2008-10-28 21:11:53 —-D—- C:Program FilesWarcraft III======List of files/folders modified in the last 1 months======
2008-11-24 15:49:27 —-RD—- C:Program Files
2008-11-24 15:49:26 —-D—- C:WINDOWSsystem32
2008-11-24 15:49:26 —-D—- C:Program FilesCommon Files
2008-11-24 15:45:21 —-D—- C:Program FilesRapidshare Downloader
2008-11-24 15:44:35 —-D—- C:Program FilesMozilla Firefox
2008-11-24 15:41:20 —-D—- C:WINDOWSPrefetch
2008-11-24 15:41:17 —-D—- C:WINDOWSsystem32drivers
2008-11-24 13:42:16 —-D—- C:WINDOWSsystem32CatRoot2
2008-11-24 13:34:58 —-D—- C:Downloads
2008-11-24 12:50:58 —-A—- C:WINDOWSNeroDigital.ini
2008-11-24 11:09:43 —-D—- C:WINDOWS
2008-11-24 03:32:07 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-23 23:03:27 —-SHD—- C:System Volume Information
2008-11-23 23:03:27 —-D—- C:WINDOWSsystem32Restore
2008-11-23 22:54:14 —-A—- C:WINDOWSsystem.ini
2008-11-23 22:53:14 —-D—- C:WINDOWSAppPatch
2008-11-23 16:56:11 —-SHD—- C:WINDOWSInstaller
2008-11-23 14:57:17 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-17 03:10:38 —-D—- C:Documents and SettingsUserApplication DatauTorrent
2008-11-09 22:29:56 —-D—- C:Program Filesloads
2008-11-07 20:42:33 —-D—- C:Documents and SettingsAll UsersApplication DataDVD Shrink
2008-10-29 09:51:19 —-SHD—- C:WINDOWSCSC
2008-10-28 18:29:23 —-D—- C:Program FilesWarcraft 3 — Frozen Throne======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; C:WINDOWSsystem32DRIVERSamdk7.sys [2004-08-03 37376]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2007-12-21 33800]
R1 PCISys;PCISys; C:WINDOWSsystem32driverspcisys.sys [2007-08-28 39520]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2007-12-21 39944]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-02-26 611820]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-03-21 1522688]
R3 gdihook5;gdihook5; C:WINDOWSsystem32DRIVERSgdihook5.sys [2007-07-20 31328]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENET.sys [2002-11-27 80896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 ashuolkf;ashuolkf; C:WINDOWSsystem32driversashuolkf.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WINDOWSSystem32DRIVERSASPI32.sys []
S3 GMSIPCI;GMSIPCI; C:WINDOWSsystem32driversGMSIPCI.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 NTACCESS;NTACCESS; C:WINDOWSsystem32driversNTACCESS.sys []
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2007-12-27 47360]
S3 Profos;Profos; C:WINDOWSsystem32driversProfos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:WINDOWSsystem32DRIVERSse27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:WINDOWSsystem32DRIVERSse27unic.sys [2006-04-28 90800]
S3 sermouse;Serial Mouse Driver; C:WINDOWSsystem32DRIVERSsermouse.sys [2001-08-17 17664]
S3 SetupNTGLM7X;SetupNTGLM7X; C:WINDOWSsystem32driversSetupNTGLM7X.sys []
S3 Trufos;Trufos; C:WINDOWSsystem32driversTrufos.sys []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2004-08-11 18944]
S3 ZDCndis5;ZDCndis5 Protocol Driver; C:WINDOWSsystem32driversZDCndis5.sys []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversZDPSp50.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:Program FilesLavasoftAd-Aware 2007aawservice.exe [2007-06-07 561152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-03-21 405504]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 ITGrdEngine;Guard Service; C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe [2008-11-22 202240]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-23 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-08 171040]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-05-16 271920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-03-17 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-09-14 654848]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-04-13 792112]
EOF
сделал перезагрузку, все исправилось проблем больше нет! 😛 Спасибо большое.
А с программами которые я устанавливал для этого, оставить или можно удалять?
Еще раз спасибо большое!Последний лог выглядит нормально, за исключением одного драйвера.
Удалим его.
Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите и скопируйте ниже приведённый текст в Input script Box:Drivers to delete:
ashuolkfКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ.Так же ещё раз выполните сканирование используя программу RSIT.
Жду от вас следующие логи:
— avenger лог
— RSIT логвот:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Error: registry key «RegistryMachineSystemCurrentControlSetServicesashuolkf» not found!
Deletion of driver «ashuolkf» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existCompleted script processing.
*******************
Finished! Terminate.
Logfile of random’s system information tool 1.04 (written by random/random)
Run by User at 2008-11-24 18:05:59
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (22%) free of 76 GB
Total RAM: 511 MB (25% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:04, on 24.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesRapidshare DownloaderRD.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsUserDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daemon-search.com/startpage
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: flashget urlcatch — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — C:Program FilesRapidshare Downloaderjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: The Pirate Bay Toolbar — {a33fa729-d155-4b23-842b-2c665ecabdb6} — C:Program FilesThe_Pirate_BaytbThe_.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACEcli.exe» runtime -Delay
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Flashget] C:Program FilesRapidshare DownloaderRD.exe /min
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Download All with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_all.htm
O8 — Extra context menu item: &Download with Rapidshare Downloader — C:Program FilesRapidshare Downloaderjc_link.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) — file://C:Program FilesWindows SidebarGadgetsxplugCam.gadgeten-USxplug.ocx
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 — HKLMSystemCCSServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS1ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O17 — HKLMSystemCS2ServicesTcpip..{049BBB46-3CC6-47DF-AC3B-FAC485223C61}: NameServer = 192.168.0.20
O23 — Service: Ad-Aware 2007 Service (aawservice) — Lavasoft AB — C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Guard Service (ITGrdEngine) — Unknown owner — C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe—
End of file — 7448 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl — C:Program FilesRapidshare Downloaderjccatch.dll [2007-03-27 75528][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-23 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a33fa729-d155-4b23-842b-2c665ecabdb6}]
The Pirate Bay Toolbar — C:Program FilesThe_Pirate_BaytbThe_.dll [2008-06-03 1542168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-23 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-23 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{a33fa729-d155-4b23-842b-2c665ecabdb6} — The Pirate Bay Toolbar — C:Program FilesThe_Pirate_BaytbThe_.dll [2008-06-03 1542168][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-01-08 68640]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-01-08 52256]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-01 153136]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-02-26 65024]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACEcli.exe [2006-01-02 45056]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2007-12-21 1443072]
«Flashget»=C:Program FilesRapidshare DownloaderRD.exe [2007-03-27 1708032]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-23 136600][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-05-16 153136]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2007-12-29 486856]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-03-21 61440][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkclient32]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvsmon]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoDriveAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7344381a-210d-11dd-87fc-000c76334b75}]
shellAutoRuncommand — F:intro.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b0518c03-236e-11dc-ac82-806d6172696f}]
shellAutoRuncommand — D:setup.exe======List of files/folders created in the last 1 months======
2008-11-24 17:59:37 —-D—- C:Avenger
2008-11-24 17:59:37 —-A—- C:avenger.txt
2008-11-24 15:41:20 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2008-11-24 15:41:13 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-11-24 15:41:12 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-11-23 23:52:21 —-SHD—- C:RECYCLER
2008-11-23 23:03:05 —-D—- C:ComboFix
2008-11-23 22:55:19 —-A—- C:ComboFix.txt
2008-11-23 17:49:38 —-D—- C:rsit
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32javaws.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32javaw.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32java.exe
2008-11-23 16:55:12 —-A—- C:WINDOWSsystem32deploytk.dll
2008-11-23 16:54:51 —-D—- C:Program FilesJava
2008-11-23 16:51:21 —-D—- C:Documents and SettingsUserApplication DataSun
2008-11-23 16:23:13 —-D—- C:Program FilesTrend Micro
2008-11-23 14:48:57 —-D—- C:WINDOWStemp
2008-11-23 14:43:54 —-D—- C:WINDOWSERDNT
2008-11-22 19:36:40 —-A—- C:WINDOWSsystem32log.txt
2008-10-28 21:15:14 —-A—- C:WINDOWSWar3Unin.exe
2008-10-28 21:11:53 —-D—- C:Program FilesWarcraft III======List of files/folders modified in the last 1 months======
2008-11-24 18:02:35 —-D—- C:Program FilesMozilla Firefox
2008-11-24 18:01:34 —-D—- C:WINDOWS
2008-11-24 17:59:37 —-D—- C:WINDOWSsystem32drivers
2008-11-24 17:58:24 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-24 17:57:54 —-D—- C:Program FilesRapidshare Downloader
2008-11-24 17:56:55 —-D—- C:WINDOWSPrefetch
2008-11-24 15:49:27 —-RD—- C:Program Files
2008-11-24 15:49:26 —-D—- C:WINDOWSsystem32
2008-11-24 15:49:26 —-D—- C:Program FilesCommon Files
2008-11-24 13:42:16 —-D—- C:WINDOWSsystem32CatRoot2
2008-11-24 13:34:58 —-D—- C:Downloads
2008-11-24 12:50:58 —-A—- C:WINDOWSNeroDigital.ini
2008-11-23 23:03:27 —-SHD—- C:System Volume Information
2008-11-23 23:03:27 —-D—- C:WINDOWSsystem32Restore
2008-11-23 22:54:14 —-A—- C:WINDOWSsystem.ini
2008-11-23 22:53:14 —-D—- C:WINDOWSAppPatch
2008-11-23 16:56:11 —-SHD—- C:WINDOWSInstaller
2008-11-23 14:57:17 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-17 03:10:38 —-D—- C:Documents and SettingsUserApplication DatauTorrent
2008-11-09 22:29:56 —-D—- C:Program Filesloads
2008-11-07 20:42:33 —-D—- C:Documents and SettingsAll UsersApplication DataDVD Shrink
2008-10-29 09:51:19 —-SHD—- C:WINDOWSCSC
2008-10-28 18:29:23 —-D—- C:Program FilesWarcraft 3 — Frozen Throne======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; C:WINDOWSsystem32DRIVERSamdk7.sys [2004-08-03 37376]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2007-12-21 33800]
R1 PCISys;PCISys; C:WINDOWSsystem32driverspcisys.sys [2007-08-28 39520]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2007-12-21 39944]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-02-26 611820]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-03-21 1522688]
R3 gdihook5;gdihook5; C:WINDOWSsystem32DRIVERSgdihook5.sys [2007-07-20 31328]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENET.sys [2002-11-27 80896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 a56ztnka;a56ztnka; C:WINDOWSsystem32driversa56ztnka.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WINDOWSSystem32DRIVERSASPI32.sys []
S3 GMSIPCI;GMSIPCI; C:WINDOWSsystem32driversGMSIPCI.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 NTACCESS;NTACCESS; C:WINDOWSsystem32driversNTACCESS.sys []
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2007-12-27 47360]
S3 Profos;Profos; C:WINDOWSsystem32driversProfos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:WINDOWSsystem32DRIVERSse27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:WINDOWSsystem32DRIVERSse27unic.sys [2006-04-28 90800]
S3 sermouse;Serial Mouse Driver; C:WINDOWSsystem32DRIVERSsermouse.sys [2001-08-17 17664]
S3 SetupNTGLM7X;SetupNTGLM7X; C:WINDOWSsystem32driversSetupNTGLM7X.sys []
S3 Trufos;Trufos; C:WINDOWSsystem32driversTrufos.sys []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2004-08-11 18944]
S3 ZDCndis5;ZDCndis5 Protocol Driver; C:WINDOWSsystem32driversZDCndis5.sys []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversZDPSp50.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:Program FilesLavasoftAd-Aware 2007aawservice.exe [2007-06-07 561152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-03-21 405504]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 ITGrdEngine;Guard Service; C:Documents and SettingsUserLocal SettingsApplication DataMicrosoftWindowsservices.exe [2008-11-22 202240]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-23 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-08 171040]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-05-16 271920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-03-17 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-09-14 654848]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-04-13 792112]
EOF
И еще раз большое спасибо!Прекрасно 🙂
Несколько завершающих действий.Удалите Combofix с вашего компьютера. Прочитайте следующее: Как правильно удалить combofix с компьютера.
Можете удалить все скачанные вами сканеры и небольшие утилиты, но оставьте Malwarebytes Anti-malware. Обновляйте эту программу время от времени, и выполняйте полное сканирование компьютера раз в неделю.
Установите программу Spybot Search and Destroy, это довольно неплохая дополнительная защита.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
