• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Помощь)))
Adguard
 

Помощь)))

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Помощь)))

  • This topic has 5 ответов, 2 участника, and was last updated 15 years, 8 months назад by klolik.
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Автор
    Сообщения
  • 17 февраля, 2010 в 1:19 пп #18017
    klolik
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    У моего брата попал вирус вин 32 на комп (инета у него нет), я вроде все почистил там но после перезагрузки комп вопще всбесился начинает гаснуть экран после 4 — 5 мин пользования. Я незна как с этим боротса прошу расмотреть мою проблему. Вот я полистал некоторые темы и решыл сразу зделать отчеты:

    17 февраля, 2010 в 1:20 пп #28586
    klolik
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    ИНФО

    info.txt logfile of random’s system information tool 1.06 2010-02-17 14:16:02

    ======Uninstall list======

    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
    Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
    Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Photoshop CS2 Russian—>C:Program FilesAdobeAdobe Photoshop CS2Uninst.exe /pid:{D78CB7CC-1960-4B45-A098-05A9212BC360} /asd
    Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 7.0.5—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
    Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    ArchiCAD 11 INT—>C:Program FilesGraphisoftArchiCAD 11Uninstall.ACuninstaller.exe
    ArchiCAD 12 INT—>C:Program FilesGraphisoftArchiCAD 12Uninstall.ACuninstaller.exe
    ArchiGlazing for ArchiCAD 12 INT—>C:Program FilesGraphisoftArchiCAD 12Uninstall.AGuninstaller.exe
    Artlantis Studio 2.1—>C:Program FilesArtlantis Studio 2uninst.exe
    AutoCAD 2006 — English—>MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
    Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
    avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
    Compact Wireless-G USB Adapter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F855C3AE-992D-4B84-A09D-07103CDCDAC2}setup.exe» -l0x9
    DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
    fitW (fine tuning of Windows) 4.4.5.5100—>C:Program FilesfitW (fine tuning of Windows)uninst.exe
    GOM Player—>»C:Program FilesGRETECHGomPlayerUninstall.exe»
    Google Earth—>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Heroes of Might and Magic V—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CB9A636A-AF2D-4B03-AE8B-8FE99AC197E8}setup.exe» -l0x19
    HijackThis 2.0.2—>»H:аааHiJackThisHijackThis.exe» /uninstall
    Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    K-Lite Codec Pack 5.3.4 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
    KMP-Player 2.9.3.1430—>»C:Program FilesThe KMPlayerunins000.exe»
    Mathcad 14 Help—>MsiExec.exe /I{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}
    Mathcad 14 Resource Center—>MsiExec.exe /I{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}
    Mathcad 14—>MsiExec.exe /I{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}
    Mathcad 2001 Professional—>MsiExec.exe /X{31A38B62-9168-4052-920A-F1405F43FEA8}
    Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
    Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mozilla Firefox (1.5)—>C:WINDOWSUninstallFirefox.exe /ua «1.5 (en-US)»
    NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
    QuickTime Alternative 1.67—>»C:Program FilesQuickTime Alternativeunins000.exe»
    Reg Organizer 5.0 Beta 1—>»C:Program FilesReg Organizerunins000.exe»
    Registrar Registry Manager 6.50—>»C:Program FilesRegistrar Registry Managerunins000.exe»
    SE A3 USB 1200 Pro v1.0—>C:PROGRA~1SCANEX~1DriverUNINST.EXE
    SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe»
    WIBU-KEY Setup (WIBU-KEY Remove)—>C:Program FilesWIBUKEYSetupSetup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
    Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
    Герои Меча и Магии 3.5: Во имя Богов—>C:WINDOWSIsUn0419.exe -fe:geroiUninst.isu
    Карта Москвы MosMap v. 3.1 Lite —>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32mosmap.wsi
    Соло на Клавиатуре 9.0—>C:Program FilesTrenagiorSolo9Uninstall.exe
    Яндекс.Бар для Internet Explorer 3.1.1—>»C:Program FilesYandexYandexBarIEunins000.exe»

    ======Security center information======

    AV: avast! antivirus 4.8.1356 [VPS 090924-0] (outdated)

    ======System event log======

    Computer Name: ILLYA
    Event Code: 7
    Message: The device, DeviceCdRom0, has a bad block.

    Record Number: 14769
    Source Name: Cdrom
    Time Written: 20100107132023.000000+000
    Event Type: error
    User:

    Computer Name: ILLYA
    Event Code: 7
    Message: The device, DeviceCdRom0, has a bad block.

    Record Number: 14768
    Source Name: Cdrom
    Time Written: 20100107132017.000000+000
    Event Type: error
    User:

    Computer Name: ILLYA
    Event Code: 7
    Message: The device, DeviceCdRom0, has a bad block.

    Record Number: 14767
    Source Name: Cdrom
    Time Written: 20100107132011.000000+000
    Event Type: error
    User:

    Computer Name: ILLYA
    Event Code: 7
    Message: The device, DeviceCdRom0, has a bad block.

    Record Number: 14766
    Source Name: Cdrom
    Time Written: 20100107132004.000000+000
    Event Type: error
    User:

    Computer Name: ILLYA
    Event Code: 7
    Message: The device, DeviceCdRom0, has a bad block.

    Record Number: 14765
    Source Name: Cdrom
    Time Written: 20100107131957.000000+000
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: ILLYA
    Event Code: 1000
    Message: Faulting application h3wog.exe, version 3.2.0.0, faulting module mp3dec.asi, version 3.0.0.0, fault address 0x000076f1.

    Record Number: 904
    Source Name: Application Error
    Time Written: 20091116203615.000000+000
    Event Type: error
    User:

    Computer Name: ILLYA
    Event Code: 1000
    Message: Faulting application h3wog.exe, version 3.2.0.0, faulting module mp3dec.asi, version 3.0.0.0, fault address 0x000076f1.

    Record Number: 903
    Source Name: Application Error
    Time Written: 20091116191501.000000+000
    Event Type: error
    User:

    Computer Name: ILLYA
    Event Code: 1517
    Message: Windows saved user ILLYAillya registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 901
    Source Name: Userenv
    Time Written: 20091116172455.000000+000
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    Computer Name: ILLYA
    Event Code: 1517
    Message: Windows saved user ILLYAillya registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 899
    Source Name: Userenv
    Time Written: 20091115224805.000000+000
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    Computer Name: ILLYA
    Event Code: 1517
    Message: Windows saved user ILLYAillya registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 895
    Source Name: Userenv
    Time Written: 20091115191317.000000+000
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAdobeAGL;C:Program FilesCommon FilesAutodesk Shared
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=15
    «PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    «PROCESSOR_REVISION»=0209
    «NUMBER_OF_PROCESSORS»=2
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP
    «SAFEBOOT_OPTION»=MINIMAL

    EOF

    17 февраля, 2010 в 1:22 пп #28585
    klolik
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    ЛОГ

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by illya at 2010-02-17 14:19:15
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 869 MB (5%) free of 16 GB
    Total RAM: 767 MB (76% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:19:17, on 17.02.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesReg OrganizerRegOrganizer.exe
    C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
    C:WINDOWSsystem325C935C654A3E.EXE
    H:аааRSIT.exe
    H:аааHiJackThisillya.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
    R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
    R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Service Pack 3 Internet Explorer
    R3 — URLSearchHook: (no name) — — (no file)
    O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
    O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
    O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
    O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
    O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    O4 — HKLM..Run: [nwiz] nwiz.exe /install
    O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
    O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre1.6.0_07binjusched.exe»
    O4 — HKLM..Run: [FineReader7NewsReaderPro] C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe
    O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
    O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
    O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
    O4 — HKUSS-1-5-20..Run: [msnsc] C:WINDOWSsystem32msnsc.exe (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-20..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [msnsc] C:WINDOWSsystem32msnsc.exe (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [msnsc] C:WINDOWSsystem32msnsc.exe (User ‘Default user’)
    O4 — HKUS.DEFAULT..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘Default user’)
    O4 — Startup: 654A3E.lnk = C:WINDOWSsystem325C935C654A3E.EXE
    O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O4 — Startup: PowerReg SchedulerV2.exe
    O4 — Startup: setup_9.0.0.722_20.01.2010_19-55.lnk = C:Documents and SettingsillyaDesktopVirus Removal Toolsetup_9.0.0.722_20.01.2010_19-55startup.exe
    O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
    O4 — Global Startup: SrvMod.lnk = C:WINDOWStwain_32L12U16U2SrvMod.exe
    O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
    O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
    O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
    O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
    O17 — HKLMSystemCCSServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
    O17 — HKLMSystemCS1ServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
    O17 — HKLMSystemCS2ServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
    O17 — HKLMSystemCS3ServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
    O18 — Protocol: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — C:PROGRA~1TRENAG~1Solo9SoloRes.dll
    O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
    O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
    O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
    O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
    O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
    O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
    O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
    O23 — Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) — Analog Devices, Inc. — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
    O23 — Service: WUSB54GCSVC — GEMTEKS — C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe

    —
    End of file — 5884 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAt1.job
    C:WINDOWStasksAt2.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-08-08 691656]
    {91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-14 1115400]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-11-11 7311360]
    «nwiz»=nwiz.exe /install []
    «NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-11-11 86016]
    «SoundMAXPnP»=C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe [2003-05-29 860160]
    «SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 218512]
    «FineReader7NewsReaderPro»=C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-09-12 278528]
    «KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
    «avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-09-15 81000]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-01-13 15360]
    «DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
    «Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-14 538376]

    C:Documents and SettingsAll UsersStart MenuProgramsStartup
    AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
    SrvMod.lnk — C:WINDOWStwain_32L12U16U2SrvMod.exe

    C:Documents and SettingsillyaStart MenuProgramsStartup
    654A3E.lnk — C:WINDOWSsystem325C935C654A3E.EXE
    Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    PowerReg SchedulerV2.exe
    setup_9.0.0.722_20.01.2010_19-55.lnk — C:Documents and SettingsillyaDesktopVirus Removal Toolsetup_9.0.0.722_20.01.2010_19-55startup.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2006-01-13 239616]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1
    «EnableLUA»=0

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145
    «Nofolderoptions»=1

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «Nofolderoptions»=

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»
    «C:WINDOWStwain_32L12U16U2SrvMod.exe»=»C:WINDOWStwain_32L12U16U2SrvMod.exe:*:Enabled:ipsec»
    «C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe»=»C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ipsec»
    «C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe»=»C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe:*:Enabled:Adobe Photoshop CS2»
    «I:autoply.exe»=»I:autoply.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32nwiz.exe»=»C:WINDOWSsystem32nwiz.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32AT.exe»=»C:WINDOWSsystem32AT.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32logon.scr»=»C:WINDOWSsystem32logon.scr:*:Enabled:ipsec»
    «C:WINDOWSsystem32RUNDLL32.EXE»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:ipsec»
    «C:Program FilesDAEMON Tools Litedaemon.exe»=»C:Program FilesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
    «C:WINDOWSExplorer.exe»=»C:WINDOWSExplorer.exe:*:Enabled:ipsec»
    «C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe»=»C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe:*:Enabled:ipsec»
    «C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe»=»C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe:*:Enabled:ipsec»
    «C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe»=»C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe:*:Enabled:ipsec»
    «C:Program FilesJavajre1.6.0_07binjusched.exe»=»C:Program FilesJavajre1.6.0_07binjusched.exe:*:Enabled:ipsec»
    «C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe»=»C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe:*:Enabled:ipsec»
    «C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32mshta.exe»=»C:WINDOWSsystem32mshta.exe:*:Enabled:ipsec»
    «H:yncuwr.exe»=»H:yncuwr.exe:*:Enabled:ipsec»
    «C:Program FilesCommon FilesYandexYupdateyupdate.exe»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32dumprep.exe»=»C:WINDOWSsystem32dumprep.exe:*:Enabled:ipsec»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{16a310dd-ce94-11dd-a882-001c10642930}]
    shellAutoRuncommand — H:rezjch.exe
    shellexplorecommand — H:rezjch.exe
    shellopencommand — H:rezjch.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{36297db5-d488-11dd-a88a-001c10642930}]
    shellAuToPlaycommand — H:
    shellAutoRuncommand — H:qnypl.pif
    shellExplOrecommand — H:
    shellOpEncommand — H:

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a79801fd-4dc7-11de-a94a-00112f910a3b}]
    shellAutoPlaycommand — H:
    shellAutoRuncommand — H:autoply.exe OPEN
    shellexplorecommand — H:
    shellopencommand — H:autoply.exe OPEN

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab08a035-e35e-11de-aa51-00112f910a3b}]
    shellAutoRuncommand — H:curice/elena.exe
    shellexplorecommand — H:curice/elena.exe
    shellopencommand — H:curice/elena.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b6aa8488-c85d-11dd-a87b-00112f910a3b}]
    shellAutoRuncommand — H:LaunchU3.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b96ff040-f94a-11dd-a8d5-00112f910a3b}]
    shellAutoRuncommand — H:dtprnv.exe
    shellexplorecommand — H:dtprnv.exe
    shellopencommand — H:dtprnv.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd88e6b6-059b-11de-a8ea-00112f910a3b}]
    shellAutoRuncommand — K:curice/elena.exe
    shellexplorecommand — K:curice/elena.exe
    shellopencommand — K:curice/elena.exe

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa37e390-c0a0-11dd-a86b-001c10642930}]
    shellAutoRuncommand — I:curice/elena.exe
    shellexplorecommand — I:curice/elena.exe
    shellopencommand — I:curice/elena.exe

    ======File associations======

    .scr — open — «c:WINDOWSsystem32notepad.exe» «%1»
    .scr — install —
    .scr — config —

    ======List of files/folders created in the last 1 months======

    2010-02-17 14:15:57 —-D—- C:rsit
    2010-02-17 14:10:33 —-D—- C:WINDOWSLastGood
    2010-02-17 14:07:46 —-HD—- C:WINDOWSPIF
    2010-02-11 15:20:38 —-D—- C:WINDOWSCSC
    2010-01-30 19:24:03 —-D—- C:Коктебель12.01.10
    2010-01-30 19:20:20 —-D—- C:Документи

    ======List of files/folders modified in the last 1 months======

    2010-02-17 14:12:01 —-D—- C:WINDOWSsystem32drivers
    2010-02-17 14:12:01 —-A—- C:WINDOWSntbtlog.txt
    2010-02-17 14:10:46 —-HD—- C:WINDOWSinf
    2010-02-17 14:10:33 —-D—- C:WINDOWS
    2010-02-17 14:08:01 —-HD—- C:WINDOWSsystem325C935C
    2010-02-17 14:07:50 —-D—- C:WINDOWSsystem32CatRoot2
    2010-02-17 12:59:21 —-D—- C:WINDOWSsystem32config
    2010-02-17 12:51:56 —-D—- C:WINDOWSTemp
    2010-02-17 12:51:56 —-D—- C:WINDOWSMinidump
    2010-02-12 00:21:38 —-A—- C:WINDOWSSchedLgU.Txt
    2010-02-11 19:01:30 —-D—- C:WINDOWSsystem32
    2010-02-11 09:46:35 —-RD—- C:Program Files
    2010-01-30 19:30:13 —-HD—- C:Program FilesInstallShield Installation Information

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2009-04-08 8704]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-01-06 27008]
    R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-01-06 57856]
    R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2006-01-06 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-01-06 20480]
    S1 42991041;42991041; C:WINDOWSsystem32DRIVERS42991041.sys [2009-09-25 128016]
    S1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-09-15 27408]
    S1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-09-15 114768]
    S1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-09-15 52368]
    S1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-01-13 36096]
    S1 setup_9.0.0.722_20.01.2010_19-55drv;setup_9.0.0.722_20.01.2010_19-55drv; C:WINDOWSsystem32DRIVERS4299104.sys [2009-10-09 315408]
    S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-11-27 20747]
    S2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-09-15 20560]
    S2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-09-15 94160]
    S2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibuKey.sys [2007-05-09 72704]
    S3 abp470n5;abp470n5; C:WINDOWSsystem32driversabp470n5.sys []
    S3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2003-03-13 100224]
    S3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-09-15 23152]
    S3 awl3v0pn;awl3v0pn; C:WINDOWSsystem32driversawl3v0pn.sys []
    S3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2006-01-13 9600]
    S3 MidiSyn;MidiSyn; C:WINDOWSsystem32driversMidiSyn.sys [2002-09-20 235100]
    S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-01-13 12160]
    S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-11-11 3532928]
    S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:WINDOWSsystem32DRIVERSrt73.sys [2005-11-24 245248]
    S3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2003-06-02 578304]
    S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2006-01-06 15104]
    S3 utqzndi4;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutqzndi4.sys []
    S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-09-19 241280]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 sr;System Restore Filter Driver; C:WINDOWSsystem32DRIVERSsr.sys [2006-01-13 73472]
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2006-01-13 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    S2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-09-15 18752]
    S2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-09-15 138680]
    S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-11-11 131139]
    S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:Program FilesAnalog DevicesSoundMAXSMAgent.exe [2002-09-20 45056]
    S2 WUSB54GCSVC;WUSB54GCSVC; C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe [2005-07-04 53307]
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-12-05 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-09-14 77944]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-09-15 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-09-15 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
    S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2006-01-13 38912]

    EOF

    17 февраля, 2010 в 8:41 пп #28587
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    Компьютер заражён autorun.inf трояном.
    Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

    * Отключите ваш антивирус.
    * Скачайте и запустите Flash_Disinfector.
    * По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

    Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

    Скачайте OTM by OldTimer кликнув по этой ссылке.
    Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

    :reg
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{16a310dd-ce94-11dd-a882-001c10642930}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{36297db5-d488-11dd-a88a-001c10642930}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a79801fd-4dc7-11de-a94a-00112f910a3b}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab08a035-e35e-11de-aa51-00112f910a3b}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b6aa8488-c85d-11dd-a87b-00112f910a3b}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b96ff040-f94a-11dd-a8d5-00112f910a3b}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd88e6b6-059b-11de-a8ea-00112f910a3b}]
    
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa37e390-c0a0-11dd-a86b-001c10642930}]
    

    
:files
    
C:WINDOWStasksAt1.job
    
C:WINDOWStasksAt2.job
    
C:Documents and SettingsAll UsersStart MenuProgramsStartupSrvMod.lnk
    
C:Documents and SettingsillyaStart MenuProgramsStartup654A3E.lnk
    
C:WINDOWSsystem325C935C654A3E.EXE
    

    
:Commands
    
[emptytemp]
    
[Reboot]

    Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
    По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.

    Вставьте в ваше ответное сообщение содержимое этого лога. И свежий RSIT лог.

    18 февраля, 2010 в 10:55 дп #28588
    klolik
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    Это содержымое лога после введения кода

    All processes killed
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{16a310dd-ce94-11dd-a882-001c10642930} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{16a310dd-ce94-11dd-a882-001c10642930} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{36297db5-d488-11dd-a88a-001c10642930} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{36297db5-d488-11dd-a88a-001c10642930} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a79801fd-4dc7-11de-a94a-00112f910a3b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a79801fd-4dc7-11de-a94a-00112f910a3b} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab08a035-e35e-11de-aa51-00112f910a3b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ab08a035-e35e-11de-aa51-00112f910a3b} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b6aa8488-c85d-11dd-a87b-00112f910a3b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{b6aa8488-c85d-11dd-a87b-00112f910a3b} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b96ff040-f94a-11dd-a8d5-00112f910a3b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{b96ff040-f94a-11dd-a8d5-00112f910a3b} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd88e6b6-059b-11de-a8ea-00112f910a3b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{dd88e6b6-059b-11de-a8ea-00112f910a3b} not found.
    Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa37e390-c0a0-11dd-a86b-001c10642930} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{fa37e390-c0a0-11dd-a86b-001c10642930} not found.
    ========== FILES ==========
    File/Folder C:WINDOWStasksAt1.job not found.
    File/Folder C:WINDOWStasksAt2.job not found.
    C:Documents and SettingsAll UsersStart MenuProgramsStartupSrvMod.lnk moved successfully.
    C:Documents and SettingsillyaStart MenuProgramsStartup654A3E.lnk moved successfully.
    C:WINDOWSsystem325C935C654A3E.EXE moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: illya
    ->Temp folder emptied: 15544620 bytes
    ->Temporary Internet Files folder emptied: 4576236 bytes
    ->Java cache emptied: 46111 bytes
    ->FireFox cache emptied: 55110203 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2142714 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1368107 bytes
    %systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
    %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 75,00 mb

    OTM by OldTimer — Version 3.1.8.0 log created on 02182010_114808

    Files moved on Reboot…
    C:WINDOWStempPerflib_Perfdata_530.dat moved successfully.

    Registry entries deleted on Reboot…

    18 февраля, 2010 в 10:56 дп #28589
    klolik
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    А это лог от РСИТ

    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by illya at 2010-02-18 11:51:19
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 3 GB (16%) free of 16 GB
    Total RAM: 767 MB (59% free)

    HijackThis download failed

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-08-08 691656]
    {91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-14 1115400]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-11-11 7311360]
    «nwiz»=nwiz.exe /install []
    «NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-11-11 86016]
    «SoundMAXPnP»=C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe [2003-05-29 860160]
    «SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 218512]
    «FineReader7NewsReaderPro»=C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-09-12 278528]
    «KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
    «avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-09-15 81000]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-01-13 15360]
    «DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
    «Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-14 538376]

    C:Documents and SettingsAll UsersStart MenuProgramsStartup
    AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe

    C:Documents and SettingsillyaStart MenuProgramsStartup
    Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    PowerReg SchedulerV2.exe
    setup_9.0.0.722_20.01.2010_19-55.lnk — C:Documents and SettingsillyaDesktopVirus Removal Toolsetup_9.0.0.722_20.01.2010_19-55startup.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2006-01-13 239616]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1
    «EnableLUA»=0

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=36
    «NoDriveAutoRun»=FFFFFFFF

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»
    «C:WINDOWStwain_32L12U16U2SrvMod.exe»=»C:WINDOWStwain_32L12U16U2SrvMod.exe:*:Enabled:ipsec»
    «C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe»=»C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ipsec»
    «C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe»=»C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe:*:Enabled:Adobe Photoshop CS2»
    «I:autoply.exe»=»I:autoply.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32nwiz.exe»=»C:WINDOWSsystem32nwiz.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32AT.exe»=»C:WINDOWSsystem32AT.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32logon.scr»=»C:WINDOWSsystem32logon.scr:*:Enabled:ipsec»
    «C:WINDOWSsystem32RUNDLL32.EXE»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:ipsec»
    «C:Program FilesDAEMON Tools Litedaemon.exe»=»C:Program FilesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
    «C:WINDOWSExplorer.exe»=»C:WINDOWSExplorer.exe:*:Enabled:ipsec»
    «C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe»=»C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe:*:Enabled:ipsec»
    «C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe»=»C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe:*:Enabled:ipsec»
    «C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe»=»C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe:*:Enabled:ipsec»
    «C:Program FilesJavajre1.6.0_07binjusched.exe»=»C:Program FilesJavajre1.6.0_07binjusched.exe:*:Enabled:ipsec»
    «C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe»=»C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe:*:Enabled:ipsec»
    «C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32mshta.exe»=»C:WINDOWSsystem32mshta.exe:*:Enabled:ipsec»
    «H:yncuwr.exe»=»H:yncuwr.exe:*:Enabled:ipsec»
    «C:Program FilesCommon FilesYandexYupdateyupdate.exe»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe:*:Enabled:ipsec»
    «C:WINDOWSsystem32dumprep.exe»=»C:WINDOWSsystem32dumprep.exe:*:Enabled:ipsec»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»

    ======File associations======

    .scr — open — «c:WINDOWSsystem32notepad.exe» «%1»
    .scr — install —
    .scr — config —

    ======List of files/folders created in the last 1 months======

    2010-02-18 11:51:19 —-D—- C:Program Filestrend micro
    2010-02-18 11:48:08 —-D—- C:_OTM
    2010-02-18 11:41:30 —-RASHD—- C:autorun.inf
    2010-02-17 14:15:57 —-D—- C:rsit
    2010-02-17 14:07:46 —-HD—- C:WINDOWSPIF
    2010-02-11 15:20:38 —-D—- C:WINDOWSCSC
    2010-01-30 19:24:03 —-D—- C:Коктебель12.01.10
    2010-01-30 19:20:20 —-D—- C:Документи

    ======List of files/folders modified in the last 1 months======

    2010-02-18 11:51:19 —-RD—- C:Program Files
    2010-02-18 11:49:40 —-D—- C:WINDOWSTemp
    2010-02-18 11:48:25 —-A—- C:WINDOWSSchedLgU.Txt
    2010-02-18 11:48:12 —-D—- C:WINDOWS
    2010-02-18 11:48:09 —-HD—- C:WINDOWSsystem325C935C
    2010-02-18 08:57:09 —-D—- C:xxxx
    2010-02-17 18:51:56 —-D—- C:WINDOWSsystem32drivers
    2010-02-17 18:50:46 —-SD—- C:WINDOWSTasks
    2010-02-17 18:47:25 —-SHD—- C:System Volume Information
    2010-02-17 18:39:45 —-A—- C:WINDOWSntbtlog.txt
    2010-02-17 14:10:46 —-HD—- C:WINDOWSinf
    2010-02-17 14:07:50 —-D—- C:WINDOWSsystem32CatRoot2
    2010-02-17 12:59:21 —-D—- C:WINDOWSsystem32config
    2010-02-17 12:51:56 —-D—- C:WINDOWSMinidump
    2010-02-11 19:01:30 —-D—- C:WINDOWSsystem32
    2010-01-30 19:30:13 —-HD—- C:Program FilesInstallShield Installation Information

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 42991041;42991041; C:WINDOWSsystem32DRIVERS42991041.sys [2009-09-25 128016]
    R1 42991042;42991042 Boot Guard Driver; C:WINDOWSsystem32DRIVERS42991042.sys [2009-10-22 37392]
    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-09-15 27408]
    R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-09-15 114768]
    R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-09-15 52368]
    R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-01-13 36096]
    R1 setup_9.0.0.722_20.01.2010_19-55drv;setup_9.0.0.722_20.01.2010_19-55drv; C:WINDOWSsystem32DRIVERS4299104.sys [2009-10-09 315408]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-11-27 20747]
    R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-09-15 20560]
    R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-09-15 94160]
    R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibuKey.sys [2007-05-09 72704]
    R3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2003-03-13 100224]
    R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-09-15 23152]
    R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2009-04-08 8704]
    R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-11-11 3532928]
    R3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2003-06-02 578304]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-01-06 27008]
    R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-01-06 57856]
    R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2006-01-06 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-01-06 20480]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-09-19 241280]
    S3 abp470n5;abp470n5; C:WINDOWSsystem32driversabp470n5.sys []
    S3 azxe56mq;azxe56mq; C:WINDOWSsystem32driversazxe56mq.sys []
    S3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2006-01-13 9600]
    S3 MidiSyn;MidiSyn; C:WINDOWSsystem32driversMidiSyn.sys [2002-09-20 235100]
    S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-01-13 12160]
    S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:WINDOWSsystem32DRIVERSrt73.sys [2005-11-24 245248]
    S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2006-01-06 15104]
    S3 utqzndi4;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutqzndi4.sys []
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
    S4 sr;System Restore Filter Driver; C:WINDOWSsystem32DRIVERSsr.sys [2006-01-13 73472]
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2006-01-13 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-09-15 18752]
    R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-09-15 138680]
    R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-11-11 131139]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:Program FilesAnalog DevicesSoundMAXSMAgent.exe [2002-09-20 45056]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-09-15 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-09-15 352920]
    S2 WUSB54GCSVC;WUSB54GCSVC; C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe [2005-07-04 53307]
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-12-05 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
    S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-09-14 77944]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
    S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2006-01-13 38912]

    EOF

  • Автор
    Сообщения
Просмотр 6 сообщений - с 1 по 6 (из 6 всего)
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 12 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    6 years назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    6 years, 2 months назад
  • Замучила реклама опубликовано Данила Беспятов
    6 years, 3 months назад
  • Замучила реклама опубликовано Марк
    6 years назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years, 5 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    6 years, 2 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 6 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)