- This topic has 18 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Добрый вечер. У меня возникла следующая проблема: несколько дней подряд мой AVG8.0 выдавал мне, что у меня много троянов, причем с каждым днем их кол-во все увеличивалось, появились системные ошибки, перестали работать нек. программы (напр. полетел Lingvo12, а потом и сам AVG). Я скачал много антивирусов и проверил систему и только Trojan Remover выдал, что у меня инфицированы system.exe и userinit.exe. Остальные (как то avаst, ad-aware, spybot и др. ничего не показали). Но вот проблема — как их удалить? (Trojan Remover удалить их не может). Порывшись на вашем сайте с помощью программы SDFix мне удалось удалить system.exe, но не userinit.exe. В HijackThis я поставил галочку на «F2 — REG:system.ini: UserInit=C:WINDOWSSystem32userinit.exe», нажал Fix checked и перезагрузил комп (как было описано в пред. советах), но userinit.exe все равно остался. Подскажите пожалуйста, как мне избавиться от этого трояна?
P.S: Какой антивирус эффективнее? Сейчас я поставил себе Malwarebytes__Anti-Malware_1.34_Full, но он тоже эти трояны не увидел. -(Ниже дана вся треб. инфа:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:07, on 17.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: NormalRunning processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:Program FilesAVGAVG8avgrsx.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINNTATKKBService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINNTsystem32nvsvc32.exe
C:WINNTsystem32svchost.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe
C:Program FilesAVerTVQuickTV.exe
C:WINNTsystem32wscntfy.exe
C:WINNTsystem32wbemwmiapsrv.exe
C:Program FilesOperaopera.exe
C:Program Filestrend microHijackThisHijackThis.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: AOLTBSearch Class — {EA756889-2338-43DB-8F07-D1CA6FB9C90D} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} — C:Program FilesAVGAVG8avgssie.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: AOL Toolbar Launcher — {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar2.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar2.dll
O3 — Toolbar: PROMT — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT6PRMTIEprmtie.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: AIM Toolbar — {DE9C389F-3316-41A7-809B-AA305ED9D922} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [EPSON Stylus C43 Series] C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P23 «EPSON Stylus C43 Series» /O6 «USB001» /M «Stylus C43»
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
O4 — HKLM..Run: [Malwarebytes’ Anti-Malware] «C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe» /starttray
O4 — HKCU..Run: [EPSON Stylus CX7300 Series] C:WINNTSystem32spoolDRIVERSW32X863E_FATICDP.EXE /FU «C:WINNTTEMPE_S151.tmp» /EF «HKCU»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O8 — Extra context menu item: &AOL Toolbar Search — c:program filesaolaim toolbar 5.0resourcesen-uslocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: AIM Toolbar — {3369AF0D-62E9-4bda-8103-B4C75499B578} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINNTNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINNTNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) — http://dl.tvunetworks.com/TVUAx.cab
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://upload.vkontakte.ru/uploader/ImageUploader4.cab
O17 — HKLMSystemCCSServicesTcpip..{AF150CD8-7F01-4F3C-9001-B425A2B1E5FC}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: linkscanner — {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} — C:Program FilesAVGAVG8avgpp.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: avgrsstx.dll
O20 — Winlogon Notify: avgrsstarter — C:WINNTSYSTEM32avgrsstx.dll
O23 — Service: Apple Mobile Device — Apple, Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — C:WINNTMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINNTATKKBService.exe
O23 — Service: AVG8 E-mail Scanner (avg8emc) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgemc.exe
O23 — Service: AVG8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) — SEIKO EPSON CORPORATION — C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINNTsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINNTsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: MBAMService — Malwarebytes Corporation — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINNTsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINNTsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINNTsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINNTsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINNTSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINNTsystem32smlogsvc.exe
O23 — Service: Viewpoint Manager Service — Viewpoint Corporation — C:Program FilesViewpointCommonViewpointService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINNTSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINNTsystem32wbemwmiapsrv.exe—
End of file — 12893 bytesLogfile of random’s system information tool 1.05 (written by random/random)
Run by User at 2009-03-17 03:32:52
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (34%) free of 60 GB
Total RAM: 319 MB (29% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:25, on 17.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: NormalRunning processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:Program FilesAVGAVG8avgrsx.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINNTATKKBService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINNTsystem32nvsvc32.exe
C:WINNTsystem32svchost.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe
C:Program FilesAVerTVQuickTV.exe
C:WINNTsystem32wscntfy.exe
C:WINNTsystem32wbemwmiapsrv.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:Program Filestrend microHijackThisUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: AOLTBSearch Class — {EA756889-2338-43DB-8F07-D1CA6FB9C90D} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} — C:Program FilesAVGAVG8avgssie.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: AOL Toolbar Launcher — {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar2.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar2.dll
O3 — Toolbar: PROMT — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT6PRMTIEprmtie.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: AIM Toolbar — {DE9C389F-3316-41A7-809B-AA305ED9D922} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [EPSON Stylus C43 Series] C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P23 «EPSON Stylus C43 Series» /O6 «USB001» /M «Stylus C43»
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
O4 — HKLM..Run: [Malwarebytes’ Anti-Malware] «C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe» /starttray
O4 — HKCU..Run: [EPSON Stylus CX7300 Series] C:WINNTSystem32spoolDRIVERSW32X863E_FATICDP.EXE /FU «C:WINNTTEMPE_S151.tmp» /EF «HKCU»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O8 — Extra context menu item: &AOL Toolbar Search — c:program filesaolaim toolbar 5.0resourcesen-uslocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: AIM Toolbar — {3369AF0D-62E9-4bda-8103-B4C75499B578} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINNTNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINNTNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) — http://dl.tvunetworks.com/TVUAx.cab
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://upload.vkontakte.ru/uploader/ImageUploader4.cab
O17 — HKLMSystemCCSServicesTcpip..{AF150CD8-7F01-4F3C-9001-B425A2B1E5FC}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: linkscanner — {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} — C:Program FilesAVGAVG8avgpp.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: avgrsstx.dll
O20 — Winlogon Notify: avgrsstarter — C:WINNTSYSTEM32avgrsstx.dll
O23 — Service: Apple Mobile Device — Apple, Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — C:WINNTMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINNTATKKBService.exe
O23 — Service: AVG8 E-mail Scanner (avg8emc) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgemc.exe
O23 — Service: AVG8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) — SEIKO EPSON CORPORATION — C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINNTsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINNTsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: MBAMService — Malwarebytes Corporation — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINNTsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINNTsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINNTsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINNTsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINNTSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINNTsystem32smlogsvc.exe
O23 — Service: Viewpoint Manager Service — Viewpoint Corporation — C:Program FilesViewpointCommonViewpointService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINNTSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINNTsystem32wbemwmiapsrv.exe—
End of file — 12941 bytes======Scheduled tasks folder======
C:WINNTtasksAd-Aware Update (Weekly).job
C:WINNTtasksAppleSoftwareUpdate.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-06-08 308856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [2009-03-17 419096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-02-17 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll [2007-10-10 1090912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-13 667336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-17 2050816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar2.dll [2007-01-19 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-17 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-17 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-17 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar2.dll [2007-01-19 2427968]
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} — PROMT — C:Program FilesPRMT6PRMTIEprmtie.dll [2002-03-31 425984]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-13 667336]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
{DE9C389F-3316-41A7-809B-AA305ED9D922} — AIM Toolbar — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll [2007-10-10 1090912]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-30 1336584]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{A057A204-BACC-4D26-9990-79A187E2698E} — AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-17 2050816][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINNTsystem32NvCpl.dll [2006-10-22 7700480]
«nwiz»=nwiz.exe /install []
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-12-13 4428472]
«EPSON Stylus C43 Series»=C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE [2002-12-10 75776]
«AVG8_TRAY»=C:PROGRA~1AVGAVG8avgtray.exe [2009-03-17 1177368]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-02-17 136600]
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2009-02-15 1214856]
«Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2009-02-11 399504][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX7300 Series»=C:WINNTSystem32spoolDRIVERSW32X863E_FATICDP.EXE [2007-04-12 182272][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2007-09-14 267064][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
C:Program FilesABBYY Lingvo 12Lvagent.exe /STARTUP [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINNTsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINNTsystem32NvMcTray.dll [2006-10-22 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2007-06-29 286720][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
C:Program FilesSkypePhoneSkype.exe [2007-09-13 22880040][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-01-26 2144088][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-07-27 68856][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-06-08 185896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2006-09-26 35328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-30 449800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
C:PROGRA~1AdobeACROBA~2.0ReaderREADER~1.EXE [2005-09-23 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
C:PROGRA~1INTERV~1CommonBinWINCIN~1.EXE [2005-04-22 237568]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
QuickTV.lnk — C:Program FilesAVerTVQuickTV.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»avgrsstx.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavgrsstarter]
C:WINNTsystem32avgrsstx.dll [2009-03-17 10520][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindowsTelephony]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindowsTelephony]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesInterVideoDVD6WinDVD.exe»=»C:Program FilesInterVideoDVD6WinDVD.exe:*:Enabled:WinDVD»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesuTorrent [tfile.ru]utorrent.exe»=»C:Program FilesuTorrent [tfile.ru]utorrent.exe:*:Enabled:µTorrent»
«C:Documents and SettingsUserApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsUserApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesCommon FilesAOLLoaderaolload.exe»=»C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWebMoneyWebMoney.exe»=»C:Program FilesWebMoneyWebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module»
«C:Program FilesAVGAVG8avgupd.exe»=»C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe»
«C:WINNTSystem3238.scr»=»C:WINNTSystem3238.scr:*:WindowsTelephony»
«C:WINNTSystem3273.scr»=»C:WINNTSystem3273.scr:*:WindowsTelephony»
«C:WINNTSystem3247.scr»=»C:WINNTSystem3247.scr:*:WindowsTelephony»
«C:WINNTSystem3242.scr»=»C:WINNTSystem3242.scr:*:WindowsTelephony»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:WINNTsystem32system.exe»=»C:WINNTsystem32system.exe:*:Enabled:Mozillacorp»
«C:DOCUME~1UserLOCALS~1Tempsystem.exe»=»C:DOCUME~1UserLOCALS~1Tempsystem.exe:*:Enabled:Mozillacorp»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0a42c85f-fbfd-11dc-92df-00179abf825d}]
shellAutOplAycommand — F:jgtgob.pif
shellAutoRuncommand — F:jgtgob.pif
shellExpLOrecommand — F:jgtgob.pif
shellOPEncommand — F:jgtgob.pif[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{95aa89ec-33ba-11dc-be17-00179abf825d}]
shellAutoRuncommand — d6fagcs8.cmd
shellexplorecommand — d6fagcs8.cmd
shellopencommand — d6fagcs8.cmd======List of files/folders created in the last 1 months======
2070-01-01 04:02:43 —-A—- C:WINNTsystem3201.exe
2070-01-01 04:02:39 —-A—- C:WINNTsystem32603.exe
2009-03-17 02:12:37 —-D—- C:Documents and SettingsUserApplication DataWinRAR
2009-03-17 01:53:26 —-D—- C:WINNTERUNT
2009-03-17 01:44:53 —-D—- C:SDFix
2009-03-17 01:18:35 —-D—- C:Program Filestrend micro
2009-03-17 01:18:28 —-D—- C:rsit
2009-03-17 00:56:18 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-03-17 00:56:06 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-17 00:56:06 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-17 00:24:06 —-A—- C:WINNTsystem32316.exe
2009-03-17 00:09:07 —-A—- C:WINNTsystem3282.exe
2009-03-17 00:08:09 —-A—- C:WINNTsystem32255.exe
2009-03-16 23:28:02 —-A—- C:WINNTsystem32ztvunace26.dll
2009-03-16 23:28:01 —-A—- C:WINNTsystem32ztvunrar36.dll
2009-03-16 23:28:01 —-A—- C:WINNTsystem32ztvcabinet.dll
2009-03-16 23:28:01 —-A—- C:WINNTsystem32UNRAR3.dll
2009-03-16 23:27:21 —-D—- C:Program FilesTrojan Remover
2009-03-16 23:27:21 —-D—- C:Documents and SettingsUserApplication DataSimply Super Software
2009-03-16 23:27:21 —-D—- C:Documents and SettingsAll UsersApplication DataSimply Super Software
2009-03-16 23:23:12 —-A—- C:WINNTsystem32428.exe
2009-03-16 22:07:27 —-A—- C:WINNTsystem32653.exe
2009-03-16 21:39:38 —-A—- C:WINNTsystem32364.exe
2009-03-16 19:18:13 —-A—- C:WINNTsystem3263.exe
2009-03-16 19:15:07 —-HDC—- C:Documents and SettingsAll UsersApplication Data~0
2009-03-16 19:14:02 —-D—- C:Documents and SettingsAll UsersApplication DataLavasoft
2009-03-16 16:32:12 —-A—- C:WINNTsystem3271.exe
2009-03-15 20:03:44 —-A—- C:WINNTsystem32613.exe
2009-03-14 00:53:22 —-A—- C:WINNTsystem32252.exe
2009-03-13 19:10:38 —-D—- C:Documents and SettingsUserApplication DataPROject MT
2009-03-13 19:10:05 —-A—- C:WINNTPrmtED.INI
2009-03-05 21:00:40 —-D—- C:Program FilesSpybot — Search & Destroy
2009-03-05 21:00:40 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-25 23:41:14 —-A—- C:WINNTsystem32wmpns.dll
2009-02-25 23:40:40 —-HDC—- C:WINNT$NtUninstallQ828026$
2009-02-25 23:33:52 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2009-02-19 19:45:05 —-A—- C:WINNTsystem323Deep.dll
2009-02-19 19:45:02 —-D—- C:WINNTsystem32Color======List of files/folders modified in the last 1 months======
2070-01-01 04:02:45 —-D—- C:WINNTPrefetch
2009-03-17 03:32:58 —-D—- C:WINNTTemp
2009-03-17 02:42:23 —-A—- C:WINNTAVerTV.ini
2009-03-17 02:40:28 —-A—- C:WINNTSchedLgU.Txt
2009-03-17 02:26:38 —-RD—- C:Program Files
2009-03-17 02:26:05 —-RSHDC—- C:WINNTsystem32dllcache
2009-03-17 02:25:59 —-D—- C:WINNTsystem32
2009-03-17 02:25:55 —-D—- C:WINNTsystem32CatRoot2
2009-03-17 02:25:54 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-03-17 01:57:45 —-A—- C:WINNTntbtlog.txt
2009-03-17 01:53:26 —-D—- C:WINNT
2009-03-17 01:48:40 —-D—- C:Documents and SettingsUserApplication DatauTorrent
2009-03-17 00:56:11 —-D—- C:WINNTsystem32drivers
2009-03-17 00:42:59 —-A—- C:WINNTsystem32avgrsstx.dll
2009-03-17 00:39:19 —-D—- C:Documents and SettingsAll UsersApplication Dataavg8
2009-03-16 23:25:32 —-SHD—- C:WINNTInstaller
2009-03-16 23:25:32 —-D—- C:WINNTWinSxS
2009-03-16 23:25:22 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-16 23:25:22 —-D—- C:Config.Msi
2009-03-16 23:22:08 —-HD—- C:$AVG8.VAULT$
2009-03-16 23:14:55 —-D—- C:WINNTsystem32config
2009-03-16 22:48:34 —-D—- C:Program FilesABBYY Lingvo 12
2009-03-16 22:16:34 —-DC—- C:WINNTsystem32DRVSTORE
2009-03-16 20:26:53 —-SD—- C:WINNTTasks
2009-03-16 19:18:45 —-HD—- C:WINNTinf
2009-03-16 17:27:49 —-A—- C:WINNTNeroDigital.ini
2009-03-16 01:00:51 —-A—- C:audiodec.txt
2009-03-16 00:09:36 —-D—- C:Documents and SettingsUserApplication DataSkype
2009-03-10 18:08:31 —-A—- C:WINNTAVerText.ini
2009-03-06 00:57:58 —-SH—- C:boot.ini
2009-03-06 00:57:58 —-A—- C:WINNTwin.ini
2009-03-06 00:57:58 —-A—- C:WINNTsystem.ini
2009-02-28 14:47:55 —-D—- C:Program FilesAVerTV
2009-02-21 18:15:04 —-D—- C:Program Filestral.serv
2009-02-19 19:47:52 —-D—- C:WINNTInternet Logs======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINNTsystem32driversatkkbnt.sys [2004-07-20 20096]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:WINNTSystem32Driversavgldx86.sys [2009-03-17 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:WINNTSystem32Driversavgmfx86.sys [2009-03-17 26184]
R2 AvgTdiX;AVG8 Network Redirector; C:WINNTSystem32Driversavgtdix.sys [2009-03-17 75272]
R2 EIO;EIO; ??C:WINNTsystem32driversEIO.sys []
R3 ac97intc;Intel(r) 82801 служба установки аудиодрайвера (WDM); C:WINNTsystem32driversac97intc.sys [2001-08-17 96256]
R3 Cap7134;Cap7134 Capture; C:WINNTsystem32DRIVERSCap7134.sys [2007-04-15 407072]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:WINNTsystem32DRIVERSdlkfet5b.sys [2005-01-19 43008]
R3 GEARAspiWDM;GEARAspiWDM; C:WINNTSystem32DriversGEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINNTsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 MBAMProtector;MBAMProtector; ??C:WINNTsystem32driversmbam.sys []
R3 mouhid;Драйвер мыши HID; C:WINNTsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINNTsystem32driversmsmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:WINNTsystem32DRIVERSnv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:WINNTsystem32driverspfc.sys [2007-04-15 10368]
R3 PhTVTune;Cap7134 TVTuner; C:WINNTsystem32DRIVERSPhTVTune.sys [2007-04-15 57152]
R3 usbhub;USB2 концентратор; C:WINNTsystem32DRIVERSusbhub.sys [2004-08-17 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINNTsystem32DRIVERSusbuhci.sys [2004-08-17 20480]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:WINNTsystem32DRIVERSAVerBDA3x.sys [2007-03-20 1176192]
S3 catchme;catchme; ??C:DOCUME~1UserLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINNTsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; ??R:INSTALLGMSIPCI.SYS []
S3 Mozillacorp;Mozillacorp; ??C:DOCUME~1UserLOCALS~1Temp36761.sys []
S3 MPE;BDA MPE фильтр; C:WINNTsystem32DRIVERSMPE.sys [2004-08-03 15360]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINNTsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINNTsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:WINNTsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINNTsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 sysdrv32;Play Port I/O Driver; ??C:WINNTsystem32driverssysdrv32.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINNTsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINNTsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINNTsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINNTsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Video3D;ASUS Video3D Service; C:WINNTSystem32DriversVideo3D.sys []
S3 WSTCODEC;World Standard Teletext кодек; C:WINNTsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINNTSystem32driversws2ifsl.sys [2004-08-17 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2007-09-06 110592]
R2 ATKKeyboardService;ATK Keyboard Service; C:WINNTATKKBService.exe [2004-07-20 90112]
R2 avg8wd;AVG8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2009-03-17 282904]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2006-03-30 96341]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-17 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINNTsystem32nvsvc32.exe [2006-10-22 159810]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:Program FilesViewpointCommonViewpointService.exe [2007-01-05 24652]
S2 avg8emc;AVG8 E-mail Scanner; C:PROGRA~1AVGAVG8avgemc.exe [2009-03-17 902424]
S2 MBAMService;MBAMService; C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [2009-02-11 179856]
S3 aspnet_state;ASP.NET State Service; C:WINNTMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-04-15 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2007-09-14 503608]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
:Processes
explorer.exe:services
Mozillacorp:reg
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindowsTelephony]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindowsTelephony][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINNTSystem3238.scr»=-
«C:WINNTSystem3273.scr»=-
«C:WINNTSystem3247.scr»=-
«C:WINNTSystem3242.scr»=-
«C:DOCUME~1UserLOCALS~1Tempsystem.exe»=»-[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0a42c85f-fbfd-11dc-92df-00179abf825d}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{95aa89ec-33ba-11dc-be17-00179abf825d}]:files
C:WINNTsystem3201.exe
C:WINNTsystem32603.exe
C:WINNTsystem32316.exe
C:WINNTsystem3282.exe
C:WINNTsystem32255.exe
C:WINNTsystem32428.exe
C:WINNTsystem32653.exe
C:WINNTsystem32364.exe
C:WINNTsystem3263.exe
C:Documents and SettingsAll UsersApplication Data~0
C:WINNTsystem3271.exe
C:WINNTsystem32613.exe
C:WINNTsystem32252.exe
C:WINNTSystem3238.scr
C:WINNTSystem3273.scr
C:WINNTSystem3247.scr
C:WINNTSystem3242.scr
F:jgtgob.pif
c:d6fagcs8.cmd:Commands
[emptytemp]
[start explorer]
[Reboot]
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
Спасибо за ваш быстрый ответ. Вот лог OTMoveIt3:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver Mozillacorp not found.
ServiceDriver key Mozillacorp deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindowsTelephony\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindowsTelephony\ deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINNTSystem3238.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINNTSystem3273.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINNTSystem3247.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINNTSystem3242.scr deleted successfully.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\»C:DOCUME~1UserLOCALS~1Tempsystem.exe»|»- /E : value set successfully!
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0a42c85f-fbfd-11dc-92df-00179abf825d}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{95aa89ec-33ba-11dc-be17-00179abf825d}\ deleted successfully.
========== FILES ==========
File/Folder C:WINNTsystem3201.exe not found.
File/Folder C:WINNTsystem32603.exe not found.
File/Folder C:WINNTsystem32316.exe not found.
File/Folder C:WINNTsystem3282.exe not found.
File/Folder C:WINNTsystem32255.exe not found.
File/Folder C:WINNTsystem32428.exe not found.
File/Folder C:WINNTsystem32653.exe not found.
File/Folder C:WINNTsystem32364.exe not found.
File/Folder C:WINNTsystem3263.exe not found.
C:Documents and SettingsAll UsersApplication Data~0 moved successfully.
File/Folder C:WINNTsystem3271.exe not found.
C:WINNTsystem32613.exe moved successfully.
C:WINNTsystem32252.exe moved successfully.
File/Folder C:WINNTSystem3238.scr not found.
File/Folder C:WINNTSystem3273.scr not found.
File/Folder C:WINNTSystem3247.scr not found.
File/Folder C:WINNTSystem3242.scr not found.
File/Folder F:jgtgob.pif not found.
File/Folder c:d6fagcs8.cmd not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1UserLOCALS~1Temp~DF12AD.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINNTtempPerflib_Perfdata_7e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.9.0 log created on 03182009_202417
Files moved on Reboot…
C:DOCUME~1UserLOCALS~1Temp~DF12AD.tmp moved successfully.
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
File C:WINNTtempPerflib_Perfdata_7e0.dat not found!Logfile of random’s system information tool 1.05 (written by random/random)
Run by User at 2009-03-18 20:48:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (33%) free of 60 GB
Total RAM: 319 MB (30% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:37, on 18.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: NormalRunning processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINNTATKKBService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINNTsystem32nvsvc32.exe
C:WINNTsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesCanonCALCALMAIN.exe
C:WINNTsystem32wscntfy.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINNTsystem32ctfmon.exe
C:Program FilesAVerTVQuickTV.exe
C:WINNTsystem32wbemwmiapsrv.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:Program Filestrend microHijackThisUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: AOLTBSearch Class — {EA756889-2338-43DB-8F07-D1CA6FB9C90D} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} — C:Program FilesAVGAVG8avgssie.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: AOL Toolbar Launcher — {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar2.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar2.dll
O3 — Toolbar: PROMT — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT6PRMTIEprmtie.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: AIM Toolbar — {DE9C389F-3316-41A7-809B-AA305ED9D922} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [EPSON Stylus C43 Series] C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P23 «EPSON Stylus C43 Series» /O6 «USB001» /M «Stylus C43»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
O4 — HKLM..Run: [Malwarebytes’ Anti-Malware] «C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe» /starttray
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKCU..Run: [EPSON Stylus CX7300 Series] C:WINNTSystem32spoolDRIVERSW32X863E_FATICDP.EXE /FU «C:WINNTTEMPE_S151.tmp» /EF «HKCU»
O4 — HKCU..Run: [ctfmon.exe] C:WINNTsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINNTsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O8 — Extra context menu item: &AOL Toolbar Search — c:program filesaolaim toolbar 5.0resourcesen-uslocalsearch.html
O8 — Extra context menu item: &Перевести с помощью ABBYY Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: AIM Toolbar — {3369AF0D-62E9-4bda-8103-B4C75499B578} — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINNTNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINNTNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) — http://dl.tvunetworks.com/TVUAx.cab
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://upload.vkontakte.ru/uploader/ImageUploader4.cab
O17 — HKLMSystemCCSServicesTcpip..{AF150CD8-7F01-4F3C-9001-B425A2B1E5FC}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: linkscanner — {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} — C:Program FilesAVGAVG8avgpp.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: avgrsstarter — C:WINNTSYSTEM32avgrsstx.dll
O23 — Service: Apple Mobile Device — Apple, Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — C:WINNTMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — C:WINNTATKKBService.exe
O23 — Service: AVG Free8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) — SEIKO EPSON CORPORATION — C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINNTsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINNTsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: MBAMService — Malwarebytes Corporation — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINNTsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINNTsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINNTsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINNTsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINNTSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINNTsystem32smlogsvc.exe
O23 — Service: Viewpoint Manager Service — Viewpoint Corporation — C:Program FilesViewpointCommonViewpointService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINNTSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINNTsystem32wbemwmiapsrv.exe—
End of file — 13026 bytes======Scheduled tasks folder======
C:WINNTtasksAd-Aware Update (Weekly).job
C:WINNTtasksAppleSoftwareUpdate.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-06-08 308856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [2009-03-17 1078552][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-02-17 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll [2007-10-10 1090912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-13 667336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-17 1968920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar2.dll [2007-01-19 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-17 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-17 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-17 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar2.dll [2007-01-19 2427968]
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} — PROMT — C:Program FilesPRMT6PRMTIEprmtie.dll [2002-03-31 425984]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-13 667336]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
{DE9C389F-3316-41A7-809B-AA305ED9D922} — AIM Toolbar — C:Program FilesAOLAIM Toolbar 5.0aoltb.dll [2007-10-10 1090912]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-30 1336584]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{A057A204-BACC-4D26-9990-79A187E2698E} — AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-17 1968920][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINNTsystem32NvCpl.dll [2006-10-22 7700480]
«nwiz»=nwiz.exe /install []
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-12-13 4428472]
«EPSON Stylus C43 Series»=C:WINNTSystem32spoolDRIVERSW32X863E_S10IC2.EXE [2002-12-10 75776]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-02-17 136600]
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2009-02-21 1211784]
«Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2009-02-11 399504]
«»= []
«AVG8_TRAY»=C:PROGRA~1AVGAVG8avgtray.exe [2009-03-17 1932568][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX7300 Series»=C:WINNTSystem32spoolDRIVERSW32X863E_FATICDP.EXE [2007-04-12 182272]
«ctfmon.exe»=C:WINNTsystem32ctfmon.exe [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2007-09-14 267064][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
C:Program FilesABBYY Lingvo 12Lvagent.exe [2006-12-14 258048][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINNTsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINNTsystem32NvMcTray.dll [2006-10-22 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2007-06-29 286720][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
C:Program FilesSkypePhoneSkype.exe [2007-09-13 22880040][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-01-26 2144088][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-07-27 68856][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-06-08 185896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2006-09-26 35328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-30 449800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
C:PROGRA~1AdobeACROBA~2.0ReaderREADER~1.EXE [2005-09-23 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
C:PROGRA~1INTERV~1CommonBinWINCIN~1.EXE [2005-04-22 237568]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
QuickTV.lnk — C:Program FilesAVerTVQuickTV.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavgrsstarter]
C:WINNTsystem32avgrsstx.dll [2009-03-17 10520][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesInterVideoDVD6WinDVD.exe»=»C:Program FilesInterVideoDVD6WinDVD.exe:*:Enabled:WinDVD»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesuTorrent [tfile.ru]utorrent.exe»=»C:Program FilesuTorrent [tfile.ru]utorrent.exe:*:Enabled:µTorrent»
«C:Documents and SettingsUserApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsUserApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesCommon FilesAOLLoaderaolload.exe»=»C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWebMoneyWebMoney.exe»=»C:Program FilesWebMoneyWebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module»
«C:WINNTsystem32system.exe»=»C:WINNTsystem32system.exe:*:Enabled:Mozillacorp»
«C:DOCUME~1UserLOCALS~1Tempsystem.exe»=»»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesAVGAVG8avgupd.exe»=»C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe»
«C:Program FilesAVGAVG8avgnsx.exe»=»C:Program FilesAVGAVG8avgnsx.exe:*:Enabled:avgnsx.exe»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-03-18 20:24:17 —-D—- C:_OTMoveIt
2009-03-17 16:40:26 —-D—- C:Documents and SettingsUserApplication DataMozilla
2009-03-17 16:40:02 —-D—- C:Program FilesMozilla Firefox
2009-03-17 15:15:50 —-A—- C:WINNTsystem32avgrsstx.dll
2009-03-17 14:13:45 —-D—- C:Program FilesABBYY Lingvo 12
2009-03-17 02:12:37 —-D—- C:Documents and SettingsUserApplication DataWinRAR
2009-03-17 01:53:26 —-D—- C:WINNTERUNT
2009-03-17 01:44:53 —-D—- C:SDFix
2009-03-17 01:18:35 —-D—- C:Program Filestrend micro
2009-03-17 01:18:28 —-D—- C:rsit
2009-03-17 00:56:18 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-03-17 00:56:06 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-17 00:56:06 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-16 23:28:02 —-A—- C:WINNTsystem32ztvunace26.dll
2009-03-16 23:28:01 —-A—- C:WINNTsystem32ztvunrar36.dll
2009-03-16 23:28:01 —-A—- C:WINNTsystem32ztvcabinet.dll
2009-03-16 23:28:01 —-A—- C:WINNTsystem32UNRAR3.dll
2009-03-16 23:27:21 —-D—- C:Program FilesTrojan Remover
2009-03-16 23:27:21 —-D—- C:Documents and SettingsUserApplication DataSimply Super Software
2009-03-16 23:27:21 —-D—- C:Documents and SettingsAll UsersApplication DataSimply Super Software
2009-03-16 19:14:02 —-D—- C:Documents and SettingsAll UsersApplication DataLavasoft
2009-03-13 19:10:38 —-D—- C:Documents and SettingsUserApplication DataPROject MT
2009-03-13 19:10:05 —-A—- C:WINNTPrmtED.INI
2009-03-05 21:00:40 —-D—- C:Program FilesSpybot — Search & Destroy
2009-03-05 21:00:40 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-25 23:41:14 —-A—- C:WINNTsystem32wmpns.dll
2009-02-25 23:40:40 —-HDC—- C:WINNT$NtUninstallQ828026$
2009-02-25 23:33:52 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2009-02-19 19:45:05 —-A—- C:WINNTsystem323Deep.dll
2009-02-19 19:45:02 —-D—- C:WINNTsystem32Color======List of files/folders modified in the last 1 months======
2070-01-01 04:02:45 —-D—- C:WINNTPrefetch
2009-03-18 20:41:05 —-A—- C:WINNTAVerTV.ini
2009-03-18 20:40:43 —-D—- C:WINNTTemp
2009-03-18 20:38:19 —-A—- C:WINNTSchedLgU.Txt
2009-03-18 20:24:20 —-D—- C:WINNTsystem32
2009-03-18 17:44:16 —-HD—- C:$AVG8.VAULT$
2009-03-18 01:00:57 —-A—- C:WINNTNeroDigital.ini
2009-03-17 16:40:02 —-RD—- C:Program Files
2009-03-17 15:15:49 —-D—- C:WINNTsystem32drivers
2009-03-17 15:15:08 —-D—- C:Documents and SettingsAll UsersApplication Dataavg8
2009-03-17 15:14:56 —-SHD—- C:WINNTInstaller
2009-03-17 15:14:56 —-D—- C:Config.Msi
2009-03-17 15:14:52 —-D—- C:WINNTWinSxS
2009-03-17 15:13:44 —-D—- C:WINNT
2009-03-17 14:08:03 —-D—- C:Documents and SettingsUserApplication DataSkype
2009-03-17 11:42:07 —-SD—- C:WINNTTasks
2009-03-17 03:54:29 —-D—- C:Documents and SettingsUserApplication DatauTorrent
2009-03-17 03:39:32 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-03-17 02:26:05 —-RSHDC—- C:WINNTsystem32dllcache
2009-03-17 02:25:55 —-D—- C:WINNTsystem32CatRoot2
2009-03-17 01:57:45 —-A—- C:WINNTntbtlog.txt
2009-03-16 23:25:22 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-16 23:14:55 —-D—- C:WINNTsystem32config
2009-03-16 22:16:34 —-DC—- C:WINNTsystem32DRVSTORE
2009-03-16 19:18:45 —-HD—- C:WINNTinf
2009-03-16 01:00:51 —-A—- C:audiodec.txt
2009-03-10 18:08:31 —-A—- C:WINNTAVerText.ini
2009-03-06 00:57:58 —-SH—- C:boot.ini
2009-03-06 00:57:58 —-A—- C:WINNTwin.ini
2009-03-06 00:57:58 —-A—- C:WINNTsystem.ini
2009-02-28 14:47:55 —-D—- C:Program FilesAVerTV
2009-02-21 18:15:04 —-D—- C:Program Filestral.serv
2009-02-19 19:47:52 —-D—- C:WINNTInternet Logs======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 asuskbnt;Enhanced Display Driver Helper Service; C:WINNTsystem32driversatkkbnt.sys [2004-07-20 20096]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:WINNTSystem32Driversavgldx86.sys [2009-03-17 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:WINNTSystem32Driversavgmfx86.sys [2009-03-17 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:WINNTSystem32Driversavgtdix.sys [2009-03-17 107912]
R2 EIO;EIO; ??C:WINNTsystem32driversEIO.sys []
R3 ac97intc;Intel(r) 82801 служба установки аудиодрайвера (WDM); C:WINNTsystem32driversac97intc.sys [2001-08-17 96256]
R3 Cap7134;Cap7134 Capture; C:WINNTsystem32DRIVERSCap7134.sys [2007-04-15 407072]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:WINNTsystem32DRIVERSdlkfet5b.sys [2005-01-19 43008]
R3 GEARAspiWDM;GEARAspiWDM; C:WINNTSystem32DriversGEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINNTsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 MBAMProtector;MBAMProtector; ??C:WINNTsystem32driversmbam.sys []
R3 mouhid;Драйвер мыши HID; C:WINNTsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINNTsystem32driversmsmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:WINNTsystem32DRIVERSnv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:WINNTsystem32driverspfc.sys [2007-04-15 10368]
R3 PhTVTune;Cap7134 TVTuner; C:WINNTsystem32DRIVERSPhTVTune.sys [2007-04-15 57152]
R3 usbhub;USB2 концентратор; C:WINNTsystem32DRIVERSusbhub.sys [2004-08-17 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINNTsystem32DRIVERSusbuhci.sys [2004-08-17 20480]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:WINNTsystem32DRIVERSAVerBDA3x.sys [2007-03-20 1176192]
S3 catchme;catchme; ??C:DOCUME~1UserLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINNTsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; ??R:INSTALLGMSIPCI.SYS []
S3 MPE;BDA MPE фильтр; C:WINNTsystem32DRIVERSMPE.sys [2004-08-03 15360]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINNTsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINNTsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:WINNTsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINNTsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 sysdrv32;Play Port I/O Driver; ??C:WINNTsystem32driverssysdrv32.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINNTsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINNTsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINNTsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINNTsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Video3D;ASUS Video3D Service; C:WINNTSystem32DriversVideo3D.sys []
S3 WSTCODEC;World Standard Teletext кодек; C:WINNTsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINNTSystem32driversws2ifsl.sys [2004-08-17 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2007-09-06 110592]
R2 ATKKeyboardService;ATK Keyboard Service; C:WINNTATKKBService.exe [2004-07-20 90112]
R2 avg8wd;AVG Free8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2009-03-17 298264]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2006-03-30 96341]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:Program FilesCommon FilesEPSONeEBAPISAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-17 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINNTsystem32nvsvc32.exe [2006-10-22 159810]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:Program FilesViewpointCommonViewpointService.exe [2007-01-05 24652]
S2 MBAMService;MBAMService; C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [2009-02-11 179856]
S3 aspnet_state;ASP.NET State Service; C:WINNTMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-04-15 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2007-09-14 503608]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Да вроде нормально. Но единственная проблема — при каждой проверке Trojan Remover выдает, что подозрителен файл Userinit (C:WINNTSYSTEM32Userinit.exe). Пишет: file is suspicious: wrong size or bad version. Это нормально?
Проверим ещё одной программой.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
ComboFix 09-03-19.02 — User 2009-03-24 20:10:44.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.319.106 [GMT 3:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:winntIE4 Error Log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_SYSDRV32
Service_sysdrv32((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.2009-03-22 00:06 . 2009-03-22 00:06 d
c:program filesMySpace
2009-03-22 00:06 . 2009-03-22 00:06 d
c:documents and settingsUserApplication DataMySpace
2009-03-18 20:24 . 2009-03-18 20:24 d
C:_OTMoveIt
2009-03-17 15:15 . 2009-03-24 18:24 d
c:winntsystem32driversAvg
2009-03-17 15:15 . 2009-03-17 15:15 325,640 —a
c:winntsystem32driversavgldx86.sys
2009-03-17 15:15 . 2009-03-17 15:15 107,912 —a
c:winntsystem32driversavgtdix.sys
2009-03-17 15:15 . 2009-03-17 15:15 10,520 —a
c:winntsystem32avgrsstx.dll
2009-03-17 14:13 . 2009-03-17 14:21 d
c:program filesABBYY Lingvo 12
2009-03-17 01:53 . 2009-03-17 01:53 d
c:winntERUNT
2009-03-17 01:44 . 2009-03-17 02:19 d
C:SDFix
2009-03-17 01:18 . 2009-03-17 01:20 d
C:rsit
2009-03-17 01:18 . 2009-03-17 01:31 d
c:program filestrend micro
2009-03-17 00:56 . 2009-03-17 00:56 d
c:program filesMalwarebytes’ Anti-Malware
2009-03-17 00:56 . 2009-03-17 00:56 d
c:documents and settingsUserApplication DataMalwarebytes
2009-03-17 00:56 . 2009-03-17 00:56 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-17 00:56 . 2009-02-11 10:19 38,496 —a
c:winntsystem32driversmbamswissarmy.sys
2009-03-17 00:56 . 2009-02-11 10:19 15,504 —a
c:winntsystem32driversmbam.sys
2009-03-16 23:28 . 2006-05-25 14:52 162,304 —a
c:winntsystem32ztvunrar36.dll
2009-03-16 23:28 . 2003-02-02 19:06 153,088 —a
c:winntsystem32UNRAR3.dll
2009-03-16 23:28 . 2005-08-26 00:50 77,312 —a
c:winntsystem32ztvunace26.dll
2009-03-16 23:28 . 2006-06-19 12:01 69,632 —a
c:winntsystem32ztvcabinet.dll
2009-03-16 23:27 . 2009-03-17 03:40 d
c:program filesTrojan Remover
2009-03-16 23:27 . 2009-03-17 03:39 d
c:documents and settingsUserApplication DataSimply Super Software
2009-03-16 23:27 . 2009-03-16 23:27 d
c:documents and settingsAll UsersApplication DataSimply Super Software
2009-03-16 19:31 . 2009-03-16 19:31 d
c:documents and settingsLocalServiceРабочий стол
2009-03-16 19:14 . 2009-03-16 22:18 d
c:documents and settingsAll UsersApplication DataLavasoft
2009-03-13 19:10 . 2009-03-13 19:10 d
c:documents and settingsUserApplication DataPROject MT
2009-03-13 19:10 . 2009-03-13 19:10 96 —a
c:winntPrmtED.INI
2009-03-05 21:00 . 2009-03-05 21:01 d
c:program filesSpybot — Search & Destroy
2009-03-05 21:00 . 2009-03-05 23:25 d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-25 23:41 . 2004-08-17 17:00 221,184 —a
c:winntsystem32wmpns.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 23:50
d
w c:documents and settingsUserApplication DataSkype
2009-03-20 13:10
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-03-17 12:15
d
w c:documents and settingsAll UsersApplication Dataavg8
2009-03-17 00:54
d
w c:documents and settingsUserApplication DatauTorrent
2009-02-28 11:47
d
w c:program filesAVerTV
2009-02-21 15:15
d
w c:program filestral.serv
2009-02-17 18:05 410,984 —-a-w c:winntsystem32deploytk.dll
2009-02-17 18:05
d
w c:program filesJava
2009-02-09 14:07
d
w c:program filesTVAnts
2008-11-26 23:44 6,599 —-a-w c:program fileslicense.lic
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-03-20 15:28 2469888 —a
c:program filesWebMoney Advisorwmadvisor.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-11-30 1336584]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-11-30 1336584]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX7300 Series»=»c:winntSystem32spoolDRIVERSW32X863E_FATICDP.EXE» [2007-04-12 182272]
«ctfmon.exe»=»c:winntsystem32ctfmon.exe» [2004-08-17 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:winntsystem32NvCpl.dll» [2006-10-22 7700480]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-13 4428472]
«EPSON Stylus C43 Series»=»c:winntSystem32spoolDRIVERSW32X863E_S10IC2.EXE» [2002-12-10 75776]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-02-17 136600]
«TrojanScanner»=»c:program filesTrojan RemoverTrjscan.exe» [2009-02-21 1211784]
«Malwarebytes’ Anti-Malware»=»c:program filesMalwarebytes’ Anti-Malwarembamgui.exe» [2009-02-11 399504]
«AVG8_TRAY»=»c:progra~1AVGAVG8avgtray.exe» [2009-03-17 1932568]
«nwiz»=»nwiz.exe» [2006-10-22 c:winntsystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:winntsystem32CTFMON.EXE» [2004-08-17 15360]
«MySpaceIM»=»c:program filesMySpaceIMMySpaceIM.exe» [2008-12-12 9555968]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
QuickTV.lnk — c:program filesAVerTVQuickTV.exe [2006-02-21 401408][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2009-03-17 15:15 10520 c:winntsystem32avgrsstx.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll
«VIDC.ACDV»= ACDV.dll
«vidc.asv2″= asusasv2.dll[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
backup=c:winntpssAdobe Reader Speed Launch.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
backup=c:winntpssInterVideo WinCinema Manager.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
—a
2007-09-14 09:00 267064 c:program filesiTunesiTunesHelper.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
—a
2006-12-14 03:09 258048 c:program filesABBYY Lingvo 12LvAgent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2004-08-17 15:17 1667584 c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a
2001-07-09 10:50 155648 c:winntsystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
—a
2006-10-22 11:22 86016 c:winntsystem32nvmctray.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
—a
2007-06-29 05:24 286720 c:program filesQuickTimeQTTask.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
-ra
2007-09-13 12:31 22880040 c:program filesSkypePhoneSkype.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
-rahs—- 2009-01-26 15:31 2144088 c:program filesSpybot — Search & DestroyTeaTimer.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
—a
2007-07-27 23:57 68856 c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
—a
2008-06-08 21:45 185896 c:program filesCommon FilesRealUpdate_OBrealsched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
—a
2006-09-26 17:49 35328 c:program filesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
—a
2007-11-30 16:58 449800 c:program filesCommon FilesYandexYupdateyupdate.exe[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\InterVideo\DVD6\WinDVD.exe»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\uTorrent [tfile.ru]\utorrent.exe»=
«c:\Documents and Settings\User\Application Data\SopCast\adv\SopAdver.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Common Files\AOL\Loader\aolload.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\AVG\AVG8\avgupd.exe»=
«c:\Program Files\AVG\AVG8\avgnsx.exe»=
«c:\Program Files\MySpace\IM\MySpaceIM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«29099:TCP»= 29099:TCP:BNDR0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:winntsystem32driverssfsync03.sys [2005-10-13 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:winntsystem32driversavgldx86.sys [2009-03-17 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:winntsystem32driversavgtdix.sys [2009-03-17 107912]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [2009-03-17 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesViewpointCommonViewpointService.exe [2008-02-15 24652]
R3 MBAMProtector;MBAMProtector;c:winntsystem32driversmbam.sys [2009-03-17 15504]
R3 PhTVTune;Cap7134 TVTuner;c:winntsystem32driversPhTVTune.sys [2007-04-15 57152]
S2 MBAMService;MBAMService;c:program filesMalwarebytes’ Anti-Malwarembamservice.exe [2009-03-17 179856]
S2 NewServiceInstall1;NewServiceInstall1; [x]
S2 WindowsTelephony;Windows Telephony; [x]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:winntsystem32driversAVerBDA3x.sys [2007-04-15 1176192]
.
Contents of the ‘Scheduled Tasks’ folder2009-03-23 c:winntTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe []2009-03-21 c:winntTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 13:57]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yandex.ru/?clid=27130
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search — c:program filesaolaim toolbar 5.0resourcesen-uslocalsearch.html
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Найти в интернете — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Найти в словарях — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPRMT6PRMTIEoptions.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesdeo74kzk.default
FF — plugin: c:program filesOperaprogrampluginsnpdivx32.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava11.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava12.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava13.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava14.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava32.dll
FF — plugin: c:program filesOperaprogrampluginsNPJPI142_08.dll
FF — plugin: c:program filesOperaprogrampluginsNPOJI610.dll
FF — plugin: c:program filesViewpointViewpoint Media PlayernpViewpoint.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 20:20:11
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1220945662-1644491937-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Other Running Processes
.
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:winntATKKBService.exe
c:program filesCommon FilesEPSONeEBAPISAgent2.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:winntsystem32nvsvc32.exe
c:program filesAVGAVG8avgrsx.exe
c:progra~1AVGAVG8avgnsx.exe
c:program filesCanonCALCALMAIN.exe
c:winntsystem32wscntfy.exe
c:winntsystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-03-24 20:24:41 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 17:24:31Pre-Run: 20 347 363 328 байт свободно
Post-Run: 20,441,423,872 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINNT
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINNT=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect251
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Drivers::
NewServiceInstall1
WindowsTelephony
Viewpoint Manager ServiceЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-04-04.01 — User 2009-04-09 18:06:13.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.319.105 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столCFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.2009-03-26 22:47 . 2009-03-26 22:47 54,156 —ah
c:winntQTFont.qfn
2009-03-26 22:47 . 2009-03-26 22:47 1,409 —a
c:winntQTFont.for
2009-03-22 01:06 . 2009-03-22 01:06 d
c:program filesMySpace
2009-03-22 01:06 . 2009-03-22 01:06 d
c:documents and settingsUserApplication DataMySpace
2009-03-17 16:15 . 2009-04-09 17:32 d
c:winntsystem32driversAvg
2009-03-17 16:15 . 2009-03-17 16:15 325,640 —a
c:winntsystem32driversavgldx86.sys
2009-03-17 16:15 . 2009-03-28 14:08 108,552 —a
c:winntsystem32driversavgtdix.sys
2009-03-17 16:15 . 2009-03-17 16:15 10,520 —a
c:winntsystem32avgrsstx.dll
2009-03-17 15:13 . 2009-03-17 15:21 d
c:program filesABBYY Lingvo 12
2009-03-17 02:53 . 2009-03-17 02:53 d
c:winntERUNT
2009-03-17 02:18 . 2009-03-17 02:20 d
C:rsit
2009-03-17 02:18 . 2009-03-17 02:31 d
c:program filestrend micro
2009-03-17 01:56 . 2009-03-17 01:56 d
c:documents and settingsUserApplication DataMalwarebytes
2009-03-17 01:56 . 2009-03-17 01:56 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-17 00:28 . 2006-05-25 15:52 162,304 —a
c:winntsystem32ztvunrar36.dll
2009-03-17 00:28 . 2003-02-02 20:06 153,088 —a
c:winntsystem32UNRAR3.dll
2009-03-17 00:28 . 2005-08-26 01:50 77,312 —a
c:winntsystem32ztvunace26.dll
2009-03-17 00:28 . 2006-06-19 13:01 69,632 —a
c:winntsystem32ztvcabinet.dll
2009-03-17 00:27 . 2009-03-25 13:23 d
c:program filesTrojan Remover
2009-03-17 00:27 . 2009-03-17 04:39 d
c:documents and settingsUserApplication DataSimply Super Software
2009-03-17 00:27 . 2009-03-17 00:27 d
c:documents and settingsAll UsersApplication DataSimply Super Software
2009-03-16 20:31 . 2009-03-16 20:31 d
c:documents and settingsLocalServiceРабочий стол
2009-03-16 20:14 . 2009-03-16 23:18 d
c:documents and settingsAll UsersApplication DataLavasoft
2009-03-13 20:10 . 2009-03-13 20:10 d
c:documents and settingsUserApplication DataPROject MT
2009-03-13 20:10 . 2009-03-13 20:10 96 —a
c:winntPrmtED.INI.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 22:28
d
w c:documents and settingsUserApplication DatauTorrent
2009-03-31 15:06
d
w c:documents and settingsUserApplication DataSkype
2009-03-20 13:10
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-03-17 12:15
d
w c:documents and settingsAll UsersApplication Dataavg8
2009-03-05 20:25
d
w c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-05 18:01
d
w c:program filesSpybot — Search & Destroy
2009-02-28 11:47
d
w c:program filesAVerTV
2009-02-21 15:15
d
w c:program filestral.serv
2009-02-17 18:05 410,984 —-a-w c:winntsystem32deploytk.dll
2009-02-17 18:05
d
w c:program filesJava
2009-02-09 14:07
d
w c:program filesTVAnts
2008-11-26 23:44 6,599 —-a-w c:program fileslicense.lic
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-03-20 16:28 2469888 —a
c:program filesWebMoney Advisorwmadvisor.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-11-30 1336584]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-11-30 1336584]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX7300 Series»=»c:winntSystem32spoolDRIVERSW32X863E_FATICDP.EXE» [2007-04-12 182272]
«ctfmon.exe»=»c:winntsystem32ctfmon.exe» [2004-08-17 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:winntsystem32NvCpl.dll» [2006-10-22 7700480]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-13 4428472]
«EPSON Stylus C43 Series»=»c:winntSystem32spoolDRIVERSW32X863E_S10IC2.EXE» [2002-12-10 75776]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-02-17 136600]
«TrojanScanner»=»c:program filesTrojan RemoverTrjscan.exe» [2009-02-21 1211784]
«AVG8_TRAY»=»c:progra~1AVGAVG8avgtray.exe» [2009-03-17 1932568]
«nwiz»=»nwiz.exe» [2006-10-22 c:winntsystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:winntsystem32CTFMON.EXE» [2004-08-17 15360]
«MySpaceIM»=»c:program filesMySpaceIMMySpaceIM.exe» [2008-12-12 9555968]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
QuickTV.lnk — c:program filesAVerTVQuickTV.exe [2006-02-21 401408][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2009-03-17 16:15 10520 c:winntsystem32avgrsstx.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll
«VIDC.ACDV»= ACDV.dll
«vidc.asv2″= asusasv2.dll[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
backup=c:winntpssAdobe Reader Speed Launch.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
backup=c:winntpssInterVideo WinCinema Manager.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
—a
2007-09-14 10:00 267064 c:program filesiTunesiTunesHelper.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
—a
2006-12-14 04:09 258048 c:program filesABBYY Lingvo 12LvAgent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2004-08-17 16:17 1667584 c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a
2001-07-09 11:50 155648 c:winntsystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
—a
2006-10-22 12:22 86016 c:winntsystem32nvmctray.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
—a
2007-06-29 06:24 286720 c:program filesQuickTimeQTTask.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
-ra
2007-09-13 13:31 22880040 c:program filesSkypePhoneSkype.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
-rahs—- 2009-01-26 16:31 2144088 c:program filesSpybot — Search & DestroyTeaTimer.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
—a
2007-07-28 00:57 68856 c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
—a
2008-06-08 22:45 185896 c:program filesCommon FilesRealUpdate_OBrealsched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
—a
2006-09-26 18:49 35328 c:program filesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
—a
2007-11-30 17:58 449800 c:program filesCommon FilesYandexYupdateyupdate.exe[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\InterVideo\DVD6\WinDVD.exe»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\uTorrent [tfile.ru]\utorrent.exe»=
«c:\Documents and Settings\User\Application Data\SopCast\adv\SopAdver.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Common Files\AOL\Loader\aolload.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\AVG\AVG8\avgupd.exe»=
«c:\Program Files\AVG\AVG8\avgnsx.exe»=
«c:\Program Files\MySpace\IM\MySpaceIM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«29099:TCP»= 29099:TCP:BNDR0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:winntsystem32driverssfsync03.sys [2005-10-13 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:winntsystem32driversavgldx86.sys [2009-03-17 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:winntsystem32driversavgtdix.sys [2009-03-17 108552]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [2009-03-17 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesViewpointCommonViewpointService.exe [2008-02-15 24652]
R3 PhTVTune;Cap7134 TVTuner;c:winntsystem32driversPhTVTune.sys [2007-04-15 57152]
S2 NewServiceInstall1;NewServiceInstall1; [x]
S2 WindowsTelephony;Windows Telephony; [x]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:winntsystem32driversAVerBDA3x.sys [2007-04-15 1176192]
.
Contents of the ‘Scheduled Tasks’ folder2009-04-06 c:winntTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe []2009-04-04 c:winntTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 14:57]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yandex.ru/?clid=27130
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search — c:program filesaolaim toolbar 5.0resourcesen-uslocalsearch.html
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Найти в интернете — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Найти в словарях — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPRMT6PRMTIEoptions.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesdeo74kzk.default
FF — plugin: c:program filesOperaprogrampluginsnpdivx32.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava11.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava12.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava13.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava14.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava32.dll
FF — plugin: c:program filesOperaprogrampluginsNPJPI142_08.dll
FF — plugin: c:program filesOperaprogrampluginsNPOJI610.dll
FF — plugin: c:program filesViewpointViewpoint Media PlayernpViewpoint.dll
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 18:10:30
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1220945662-1644491937-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-04-09 18:14:29
ComboFix-quarantined-files.txt 2009-04-09 14:14:16
ComboFix2.txt 2009-03-24 17:24:44Pre-Run: 21 839 908 864 байт свободно
Post-Run: 21,938,962,432 байт свободно214
В скрипте есть небольшая опечатка.
Пожалуйста повторите.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:Driver::
NewServiceInstall1
WindowsTelephony
Viewpoint Manager ServiceЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
ИзображениеСombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-04-18.05 — User 18.04.2009 17:07.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.319.100 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столCFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:winntIE4 Error Log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_NEWSERVICEINSTALL1
Legacy_VIEWPOINT_MANAGER_SERVICE
Legacy_WINDOWSTELEPHONY
Service_NewServiceInstall1
Service_Viewpoint Manager Service
Service_WindowsTelephony((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.2009-04-17 12:06 . 2009-04-17 12:06
d
w c:documents and settingsUserApplication DataPRMT
2009-04-17 12:01 . 2009-04-17 12:01
d
w c:winntspeech
2009-04-17 11:55 . 2009-04-17 12:06
d
w c:winntLhsp
2009-04-17 11:55 . 2009-04-17 11:55
d
w c:documents and settingsAll UsersApplication DataPRMT
2009-04-12 09:16 . 2006-06-29 09:07 14048
w c:winntsystem32spmsg2.dll
2009-04-12 09:04 . 2009-04-12 09:04
d
w C:f90a74d6a44be9a5bb38
2009-04-11 11:21 . 2009-04-11 11:21
d
w c:documents and settingsAll UsersApplication DataSimply Super Software
2009-03-26 18:47 . 2009-03-26 18:47 54156 —ha-w c:winntQTFont.qfn
2009-03-26 18:47 . 2009-03-26 18:47 1409 —-a-w c:winntQTFont.for
2009-03-21 21:06 . 2009-03-21 21:06
d
w c:documents and settingsUserApplication DataMySpace.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 15:28 . 2008-11-27 22:03
d
w c:program filesGoogle
2009-04-17 11:56 . 2009-04-17 11:55
d
w c:program filesPRMT8
2009-04-17 11:53 . 2004-08-17 14:00 82364 —-a-w c:winntsystem32perfc019.dat
2009-04-17 11:53 . 2004-08-17 14:00 479846 —-a-w c:winntsystem32perfh019.dat
2009-04-12 09:17 . 2009-04-12 09:17
d
w c:program filesReference Assemblies
2009-04-11 21:01 . 2007-04-15 18:35
d
w c:documents and settingsUserApplication DataSkype
2009-04-11 11:27 . 2008-04-16 20:31
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-04-11 11:22 . 2009-04-11 11:21
d
w c:program filesTrojan Remover
2009-04-11 11:21 . 2009-03-16 20:27
d
w c:documents and settingsUserApplication DataSimply Super Software
2009-04-11 10:54 . 2007-08-03 21:31
d
w c:documents and settingsUserApplication DatauTorrent
2009-04-10 12:35 . 2009-03-05 18:00
d
w c:program filesSpybot — Search & Destroy
2009-04-08 10:32 . 2007-05-06 21:14 75 —-a-w C:audiodec.txt
2009-03-28 10:08 . 2009-03-17 12:15 108552 —-a-w c:winntsystem32driversavgtdix.sys
2009-03-21 21:12 . 2007-04-16 18:08 68128 —-a-w c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-17 12:15 . 2009-03-17 12:15 10520 —-a-w c:winntsystem32avgrsstx.dll
2009-03-17 12:15 . 2009-03-17 12:15 325640 —-a-w c:winntsystem32driversavgldx86.sys
2009-03-17 12:15 . 2008-05-24 17:07
d
w c:documents and settingsAll UsersApplication Dataavg8
2009-03-17 11:21 . 2009-03-17 11:13
d
w c:program filesABBYY Lingvo 12
2009-03-16 22:31 . 2009-03-16 22:18
d
w c:program filestrend micro
2009-03-16 21:56 . 2009-03-16 21:56
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-03-16 21:56 . 2009-03-16 21:56
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-16 19:18 . 2009-03-16 16:14
d
w c:documents and settingsAll UsersApplication DataLavasoft
2009-03-16 18:29 . 2009-03-16 18:29 220 —-a-w C:aaw7boot.log
2009-03-13 16:10 . 2009-03-13 16:10
d
w c:documents and settingsUserApplication DataPROject MT
2009-03-05 20:25 . 2009-03-05 18:00
d
w c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-28 11:47 . 2008-02-26 13:33
d
w c:program filesAVerTV
2009-02-19 16:07 . 2007-06-08 22:23 4212 —h—w c:winntsystem32zllictbl.dat
2009-02-17 18:05 . 2009-02-17 18:06 410984 —-a-w c:winntsystem32deploytk.dll
2009-02-17 18:05 . 2008-11-27 01:04
d
w c:program filesJava
2008-11-27 00:43 . 2008-11-27 00:43 127 —-a-w c:documents and settingsUserLocal SettingsApplication Datafusioncache.dat
2008-11-26 23:44 . 2008-12-01 22:23 6599 —-a-w c:program fileslicense.lic
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-03-20 12:28 2469888 —-a-w c:program filesWebMoney Advisorwmadvisor.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-11-30 1336584]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2007-11-30 1336584]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX7300 Series»=»c:winntSystem32spoolDRIVERSW32X863E_FATICDP.EXE» [2007-04-12 182272]
«ctfmon.exe»=»c:winntsystem32ctfmon.exe» [2004-08-17 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:winntsystem32NvCpl.dll» [2006-10-22 7700480]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-12 4428472]
«EPSON Stylus C43 Series»=»c:winntSystem32spoolDRIVERSW32X863E_S10IC2.EXE» [2002-12-10 75776]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-02-17 136600]
«AVG8_TRAY»=»c:progra~1AVGAVG8avgtray.exe» [2009-03-17 1932568]
«TrojanScanner»=»c:program filesTrojan RemoverTrjscan.exe» [2009-03-30 1213320]
«nwiz»=»nwiz.exe» — c:winntsystem32nwiz.exe [2006-10-22 1622016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:winntsystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
QuickTV.lnk — c:program filesAVerTVQuickTV.exe [2006-2-21 401408][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2009-03-17 12:15 10520 —-a-w c:winntsystem32avgrsstx.dll[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
backup=c:winntpssAdobe Reader Speed Launch.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^InterVideo WinCinema Manager.lnk]
backup=c:winntpssInterVideo WinCinema Manager.lnkCommon Startup[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\InterVideo\DVD6\WinDVD.exe»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\uTorrent [tfile.ru]\utorrent.exe»=
«c:\Documents and Settings\User\Application Data\SopCast\adv\SopAdver.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Common Files\AOL\Loader\aolload.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\AVG\AVG8\avgupd.exe»=
«c:\Program Files\AVG\AVG8\avgnsx.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«29099:TCP»= 29099:TCP:BNDR3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:winntsystem32DRIVERSAVerBDA3x.sys [2007-03-20 1176192]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:winntSystem32driverssfsync03.sys [2005-10-13 35328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:winntSystem32Driversavgldx86.sys [2009-03-17 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:winntSystem32Driversavgtdix.sys [2009-03-28 108552]
S2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [2009-03-17 298264]
S3 PhTVTune;Cap7134 TVTuner;c:winntsystem32DRIVERSPhTVTune.sys [2007-04-15 57152].
Contents of the ‘Scheduled Tasks’ folder2009-04-04 c:winntTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 10:57]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yandex.ru/?clid=27130
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search — c:program filesaolaim toolbar 5.0resourcesen-uslocalsearch.html
IE: &Перевести с помощью ABBYY Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Найти в интернете — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Найти в словарях — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesPRMT6PRMTIEoptions.htm
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesdeo74kzk.default
FF — plugin: c:program filesOperaprogrampluginsnpdivx32.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava11.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava12.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava13.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava14.dll
FF — plugin: c:program filesOperaprogrampluginsNPJava32.dll
FF — plugin: c:program filesOperaprogrampluginsNPJPI142_08.dll
FF — plugin: c:program filesOperaprogrampluginsNPOJI610.dll
FF — plugin: c:program filesViewpointViewpoint Media PlayernpViewpoint.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 17:16
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINEsystemControlSet001ServicesNewServiceInstall1]
—
[HKEY_LOCAL_MACHINEsystemControlSet001ServicesViewpoint Manager Service]
«ImagePath»=»»c:program filesViewpointCommonViewpointService.exe»»
—[HKEY_LOCAL_MACHINEsystemControlSet001ServicesWindowsTelephony]
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1220945662-1644491937-682003330-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(4012)
c:winntsystem32msi.dll
.
Other Running Processes
.
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:winntATKKBService.exe
c:program filesCommon FilesEPSONeEBAPISAgent2.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:winntsystem32nvsvc32.exe
c:program filesAVGAVG8avgrsx.exe
c:progra~1AVGAVG8avgnsx.exe
c:program filesCanonCALCALMAIN.exe
c:winntsystem32wscntfy.exe
c:winntsystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-04-18 17:25 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 13:25
ComboFix2.txt 2009-04-09 14:14Pre-Run: 30 576 861 184 байт свободно
Post-Run: 30 532 739 072 байт свободно220
Драйвера трояна судя по логу, были удалены.
Нужно немного ещё подчистить реестр.Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_LOCAL_MACHINEsystemControlSet001ServicesWindowsTelephony]
[-HKEY_LOCAL_MACHINEsystemControlSet001ServicesNewServiceInstall1]Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
- Для ответа в этой теме необходимо авторизоваться.
