- This topic has 8 ответов, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
Воспользовался вашими советами — удалил Rapid Antivirus, а комп ругается при отправке комментариев в ЖЖ, что вирусы не убиты до конца. RSIT установил и прогнал. Протоколы ниже. Пандовский сканер нашёл после 13 вирусов при 14 процентах проверенного пространнства. Что делать. А вот и протоколы RSIT
log
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrator at 2009-03-28 00:38:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 89 GB (37%) free of 238 GB
Total RAM: 2038 MB (71% free)HijackThis download failed
======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [2009-03-27 1078552][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-27 1968920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-25 251504][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2009-01-25 657904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll [2009-01-25 522224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-12-20 16860672]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2008-01-16 142104]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2008-01-16 162584]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2008-01-16 138008]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-26 31016]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«LanzarL2007″=C:DOCUME~1ADMINI~1LOCALS~1Temp{3DAF61E8-FC3E-4215-8504-CC732E757AC1}{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}….L2007tmpSetup.exe /SETUP:/l0x0019 []
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-03-14 71216]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-03-14 54832]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2007-10-10 36352]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2007-12-11 286720]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2006-12-13 258048]
«AVG8_TRAY»=C:PROGRA~1AVGAVG8avgtray.exe [2009-03-27 1932568]
«UserFaultCheck»=C:WINDOWSsystem32dumprep 0 -u [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-10-23 202024]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-10-08 68856]
«Administrator»=C:Documents and SettingsAdministratorAdministrator.exe /i []
«Tutor.exe»=C:Program FilesABBYY Lingvo 12Tutor.exe [2006-12-13 987136]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
MSI Wireless Utility.lnk — C:Program FilesMSICommonRaUI.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32mmmlerye.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavgrsstarter]
C:WINDOWSsystem32avgrsstx.dll [2009-03-27 10520][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2008-01-16 204800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCyberLinkPowerDVDPowerDVD.exe»=»C:Program FilesCyberLinkPowerDVDPowerDVD.exe:*:Enabled:CyberLink PowerDVD»
«C:Program FilesNeroNero8Nero HomeNeroHome.exe»=»C:Program FilesNeroNero8Nero HomeNeroHome.exe:*:Enabled:Nero Home»
«C:Program FilesAVGAVG8avgupd.exe»=»C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe»
«C:Program FilesAVGAVG8avgnsx.exe»=»C:Program FilesAVGAVG8avgnsx.exe:*:Enabled:avgnsx.exe»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»
«C:WINDOWSRTHDCPL.EXE»=»C:WINDOWSRTHDCPL.EXE:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E]
shellAutoRuncommand — E:WDSetup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e489614-d73d-11dd-9e5a-000d05046a49}]
shellAutoRuncommand — E:WDSetup.exe======List of files/folders created in the last 1 months======
2009-03-28 00:38:44 —-D—- C:rsit
2009-03-28 00:38:44 —-D—- C:Program Filestrend micro
2009-03-28 00:38:24 —-A—- C:Program FilesRSIT.exe
2009-03-27 17:55:16 —-A—- C:WINDOWSsystem32redirect_key.txt
2009-03-27 15:54:09 —-D—- C:Documents and SettingsAdministratorApplication DataMalwarebytes
2009-03-27 15:54:01 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-27 15:54:00 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-27 15:50:30 —-A—- C:Program Filesmbam-setup.exe
2009-03-27 15:41:56 —-D—- C:Documents and SettingsAdministratorApplication DataanvB8
2009-03-27 15:38:02 —-D—- C:Documents and SettingsAdministratorApplication DataanvA5
2009-03-27 15:20:52 —-D—- C:Documents and SettingsAdministratorApplication Dataanv36
2009-03-27 15:16:57 —-D—- C:Documents and SettingsAdministratorApplication Dataanv5
2009-03-27 15:12:53 —-D—- C:Documents and SettingsAdministratorApplication Dataanv84
2009-03-27 15:00:42 —-D—- C:Documents and SettingsAdministratorApplication Dataanv1A
2009-03-27 14:57:51 —-D—- C:Documents and SettingsAdministratorApplication Dataanv71
2009-03-27 14:55:17 —-A—- C:WINDOWSsystem32wincreate.exe
2009-03-27 14:52:48 —-D—- C:Documents and SettingsAdministratorApplication DataanvBA
2009-03-27 14:46:13 —-D—- C:Documents and SettingsAdministratorApplication Dataanv6
2009-03-27 14:26:03 —-D—- C:Documents and SettingsAdministratorApplication Dataanv34
2009-03-27 14:08:11 —-A—- C:Program Fileslaunch.exe
2009-03-27 13:47:00 —-D—- C:Documents and SettingsAdministratorApplication Dataanv19
2009-03-27 11:05:40 —-A—- C:WINDOWSsystem32search_fid.txt
2009-03-27 11:05:39 —-A—- C:WINDOWSsystem32mess_add.txt
2009-03-27 10:53:04 —-A—- C:WINDOWSsystem32mmmlerye.dll
2009-03-27 10:13:35 —-HD—- C:$AVG8.VAULT$
2009-03-27 10:11:00 —-A—- C:WINDOWSsystem32avgrsstx.dll
2009-03-27 10:10:53 —-D—- C:Documents and SettingsAdministratorApplication DataAVGTOOLBAR
2009-03-27 10:10:47 —-D—- C:Program FilesAVG
2009-03-27 10:10:46 —-D—- C:Documents and SettingsAll UsersApplication Dataavg8
2009-03-27 09:56:47 —-A—- C:Program Filesavg_free_stf_en_85_283a1450.exe
2009-03-27 09:45:13 —-D—- C:Documents and SettingsAdministratorApplication DataanvD3
2009-03-27 09:33:26 —-D—- C:Documents and SettingsAdministratorApplication Dataanv57
2009-03-27 09:31:39 —-D—- C:Documents and SettingsAdministratorApplication DataanvF4
2009-03-27 09:13:17 —-D—- C:Documents and SettingsAdministratorApplication Dataanv81
2009-03-27 09:09:20 —-D—- C:Documents and SettingsAdministratorApplication Dataanv7A
2009-03-27 09:05:40 —-D—- C:Documents and SettingsAdministratorApplication Dataanv2C
2009-03-27 08:56:02 —-D—- C:Documents and SettingsAdministratorApplication DataanvF0
2009-03-27 08:48:25 —-D—- C:Documents and SettingsAdministratorApplication DataanvC3
2009-03-27 08:42:52 —-D—- C:QUARANTINE
2009-03-27 08:41:43 —-A—- C:WINDOWSIE4 Error Log.txt======List of files/folders modified in the last 1 months======
2009-03-28 00:38:44 —-RD—- C:Program Files
2009-03-28 00:20:40 —-D—- C:WINDOWSPrefetch
2009-03-27 22:26:01 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-27 22:25:03 —-D—- C:WINDOWSTemp
2009-03-27 22:25:02 —-A—- C:RTHDCPL_Dump.txt
2009-03-27 22:20:23 —-D—- C:WINDOWSsystem32drivers
2009-03-27 21:11:16 —-D—- C:Program FilesSemagic
2009-03-27 19:52:32 —-A—- C:WINDOWSNeroDigital.ini
2009-03-27 17:55:16 —-D—- C:WINDOWSsystem32
2009-03-27 14:57:44 —-D—- C:WINDOWSHelp
2009-03-27 10:10:42 —-SHD—- C:WINDOWSInstaller
2009-03-27 10:10:42 —-SHD—- C:Config.Msi
2009-03-27 10:10:41 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-27 10:10:15 —-SD—- C:Documents and SettingsAdministratorApplication DataMicrosoft
2009-03-27 10:10:15 —-D—- C:WINDOWS
2009-03-27 09:20:59 —-D—- C:Program FilesCommon Files
2009-03-27 09:20:57 —-D—- C:Program FilesMcAfee
2009-03-11 17:17:48 —-D—- C:WINDOWSsystem32wbem
2009-03-11 17:17:48 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-06 15:15:49 —-D—- C:WINDOWSsystem32CatRoot2======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:WINDOWSSystem32Driversavgldx86.sys [2009-03-27 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:WINDOWSSystem32Driversavgmfx86.sys [2009-03-27 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:WINDOWSSystem32Driversavgtdix.sys [2009-03-27 108552]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-04 14848]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD�00.fcl []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-08-13 20747]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2008-01-16 5761760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-12-20 4637696]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-04 12160]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-10-27 47360]
R3 RT61;Ralink RT61 Wireless Driver; C:WINDOWSsystem32DRIVERSRT61.sys [2006-01-19 363008]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-16 90880]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 mferkdk;VSCore mferkdk; ??C:Program FilesMcAfeeVirusScan Enterprisemferkdk.sys []
S2 ati64si;ati64si; ??C:WINDOWSsystem32driversati64si.sys []
S2 fips32cup;fips32cup; ??C:WINDOWSsystem32driversfips32cup.sys []
S2 ksi32sk;ksi32sk; ??C:WINDOWSsystem32driversksi32sk.sys []
S2 netsik;netsik; ??C:WINDOWSsystem32driversnetsik.sys []
S2 nicsk32;nicsk32; ??C:WINDOWSsystem32driversnicsk32.sys []
S2 port135sik;port135sik; ??C:WINDOWSsystem32driversport135sik.sys []
S2 securentm;securentm; ??C:WINDOWSsystem32driverssecurentm.sys []
S2 tvncaikilwiw;tvncaikilwiw; ??C:WINDOWSsystem32driverseoebrue.sys []
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:WINDOWSsystem32DRIVERSse45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSse45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSse45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSse45mgmt.sys [2006-11-30 88624]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSse45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:WINDOWSsystem32DRIVERSse45unic.sys [2006-11-30 90800]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2009-03-27 298264]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-05-14 272024]
R3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-08-14 72704]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-10-23 382248]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-01-25 137200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
EOF
и info
info.txt logfile of random’s system information tool 1.06 2009-03-28 00:38:45======Uninstall list======
—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY Lingvo 12 Multilingual Edition—>MsiExec.exe /I{A1200000-0004-0000-0000-074957833700}
Acrobat.com—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com—>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS—>RunDll32 «C:Program FilesCommon FilesInstallShieldProfessionalRunTime�701Intel32ctor.dll»,LaunchSetup «C:Program FilesInstallShield Installation Information{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}setup.exe»
Adobe Photoshop CS2—>C:PROGRA~1AdobeADOBEP~1UNWISE.EXE C:PROGRA~1AdobeADOBEP~1INSTALL.LOG
Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3—>c:Program FilesCommon FilesAdobeInstallers�d5fe1f44895aadff2baacf24fe1402Setup.exe
Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup—>MsiExec.exe /I{30981FCD-4150-4AB4-BAC5-75C9E914347D}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0—>C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -fC:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallInstall.log
Apple Software Update—>MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 8.5—>C:Program FilesAVGAVG8setup.exe /UNINSTALL
CloneDVD 4.1.0.23—>»C:Program FilesCloneDVDunins000.exe»
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_0531C63A913CC9D1.exe» /uninstall
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office Access MUI (English) 2007—>MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007—>MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007—>MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007—>MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007—>MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007—>MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007—>MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007—>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007—>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007—>MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007—>MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007—>MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007—>MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSI Wireless LAN Card—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FCD71234-2287-41D2-96AD-3D3C66D60FBC}setup.exe» -l0x9 -removeonly
Nero 8—>MsiExec.exe /X{76308844-456A-4D76-99CA-511F0DED1033}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDVD Ultra—>»C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe» -l0x000409 /z-uninstall
QuickTime—>MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x9 -removeonly
Rhapsody Player Engine—>MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Semagic (remove only)—>»C:Program FilesSemagicuninstall.exe»
Toon Boom Studio 4.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{62616A4E-82E4-424A-A201-3D29ABB6B7FD}setup.exe» -l0x9 UNINSTALL -removeonly
Ulead GIF Animator 5 ESD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8AF3E926-ED59-11D4-A44B-0000E86D2305}Setup.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
Xvid 1.1.3 final uninstall—>»C:Program FilesXvidunins000.exe»======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: USER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 14237
Source Name: Tcpip
Time Written: 20090223233628.000000+120
Event Type: warning
User:Computer Name: USER
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.Record Number: 14233
Source Name: W32Time
Time Written: 20090223210328.000000+120
Event Type: warning
User:Computer Name: USER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 14163
Source Name: Tcpip
Time Written: 20090222092052.000000+120
Event Type: warning
User:Computer Name: USER
Event Code: 59
Message: Generate Activation Context failed for C:Program FilesCommon FilesNeroAudioPluginsMSAxp.dll.
Reference error message: The operation completed successfully.
.Record Number: 14124
Source Name: SideBySide
Time Written: 20090221233038.000000+120
Event Type: error
User:Computer Name: USER
Event Code: 58
Message: Syntax error in manifest or policy file «C:Program FilesCommon FilesNeroAudioPluginsMSAxp.dll» on line 10.Record Number: 14123
Source Name: SideBySide
Time Written: 20090221233038.000000+120
Event Type: error
User:=====Application event log=====
Computer Name: USER
Event Code: 1517
Message: Windows saved user USERAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 23144
Source Name: Userenv
Time Written: 20090325091320.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: USER
Event Code: 1517
Message: Windows saved user USERAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 23072
Source Name: Userenv
Time Written: 20090325000550.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: USER
Event Code: 1517
Message: Windows saved user USERAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 22933
Source Name: Userenv
Time Written: 20090324074521.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: USER
Event Code: 1517
Message: Windows saved user USERAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 22844
Source Name: Userenv
Time Written: 20090323225541.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: USER
Event Code: 1517
Message: Windows saved user USERAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 22757
Source Name: Userenv
Time Written: 20090321085055.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesQuickTimeQTSystemQTJava.zip
«QTJAVA»=C:Program FilesQuickTimeQTSystemQTJava.zip
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
ati64si
fips32cup
ksi32sk
netsik
nicsk32
port135sik
securentm
tvncaikilwiw
:reg
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"Administrator"=-
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
:files
C:WINDOWSsystem32mmmlerye.dll
C:WINDOWSsystem32digeste.dll
C:WINDOWSsystem32search_fid.txt
C:WINDOWSsystem32mess_add.txt
C:WINDOWSsystem32mmmlerye.dll
C:WINDOWSsystem32driverseoebrue.sys
C:WINDOWSsystem32driverssecurentm.sys
C:WINDOWSsystem32driversport135sik.sys
C:WINDOWSsystem32driversnicsk32.sys
C:WINDOWSsystem32driversnetsik.sys
C:WINDOWSsystem32driversksi32sk.sys
C:WINDOWSsystem32driversfips32cup.sys
C:WINDOWSsystem32driversati64si.sys
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
Ок! В Выходные не прочитал ваше сообщение, не было времени. Спасибо огромное за помощь! Отчёт приложу, как только всё сделаю! Рапид, больше в Программных файлах не появляется, но трояны лезут пачками.
Всё запустилось !
Протокол получился следующий
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========ServiceDriver ati64si deleted successfully.
ServiceDriver fips32cup deleted successfully.
ServiceDriver ksi32sk deleted successfully.
ServiceDriver netsik deleted successfully.
ServiceDriver nicsk32 deleted successfully.
ServiceDriver port135sik deleted successfully.
ServiceDriver securentm deleted successfully.
ServiceDriver tvncaikilwiw deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Administrator deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\»AppInit_DLLS»|»» /E : value set successfully!
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
========== FILES ==========
File/Folder C:WINDOWSsystem32mmmlerye.dll not found.
File/Folder C:WINDOWSsystem32digeste.dll not found.
C:WINDOWSsystem32search_fid.txt moved successfully.
C:WINDOWSsystem32mess_add.txt moved successfully.
File/Folder C:WINDOWSsystem32mmmlerye.dll not found.
File/Folder C:WINDOWSsystem32driverseoebrue.sys not found.
File/Folder C:WINDOWSsystem32driverssecurentm.sys not found.
File/Folder C:WINDOWSsystem32driversport135sik.sys not found.
File/Folder C:WINDOWSsystem32driversnicsk32.sys not found.
File/Folder C:WINDOWSsystem32driversnetsik.sys not found.
File/Folder C:WINDOWSsystem32driversksi32sk.sys not found.
File/Folder C:WINDOWSsystem32driversfips32cup.sys not found.
File/Folder C:WINDOWSsystem32driversati64si.sys not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.9.0 log created on 03302009_155453
Files moved on Reboot…
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.Поскольку я совсем далёк от всего этого, каков будет вердикт специалиста? Для полной картины
прилагаю информацию от RSIT:
(log.txt)Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrator at 2009-03-30 16:15:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 90 GB (38%) free of 238 GB
Total RAM: 2038 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:58, on 30.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSnotepad.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesWinampwinampa.exe
C:Program FilesABBYY Lingvo 12Lvagent.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesABBYY Lingvo 12Tutor.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesMSICommonRaUI.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesRSIT.exe
C:Program Filestrend microAdministrator.exeR1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = 7961882642
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 7961882642
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} — C:Program FilesAVGAVG8avgssie.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [LanzarL2007] «C:DOCUME~1ADMINI~1LOCALS~1Temp{3DAF61E8-FC3E-4215-8504-CC732E757AC1}{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}….L2007tmpSetup.exe» /SETUP:»/l0x0019″
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [Tutor.exe] C:Program FilesABBYY Lingvo 12Tutor.exe /AS
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: MSI Wireless Utility.lnk = C:Program FilesMSICommonRaUI.exe
O8 — Extra context menu item: Copy to Semagic — C:Program FilesSemagiccopy.htm
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Semagic — C:Program FilesSemagiclink.htm
O9 — Extra button: Send to OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: S&end to OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) — http://foto.mail.ru/ImageUploader4.cab
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 — Protocol: linkscanner — {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} — C:Program FilesAVGAVG8avgpp.dll
O20 — Winlogon Notify: avgrsstarter — C:WINDOWSSYSTEM32avgrsstx.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: AVG Free8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe—
End of file — 6774 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [2009-03-27 1078552][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-03-27 1968920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-25 251504][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2009-01-25 657904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll [2009-01-25 522224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-12-20 16860672]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2008-01-16 142104]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2008-01-16 162584]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2008-01-16 138008]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«LanzarL2007″=C:DOCUME~1ADMINI~1LOCALS~1Temp{3DAF61E8-FC3E-4215-8504-CC732E757AC1}{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}….L2007tmpSetup.exe /SETUP:/l0x0019 []
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-03-14 71216]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-03-14 54832]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2007-10-10 36352]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2007-12-11 286720]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2006-12-14 258048]
«AVG8_TRAY»=C:PROGRA~1AVGAVG8avgtray.exe [2009-03-27 1932568][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-10-23 202024]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-10-08 68856]
«Tutor.exe»=C:Program FilesABBYY Lingvo 12Tutor.exe [2006-12-14 987136]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
MSI Wireless Utility.lnk — C:Program FilesMSICommonRaUI.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavgrsstarter]
C:WINDOWSsystem32avgrsstx.dll [2009-03-27 10520][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2008-01-16 204800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCyberLinkPowerDVDPowerDVD.exe»=»C:Program FilesCyberLinkPowerDVDPowerDVD.exe:*:Enabled:CyberLink PowerDVD»
«C:Program FilesNeroNero8Nero HomeNeroHome.exe»=»C:Program FilesNeroNero8Nero HomeNeroHome.exe:*:Enabled:Nero Home»
«C:Program FilesAVGAVG8avgupd.exe»=»C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe»
«C:Program FilesAVGAVG8avgnsx.exe»=»C:Program FilesAVGAVG8avgnsx.exe:*:Enabled:avgnsx.exe»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»
«C:WINDOWSRTHDCPL.EXE»=»C:WINDOWSRTHDCPL.EXE:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E]
shellAutoRuncommand — E:WDSetup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e489614-d73d-11dd-9e5a-000d05046a49}]
shellAutoRuncommand — E:WDSetup.exe======List of files/folders created in the last 1 months======
2009-03-30 15:54:53 —-D—- C:_OTMoveIt
2009-03-30 15:51:47 —-A—- C:Program FilesOTMoveIt3.exe
2009-03-30 08:07:19 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-03-30 08:07:14 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-03-30 08:07:10 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-03-30 08:07:05 —-HDC—- C:WINDOWS$NtUninstallKB935448$
2009-03-30 08:07:00 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-03-30 08:06:46 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-03-30 08:06:35 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-03-30 08:06:30 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2009-03-30 08:06:23 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-30 08:06:12 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-03-30 08:06:04 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-03-30 08:05:57 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-03-30 08:05:50 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-30 08:05:42 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-03-30 08:05:36 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-03-30 08:05:32 —-D—- C:Program FilesMSXML 4.0
2009-03-30 08:05:07 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2009-03-29 14:23:35 —-D—- C:WINDOWSsystem32CatRoot_bak
2009-03-29 14:18:23 —-N—- C:WINDOWSsystem32xpsp3res.dll
2009-03-29 09:48:23 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-03-29 09:48:17 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-03-29 09:48:14 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-03-29 09:48:11 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-03-29 09:48:01 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-03-29 09:47:57 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-03-29 09:47:54 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-03-29 09:47:51 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-03-29 09:47:48 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-03-29 09:47:43 —-HDC—- C:WINDOWS$NtUninstallKB929399$
2009-03-29 09:47:26 —-HDC—- C:WINDOWS$NtUninstallKB950760$
2009-03-29 09:47:22 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-03-29 09:47:19 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-03-29 09:47:15 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-03-29 09:47:06 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-03-29 09:01:55 —-D—- C:WINDOWSsystem32PreInstall
2009-03-29 09:01:53 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-03-29 09:01:53 —-HD—- C:WINDOWS$hf_mig$
2009-03-28 10:21:20 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-03-28 02:09:09 —-D—- C:Program FilesPanda Security
2009-03-28 01:38:44 —-D—- C:rsit
2009-03-28 01:38:44 —-D—- C:Program Filestrend micro
2009-03-28 01:38:24 —-A—- C:Program FilesRSIT.exe
2009-03-27 18:55:16 —-A—- C:WINDOWSsystem32redirect_key.txt
2009-03-27 16:54:09 —-D—- C:Documents and SettingsAdministratorApplication DataMalwarebytes
2009-03-27 16:54:01 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-27 16:54:00 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-27 16:50:30 —-A—- C:Program Filesmbam-setup.exe
2009-03-27 16:41:56 —-D—- C:Documents and SettingsAdministratorApplication DataanvB8
2009-03-27 16:38:02 —-D—- C:Documents and SettingsAdministratorApplication DataanvA5
2009-03-27 16:20:52 —-D—- C:Documents and SettingsAdministratorApplication Dataanv36
2009-03-27 16:16:57 —-D—- C:Documents and SettingsAdministratorApplication Dataanv5
2009-03-27 16:12:53 —-D—- C:Documents and SettingsAdministratorApplication Dataanv84
2009-03-27 16:00:42 —-D—- C:Documents and SettingsAdministratorApplication Dataanv1A
2009-03-27 15:57:51 —-D—- C:Documents and SettingsAdministratorApplication Dataanv71
2009-03-27 15:55:17 —-A—- C:WINDOWSsystem32wincreate.exe
2009-03-27 15:52:48 —-D—- C:Documents and SettingsAdministratorApplication DataanvBA
2009-03-27 15:46:13 —-D—- C:Documents and SettingsAdministratorApplication Dataanv6
2009-03-27 15:26:03 —-D—- C:Documents and SettingsAdministratorApplication Dataanv34
2009-03-27 15:08:11 —-A—- C:Program Fileslaunch.exe
2009-03-27 14:47:00 —-D—- C:Documents and SettingsAdministratorApplication Dataanv19
2009-03-27 11:13:35 —-HD—- C:$AVG8.VAULT$
2009-03-27 11:11:00 —-A—- C:WINDOWSsystem32avgrsstx.dll
2009-03-27 11:10:53 —-D—- C:Documents and SettingsAdministratorApplication DataAVGTOOLBAR
2009-03-27 11:10:47 —-D—- C:Program FilesAVG
2009-03-27 11:10:46 —-D—- C:Documents and SettingsAll UsersApplication Dataavg8
2009-03-27 10:56:47 —-A—- C:Program Filesavg_free_stf_en_85_283a1450.exe
2009-03-27 10:45:13 —-D—- C:Documents and SettingsAdministratorApplication DataanvD3
2009-03-27 10:33:26 —-D—- C:Documents and SettingsAdministratorApplication Dataanv57
2009-03-27 10:31:39 —-D—- C:Documents and SettingsAdministratorApplication DataanvF4
2009-03-27 10:13:17 —-D—- C:Documents and SettingsAdministratorApplication Dataanv81
2009-03-27 10:09:20 —-D—- C:Documents and SettingsAdministratorApplication Dataanv7A
2009-03-27 10:05:40 —-D—- C:Documents and SettingsAdministratorApplication Dataanv2C
2009-03-27 09:56:02 —-D—- C:Documents and SettingsAdministratorApplication DataanvF0
2009-03-27 09:48:25 —-D—- C:Documents and SettingsAdministratorApplication DataanvC3
2009-03-27 09:42:52 —-D—- C:QUARANTINE
2009-03-27 09:41:43 —-A—- C:WINDOWSIE4 Error Log.txt======List of files/folders modified in the last 1 months======
2009-03-30 16:15:43 —-D—- C:WINDOWSPrefetch
2009-03-30 16:06:25 —-D—- C:WINDOWSTemp
2009-03-30 16:06:23 —-A—- C:RTHDCPL_Dump.txt
2009-03-30 16:04:13 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-30 15:54:53 —-D—- C:WINDOWSsystem32
2009-03-30 15:51:54 —-RD—- C:Program Files
2009-03-30 08:23:47 —-D—- C:WINDOWS
2009-03-30 08:23:37 —-SHD—- C:Config.Msi
2009-03-30 08:23:37 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-30 08:07:21 —-HD—- C:WINDOWSinf
2009-03-30 08:07:20 —-D—- C:WINDOWSsystem32drivers
2009-03-30 08:07:17 —-A—- C:WINDOWSimsins.BAK
2009-03-30 08:06:52 —-D—- C:Program FilesInternet Explorer
2009-03-30 08:06:50 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-30 08:05:34 —-SHD—- C:WINDOWSInstaller
2009-03-30 08:05:33 —-D—- C:WINDOWSWinSxS
2009-03-29 21:37:32 —-A—- C:WINDOWSNeroDigital.ini
2009-03-29 17:09:53 —-D—- C:WINDOWSsystem32CatRoot
2009-03-29 14:23:35 —-D—- C:WINDOWSDebug
2009-03-29 09:48:24 —-D—- C:Program FilesMessenger
2009-03-29 09:01:36 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-29 00:12:35 —-D—- C:Program FilesXvid
2009-03-28 10:21:29 —-D—- C:WINDOWSSoftwareDistribution
2009-03-28 10:21:29 —-D—- C:WINDOWSHelp
2009-03-28 02:07:54 —-SD—- C:WINDOWSDownloaded Program Files
2009-03-27 22:11:16 —-D—- C:Program FilesSemagic
2009-03-27 11:10:41 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-27 11:10:15 —-SD—- C:Documents and SettingsAdministratorApplication DataMicrosoft
2009-03-27 10:20:59 —-D—- C:Program FilesCommon Files
2009-03-27 10:20:57 —-D—- C:Program FilesMcAfee
2009-03-11 18:17:48 —-D—- C:WINDOWSsystem32wbem======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:WINDOWSSystem32Driversavgldx86.sys [2009-03-27 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:WINDOWSSystem32Driversavgmfx86.sys [2009-03-27 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:WINDOWSSystem32Driversavgtdix.sys [2009-03-27 108552]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-04 14848]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-08-13 20747]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2008-01-16 5761760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-12-20 4637696]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-04 12160]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-10-27 47360]
R3 RT61;Ralink RT61 Wireless Driver; C:WINDOWSsystem32DRIVERSRT61.sys [2006-01-19 363008]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-16 90880]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 mferkdk;VSCore mferkdk; ??C:Program FilesMcAfeeVirusScan Enterprisemferkdk.sys []
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:WINDOWSsystem32DRIVERSse45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSse45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSse45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSse45mgmt.sys [2006-11-30 88624]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSse45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:WINDOWSsystem32DRIVERSse45unic.sys [2006-11-30 90800]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2009-03-27 298264]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-05-14 272024]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-10-23 382248]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-08-14 72704]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-01-25 137200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
EOF
А Info забыл — откуда берём?А Info забыл — откуда берём?
Этот лог показывается только при первом запуске RSIT.
Проверил лог, выглядит нормально.
Как работает компьютер ?Комп работает! Я просто счастлив! Правда AVG, время от времени, отлавливает пачку троянов, но типа успешно их «хилит». Не Потёмкинские ли это деревни? Вроде, как работаю, лечу больного!
Но я рад, что снова могу заниматься любимым делом. Вот оно:
Рисунок сделал уже после излечения
А этот ДО
Правда AVG, время от времени, отлавливает пачку троянов, но типа успешно их «хилит»
Если найдёт снова, то запишите имена файлов и название заражения, после чего скиньте в этот топик.
Кроме этого проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.offtopic 🙂
И рисунки, конечно Вещь 🙂 Нарисовано на компьютере с использованием планшета ?ОК! Как проверю, отчёт пришлю! Полчаса назад немного испугался. Кликаешь правой кнопкой — квадратик для выполнения команд пустой — ни удалить, ни копировать тебе файлы, начинаешь по пустому полю гонять курсор — все команды построчно появляются. Перезагрузил комп — вроде всё нормально пошло, но на всякий случай сделал обновление для malwarebytes и прогоняю сейчас под ним комп, потом касперского в онлайне подключу.
А рисунки — нет не на планшете делаю! Ручная работа. Пёрышко-сканер -ФШ! Иногда и красками по старинке. Сын подарил планшет, но чо-то как-то не пошло дело! Летом вернусь в Москву, пусть он меня поднатаскает, а пока я дедовскими методами попользуюсь.
Если что — вот здесь больше пятисот моих рисунков ( вдруг появится желание и время): http://hiero.ru/Ivar_nat
- Для ответа в этой теме необходимо авторизоваться.
