- This topic has 1 ответ, 2 участника, and was last updated 15 years, 4 months назад by
.
-
Сообщения
-
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Здравствуйте!
Скажите, пожалуйста, как удалить вирус!
Заранее благодарю!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:03, on 10.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:AcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Windowssystem32igfxsrvc.exe
C:UsersuserAppDataLocalTempRtkBtMnt.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WindowsWindowsMobilewmdSync.exe
C:Program FilesMail.RuGuardGuardMailRu.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesTotal CommanderTotalcmd.exe
C:Program FilesApoint2KApntex.exe
C:AcerEmpowering TechnologyEPOWEREPOWER_DMC.EXE
C:AcerEmpowering TechnologyACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:AcerEmpowering TechnologyeRecoveryERAGENT.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
c:program filesmail.rusputnikSputnikHelper.exe
c:program filesmail.rusputnikSputnikFlashPlayer.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program Filestrend microHijackThisHijackThis.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.mail.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ru.intl.acer.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer предоставлен: Mail.Ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O1 — Hosts: ::1 localhost
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll
O3 — Toolbar: (no name) — {0BF43445-2F28-4351-9252-17FE6E806AA0} — (no file)
O3 — Toolbar: Acer eDataSecurity Management — {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} — C:AcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ALaunch] C:AcerALaunchAlaunchClient.exe
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 — HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 — HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 — HKLM..Run: [SetPanel] C:AcerAPanelAPanel.cmd
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Windows Mobile-based device management] %windir%WindowsMobilewmdSync.exe
O4 — HKLM..Run: [Guard.Mail.ru.gui] «C:Program FilesMail.RuGuardGuardMailRu.exe» /gui
O4 — HKLM..Run: [Skytel] Skytel.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O4 — Global Startup: Empowering Technology Launcher.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O13 — Gopher Prefix:
O17 — HKLMSystemCCSServicesTcpip..{AAEBC541-A64D-4484-8874-CFD5B6073AFA}: NameServer = 91.144.150.3 91.144.148.3
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:Windowssystem32agrsmsvc.exe
O23 — Service: ALaunch Service (ALaunchService) — Unknown owner — C:AcerALaunchALaunchSvc.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: eDataSecurity Service — Egis Incorporated — C:AcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: eLock Service (eLockService) — Acer Inc. — C:AcerEmpowering TechnologyeLockServiceeLockServ.exe
O23 — Service: eNet Service — Acer Inc. — C:AcerEmpowering TechnologyeNeteNet Service.exe
O23 — Service: eRecovery Service (eRecoveryService) — Acer Inc. — C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
O23 — Service: eSettings Service (eSettingsService) — Unknown owner — C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe
O23 — Service: Guard.Mail.ru — Unknown owner — C:Program FilesMail.RuGuardGuardMailRu.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: MobilityService — Unknown owner — C:AcerMobility CenterMobilityService.exe
O23 — Service: ePower Service (WMIService) — acer — C:AcerEmpowering TechnologyePowerePowerSvc.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 7563 bytes
❓Здравствуйте.
Необходима дополнительная проверка.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.
- Для ответа в этой теме необходимо авторизоваться.
