Созданные ответы форума
-
Сообщения
-
Добрый вечер.
После лечения прилагаю лог Авенгер и свежий лог RSIT.
Посмотрите, пожалуйста, все лив порядке, т.к. обновления не работают (оповещения системы безопасности) и при загрузке пишет, что Медиа плейер не инсталлирован. Ещё компьютер «не видит» флешку.Добрый день.
Компьютер работает, спасибо. Но не работает Медиа Плейер (Код ошибки = 0xC00D11BA), вообще нет звука. Также постоянно идёт оповещение системы безопасности, что ПК под угрозой, но обновления не загружаются, Windows Update пишет -Код ошибки: 0x8024D007.Я проверила компьютер программой RSIT, после лечения появился только один лог, посмотрите, пожалуйста, всё ли в порядке.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Алина at 2009-05-14 21:46:29
Microsoft Windows XP Professional Service Pack 2
System drive E: has 16 GB (50%) free of 31 GB
Total RAM: 255 MB (29% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:34, on 14.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32csrss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSExplorer.EXE
E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:Program FilesCommon FilesARS CompanyAgentAgent.exe
E:Program FilesMessengermsmsgs.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
E:WINDOWSsystem32spoolsv.exe
E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
E:Program FilesCanonIJPLMIJPLMSVC.EXE
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:WINDOWSsystem32dllhost.exe
E:WINDOWSSystem32alg.exe
E:WINDOWSsystem32msdtc.exe
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Documents and SettingsАлинаРабочий столRSIT.exe
E:WINDOWSsystem32wbemwmiprvse.exe
E:Program Filestrend microАлина.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: (no name) — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — (no file)
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O4 — HKLM..Run: [Uninstall0001] «E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe» LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 — HKLM..Run: [Easy-PrintToolBox] E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SpywareTerminator] «E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKLM..Run: [NeroFilterCheck] E:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKLM..Run: [ISTray] «E:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [AMP Agent] E:Program FilesCommon FilesARS CompanyAgentAgent.exe
O4 — HKCU..Run: [PcSync] E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP.Online] E:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [QIP2005] E:Program FilesQIPqip.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 — Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 — Global Startup: BlueSoleil.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — E:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — E:Program FilesFlashGetjc_link.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O11 — Options group: [searching] Поиск из панели адресов
O12 — Plugin for .spop: E:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) — http://update.microsoft.com/windowsupda … 0034035468
O17 — HKLMSystemCCSServicesTcpip..{70F5FC79-68B1-44DE-AF25-BF5254464F8E}: NameServer = 213.130.21.11,213.130.10.10
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — E:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — E:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (imapiservice) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (wmiapsrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7432 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Uninstall0001″=E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe [2007-08-03 57344]
«Easy-PrintToolBox»=E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2006-10-17 398944]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe -lang 1033 []
«SpywareTerminator»=E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe []
«NeroFilterCheck»=E:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe []
«ISTray»=E:Program FilesSpyware DoctorpctsTray.exe [2008-12-08 1173384]
«KernelFaultCheck»=E:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AMP Agent»=E:Program FilesCommon FilesARS CompanyAgentAgent.exe [2002-02-28 37888]
«PcSync»=E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog []
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=E:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«QIP.Online»=E:Program FilesQIP.Onlineqiponline.exe auto_start []
«QIP2005″=E:Program FilesQIPqip.exe []
«ICQ»=E:Program FilesICQ6ICQ.exe silent []
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe []E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
Microsoft Office.lnk — E:Program FilesMicrosoft OfficeOffice10OSA.EXE
BlueSoleil.lnk — E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exeE:Documents and SettingsАлинаГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
E:WINDOWSsystem32Ati2evxx.dll [2004-08-01 46080][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«LegalNoticeCaption»=
«LegalNoticeText»=
«ShutdownWithoutLogon»=0
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=67108863
«NoDriveTypeAutoRun»=323
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«E:WINDOWSSystem32muzapp.exe»=»E:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-05-14 21:22:59 —-D—- E:WINDOWSPrefetch
2009-05-14 20:25:18 —-RAH—- E:WINDOWSsystem32logonui.exe.manifest
2009-05-14 20:15:55 —-A—- E:WINDOWSpnplog.txt
2009-05-14 20:06:51 —-A—- E:WINDOWSsystem32spxcoins.dll
2009-05-14 20:06:51 —-A—- E:WINDOWSsystem32irclass.dll
2009-05-14 20:06:38 —-RA—- E:WINDOWSSET64.tmp
2009-05-14 20:06:35 —-RA—- E:WINDOWSSET58.tmp
2009-05-14 20:06:33 —-RA—- E:WINDOWSSET55.tmp
2009-05-13 20:26:46 —-SHD—- E:FOUND.040
2009-05-13 13:05:17 —-SHD—- E:WINDOWSCSC
2009-05-12 21:17:40 —-A—- E:WINDOWSntbtlog.txt
2009-05-10 14:00:30 —-SHD—- E:FOUND.039
2009-05-07 20:06:16 —-SHD—- E:FOUND.038
2009-05-05 20:55:52 —-A—- E:WINDOWSsystem32CF3654.exe
2009-05-03 17:29:31 —-D—- E:Documents and SettingsAll UsersApplication DataTEMP
2009-05-03 17:28:56 —-D—- E:Program FilesCommon FilesPC Tools
2009-05-03 17:28:42 —-D—- E:Program FilesSpyware Doctor
2009-05-03 17:28:42 —-D—- E:Documents and SettingsАлинаApplication DataPC Tools
2009-05-03 17:28:42 —-D—- E:Documents and SettingsAll UsersApplication DataPC Tools
2009-04-29 20:35:30 —-SHD—- E:FOUND.037
2009-04-24 18:32:36 —-SHD—- E:FOUND.036
2009-04-22 20:05:12 —-SHD—- E:FOUND.035
2009-04-22 13:28:34 —-D—- E:WINDOWSMinidump
2009-04-21 14:48:07 —-A—- E:WINDOWSsystem32stu2.exe
2009-04-19 12:13:37 —-D—- E:Documents and SettingsAll UsersApplication DataВеселаяФерма2
2009-04-19 12:13:18 —-D—- E:Documents and SettingsAll UsersApplication DataEgoset
2009-04-18 09:55:18 —-D—- E:WINDOWSsystem32SoftwareDistribution
2009-04-17 19:58:02 —-A—- E:WINDOWSsystem32CF25570.exe
2009-04-17 19:44:40 —-A—- E:WINDOWSsystem32CF22951.exe
2009-04-17 19:38:29 —-D—- E:WINDOWSERDNT
2009-04-17 19:38:27 —-A—- E:WINDOWSsystem32CF21730.exe
2009-04-17 14:09:58 —-D—- E:Documents and SettingsAll UsersApplication DataMumboJumbo======List of files/folders modified in the last 1 months======
2009-05-14 21:37:12 —-A—- E:WINDOWSsystem32PerfStringBackup.INI
2009-05-14 20:30:36 —-A—- E:WINDOWSsetuplog.txt
2009-05-14 20:26:08 —-A—- E:WINDOWSOEWABLog.txt
2009-05-14 20:26:06 —-A—- E:WINDOWSODBCINST.INI
2009-05-14 20:25:22 —-RD—- E:WINDOWSWeb
2009-05-14 20:25:22 —-RD—- E:Program Files
2009-05-14 20:25:14 —-RAH—- E:WINDOWSsystem32cdplayer.exe.manifest
2009-05-14 20:25:06 —-A—- E:WINDOWSwin.ini
2009-05-14 20:06:56 —-A—- E:WINDOWSsystem.ini
2009-05-14 20:06:44 —-ASH—- E:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-05-05 20:57:42 —-A—- E:WINDOWSSchedLgU.Txt======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; E:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-01 1241088]
R3 BTHidEnum;Bluetooth HID Enumerator; E:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; E:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; E:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
S1 InCDPass;InCDPass; E:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; E:WINDOWSsystem32driversInCDRm.sys []
S3 BlueletAudio;Bluetooth Audio Service; E:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; E:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:WINDOWSSystem32Driversbtcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; ??E:WINDOWSsystem32driversBTNetFilter.sys []
S3 CCDECODE;Closed Caption декодер; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2008-06-26 223128]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; E:WINDOWSsystem32DRIVERSfetnd5b.sys [2003-09-04 41984]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-17 10880]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 VIAudio;VIA AC’97 Audio Controller (WDM); E:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S3 Vsp;Vsp; ??E:WINDOWSsystem32driversVsp.sys []
S3 WSTCODEC;World Standard Teletext кодек; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; E:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; E:WINDOWSsystem32Ati2evxx.exe [2004-08-01 376832]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 IJPLMSVC;PIXMA Extended Survey Program; E:Program FilesCanonIJPLMIJPLMSVC.EXE [2006-11-10 99936]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-02-10 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
EOF
Заранее большое спасибо.Добрый день.
Всё работает, спасибо.
Я проверила компьютер программой RSIT, после лечения появился только один лог, посмотрите, пожалуйста, всё ли в порядке.Logfile of random’s system information tool 1.06 (written by random/random)
Run by Алина at 2009-05-14 21:46:29
Microsoft Windows XP Professional Service Pack 2
System drive E: has 16 GB (50%) free of 31 GB
Total RAM: 255 MB (29% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:34, on 14.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32csrss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSExplorer.EXE
E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:Program FilesCommon FilesARS CompanyAgentAgent.exe
E:Program FilesMessengermsmsgs.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
E:WINDOWSsystem32spoolsv.exe
E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
E:Program FilesCanonIJPLMIJPLMSVC.EXE
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:WINDOWSsystem32dllhost.exe
E:WINDOWSSystem32alg.exe
E:WINDOWSsystem32msdtc.exe
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Documents and SettingsАлинаРабочий столRSIT.exe
E:WINDOWSsystem32wbemwmiprvse.exe
E:Program Filestrend microАлина.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: (no name) — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — (no file)
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O4 — HKLM..Run: [Uninstall0001] «E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe» LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 — HKLM..Run: [Easy-PrintToolBox] E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SpywareTerminator] «E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKLM..Run: [NeroFilterCheck] E:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKLM..Run: [ISTray] «E:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [AMP Agent] E:Program FilesCommon FilesARS CompanyAgentAgent.exe
O4 — HKCU..Run: [PcSync] E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP.Online] E:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [QIP2005] E:Program FilesQIPqip.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 — Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 — Global Startup: BlueSoleil.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — E:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — E:Program FilesFlashGetjc_link.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O11 — Options group: [searching] Поиск из панели адресов
O12 — Plugin for .spop: E:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240034035468
O17 — HKLMSystemCCSServicesTcpip..{70F5FC79-68B1-44DE-AF25-BF5254464F8E}: NameServer = 213.130.21.11,213.130.10.10
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — E:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — E:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (imapiservice) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (wmiapsrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7432 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Uninstall0001″=E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe [2007-08-03 57344]
«Easy-PrintToolBox»=E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2006-10-17 398944]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe -lang 1033 []
«SpywareTerminator»=E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe []
«NeroFilterCheck»=E:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe []
«ISTray»=E:Program FilesSpyware DoctorpctsTray.exe [2008-12-08 1173384]
«KernelFaultCheck»=E:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AMP Agent»=E:Program FilesCommon FilesARS CompanyAgentAgent.exe [2002-02-28 37888]
«PcSync»=E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog []
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=E:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«QIP.Online»=E:Program FilesQIP.Onlineqiponline.exe auto_start []
«QIP2005″=E:Program FilesQIPqip.exe []
«ICQ»=E:Program FilesICQ6ICQ.exe silent []
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe []E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
Microsoft Office.lnk — E:Program FilesMicrosoft OfficeOffice10OSA.EXE
BlueSoleil.lnk — E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exeE:Documents and SettingsАлинаГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
E:WINDOWSsystem32Ati2evxx.dll [2004-08-01 46080][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«LegalNoticeCaption»=
«LegalNoticeText»=
«ShutdownWithoutLogon»=0
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=67108863
«NoDriveTypeAutoRun»=323
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«E:WINDOWSSystem32muzapp.exe»=»E:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-05-14 21:22:59 —-D—- E:WINDOWSPrefetch
2009-05-14 20:25:18 —-RAH—- E:WINDOWSsystem32logonui.exe.manifest
2009-05-14 20:15:55 —-A—- E:WINDOWSpnplog.txt
2009-05-14 20:06:51 —-A—- E:WINDOWSsystem32spxcoins.dll
2009-05-14 20:06:51 —-A—- E:WINDOWSsystem32irclass.dll
2009-05-14 20:06:38 —-RA—- E:WINDOWSSET64.tmp
2009-05-14 20:06:35 —-RA—- E:WINDOWSSET58.tmp
2009-05-14 20:06:33 —-RA—- E:WINDOWSSET55.tmp
2009-05-13 20:26:46 —-SHD—- E:FOUND.040
2009-05-13 13:05:17 —-SHD—- E:WINDOWSCSC
2009-05-12 21:17:40 —-A—- E:WINDOWSntbtlog.txt
2009-05-10 14:00:30 —-SHD—- E:FOUND.039
2009-05-07 20:06:16 —-SHD—- E:FOUND.038
2009-05-05 20:55:52 —-A—- E:WINDOWSsystem32CF3654.exe
2009-05-03 17:29:31 —-D—- E:Documents and SettingsAll UsersApplication DataTEMP
2009-05-03 17:28:56 —-D—- E:Program FilesCommon FilesPC Tools
2009-05-03 17:28:42 —-D—- E:Program FilesSpyware Doctor
2009-05-03 17:28:42 —-D—- E:Documents and SettingsАлинаApplication DataPC Tools
2009-05-03 17:28:42 —-D—- E:Documents and SettingsAll UsersApplication DataPC Tools
2009-04-29 20:35:30 —-SHD—- E:FOUND.037
2009-04-24 18:32:36 —-SHD—- E:FOUND.036
2009-04-22 20:05:12 —-SHD—- E:FOUND.035
2009-04-22 13:28:34 —-D—- E:WINDOWSMinidump
2009-04-21 14:48:07 —-A—- E:WINDOWSsystem32stu2.exe
2009-04-19 12:13:37 —-D—- E:Documents and SettingsAll UsersApplication DataВеселаяФерма2
2009-04-19 12:13:18 —-D—- E:Documents and SettingsAll UsersApplication DataEgoset
2009-04-18 09:55:18 —-D—- E:WINDOWSsystem32SoftwareDistribution
2009-04-17 19:58:02 —-A—- E:WINDOWSsystem32CF25570.exe
2009-04-17 19:44:40 —-A—- E:WINDOWSsystem32CF22951.exe
2009-04-17 19:38:29 —-D—- E:WINDOWSERDNT
2009-04-17 19:38:27 —-A—- E:WINDOWSsystem32CF21730.exe
2009-04-17 14:09:58 —-D—- E:Documents and SettingsAll UsersApplication DataMumboJumbo======List of files/folders modified in the last 1 months======
2009-05-14 21:37:12 —-A—- E:WINDOWSsystem32PerfStringBackup.INI
2009-05-14 20:30:36 —-A—- E:WINDOWSsetuplog.txt
2009-05-14 20:26:08 —-A—- E:WINDOWSOEWABLog.txt
2009-05-14 20:26:06 —-A—- E:WINDOWSODBCINST.INI
2009-05-14 20:25:22 —-RD—- E:WINDOWSWeb
2009-05-14 20:25:22 —-RD—- E:Program Files
2009-05-14 20:25:14 —-RAH—- E:WINDOWSsystem32cdplayer.exe.manifest
2009-05-14 20:25:06 —-A—- E:WINDOWSwin.ini
2009-05-14 20:06:56 —-A—- E:WINDOWSsystem.ini
2009-05-14 20:06:44 —-ASH—- E:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-05-05 20:57:42 —-A—- E:WINDOWSSchedLgU.Txt======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; E:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-01 1241088]
R3 BTHidEnum;Bluetooth HID Enumerator; E:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; E:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; E:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
S1 InCDPass;InCDPass; E:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; E:WINDOWSsystem32driversInCDRm.sys []
S3 BlueletAudio;Bluetooth Audio Service; E:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; E:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:WINDOWSSystem32Driversbtcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; ??E:WINDOWSsystem32driversBTNetFilter.sys []
S3 CCDECODE;Closed Caption декодер; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2008-06-26 223128]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; E:WINDOWSsystem32DRIVERSfetnd5b.sys [2003-09-04 41984]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-17 10880]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 VIAudio;VIA AC’97 Audio Controller (WDM); E:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S3 Vsp;Vsp; ??E:WINDOWSsystem32driversVsp.sys []
S3 WSTCODEC;World Standard Teletext кодек; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; E:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; E:WINDOWSsystem32Ati2evxx.exe [2004-08-01 376832]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 IJPLMSVC;PIXMA Extended Survey Program; E:Program FilesCanonIJPLMIJPLMSVC.EXE [2006-11-10 99936]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-02-10 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
EOF
Заранее большое спасибо.Добрый день.
В этом режиме компьютер не загружается-появляется приветствие, затем рисунок рабочего стола на весь экран без иконок и нижней строки, и так зависает. В других режимах то же самое. Выключаю ПК только из сети, перезагрузить не получается-виснет.Добрый день.
Ничего не изменилось после перезагрузки. Компьютер не выключается, приходится просто отключать от сети. Также не работают все программы, установленные на компьютер- вроде бы открываются, но…
Может, что-то ещё можно сделать?
Спасибо.Добрый день. Всё сделала по Вашей инструкции. Компьютер пролечился, «доктор» удалился (вроде-бы), лог не появился, т.к. комп сам перезагрузился и завис. При повторном лечении зразу зависает. Теперь не открываются папки панели управления и те, которые связаны с интернетом (подключение, сервис, сетевое окружение и т.д.). Войти в интернет не могу, наверное, сбились все настройки, но и настроить его тоже не получается-не могу ничего открыть. Пишу с другого компьютера.
Что можно сделать?
Спасибо.Добрый день. Я всё сделала, как Вы мне написали, просканировала ПК. Программа Malware Doctor не удалилась. Также не могу обновить ПО системы безопасности, пишет ошибку на веб-узле 0x8024D007. Заблокирован диспетчер задач и вход в реестр.
Прилагаю:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at E:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Completed script processing.
*******************
Finished! Terminate.
Malwarebytes’ Anti-Malware 1.36
Версия базы данных: 2069
Windows 5.1.2600 Service Pack 203.05.2009 17:04:13
mbam-log-2009-05-03 (17-04-13).txtТип проверки: Полная (C:|D:|E:|F:|)
Проверено объектов: 196743
Прошло времени: 2 hour(s), 45 minute(s), 8 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 3
Заражено значений реестра: 2
Заражено параметров реестра: 3
Заражено папок: 0
Заражено файлов: 12Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOTCLSID{56bb6d01-7bd5-4458-a4ae-f03df643d6ee} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{56bb6d01-7bd5-4458-a4ae-f03df643d6ee} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{56bb6d01-7bd5-4458-a4ae-f03df643d6ee} (Trojan.BHO) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunMalware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunMalware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.Заражено параметров реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: e:windowssystem32userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
G:autorun.inf (Worm.Agent.H) -> Delete on reboot.
D:Program FilesK-Lite Codec PackRealsettings.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:Program FilesK-Lite Codec PackRealmpclauncher.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:Program FilesK-Lite Codec PackQuickTimeQuickTimePlayer.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:Program FilesK-Lite Codec Packtoolsfixcodecs.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:Program FilesK-Lite Codec PackRealsettings.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:Program FilesK-Lite Codec PackRealmpclauncher.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:Program FilesK-Lite Codec PackQuickTimeQuickTimePlayer.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:Program FilesK-Lite Codec Packtoolsfixcodecs.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:Documents and SettingsАлинаLocal SettingsTempie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:WINDOWSsystem32sft.res (Malware.Trace) -> Quarantined and deleted successfully.
E:Documents and SettingsLocalServiceApplication Data916653139.exe (Rogue.MalwareDoc) -> Delete on reboot.RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Алина at 2009-05-03 17:18:04
Microsoft Windows XP Professional Service Pack 2
System drive E: has 12 GB (37%) free of 31 GB
Total RAM: 255 MB (33% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:15, on 03.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSsystem32SVCHOST.EXE
E:WINDOWSSystem32AshEvtSvc.exe
E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
E:Program FilesCanonIJPLMIJPLMSVC.EXE
E:WINDOWSsystem32svchost.exe
E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:Program FilesCommon FilesARS CompanyAgentAgent.exe
E:Program FilesMessengermsmsgs.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesInternet Exploreriexplore.exe
E:Documents and SettingsLocalServiceApplication Data916653139.exe
E:Program FilesAlwil SoftwareAvast4setupavast.setup
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Documents and SettingsАлинаРабочий столRSIT.exe
E:Program Filestrend microАлина.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: (no name) — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — (no file)
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O4 — HKLM..Run: [Uninstall0001] «E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe» LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 — HKLM..Run: [Easy-PrintToolBox] E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SpywareTerminator] «E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKLM..Run: [NeroFilterCheck] E:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKCU..Run: [AMP Agent] E:Program FilesCommon FilesARS CompanyAgentAgent.exe
O4 — HKCU..Run: [PcSync] E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP.Online] E:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [QIP2005] E:Program FilesQIPqip.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 — Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 — Global Startup: BlueSoleil.lnk = ?
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — E:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — E:Program FilesFlashGetjc_link.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: E:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240034035468
O17 — HKLMSystemCCSServicesTcpip..{70F5FC79-68B1-44DE-AF25-BF5254464F8E}: NameServer = 213.130.21.11,213.130.10.10
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: ashevtsvc — Unknown owner — E:WINDOWSSystem32AshEvtSvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — E:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — E:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7900 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Uninstall0001″=E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe [2007-08-03 57344]
«Easy-PrintToolBox»=E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2006-10-17 398944]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe -lang 1033 []
«SpywareTerminator»=E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe []
«NeroFilterCheck»=E:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe [2009-05-03 81920][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AMP Agent»=E:Program FilesCommon FilesARS CompanyAgentAgent.exe [2002-02-28 37888]
«PcSync»=E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog []
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=E:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«QIP.Online»=E:Program FilesQIP.Onlineqiponline.exe auto_start []
«QIP2005″=E:Program FilesQIPqip.exe []
«ICQ»=E:Program FilesICQ6ICQ.exe silent []
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe [2009-05-03 81920]E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
Microsoft Office.lnk — E:Program FilesMicrosoft OfficeOffice10OSA.EXE
BlueSoleil.lnk — E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exeE:Documents and SettingsАлинаГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
E:WINDOWSsystem32Ati2evxx.dll [2004-08-01 46080][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableRegistryTools»=1
«DisableTaskMgr»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«E:WINDOWSSystem32muzapp.exe»=»E:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-05-03 17:10:47 —-D—- E:WINDOWSLastGood
2009-04-30 13:18:03 —-A—- E:WINDOWSsystem32AshEvtSvc.exe
2009-04-29 20:35:30 —-SHD—- E:FOUND.037
2009-04-24 18:32:36 —-SHD—- E:FOUND.036
2009-04-22 20:05:12 —-SHD—- E:FOUND.035
2009-04-22 13:28:34 —-D—- E:WINDOWSMinidump
2009-04-21 14:48:07 —-A—- E:WINDOWSsystem32stu2.exe
2009-04-19 12:13:37 —-D—- E:Documents and SettingsAll UsersApplication DataВеселаяФерма2
2009-04-19 12:13:18 —-D—- E:Documents and SettingsAll UsersApplication DataEgoset
2009-04-18 09:55:18 —-D—- E:WINDOWSsystem32SoftwareDistribution
2009-04-17 19:58:03 —-D—- E:ComboFix
2009-04-17 19:58:02 —-A—- E:WINDOWSsystem32CF25570.exe
2009-04-17 19:44:40 —-A—- E:WINDOWSsystem32CF22951.exe
2009-04-17 19:38:29 —-D—- E:WINDOWSERDNT
2009-04-17 19:38:27 —-A—- E:WINDOWSsystem32CF21730.exe
2009-04-17 19:38:25 —-D—- E:Qoobox
2009-04-17 14:09:58 —-D—- E:Documents and SettingsAll UsersApplication DataMumboJumbo
2009-04-13 23:11:20 —-D—- E:_OTMoveIt
2009-04-13 23:00:33 —-RASHD—- E:autorun.inf
2009-04-10 00:01:19 —-D—- E:Program Filestrend micro
2009-04-10 00:01:18 —-D—- E:rsit
2009-04-09 23:26:33 —-D—- E:Documents and SettingsАлинаApplication DataMalwarebytes
2009-04-09 23:26:24 —-D—- E:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-04-09 23:26:23 —-D—- E:Program FilesMalwarebytes’ Anti-Malware
2009-04-09 21:05:58 —-D—- E:Program FilesICQ6Toolbar
2009-04-09 21:05:36 —-D—- E:Documents and SettingsAll UsersApplication DataICQ
2009-04-09 21:05:09 —-D—- E:Documents and SettingsАлинаApplication DataMozilla
2009-04-07 16:09:37 —-A—- E:Program FilesUNWISE.EXE
2009-04-05 20:46:06 —-D—- E:Documents and SettingsАлинаApplication DataQIP.Online
2009-04-05 20:40:34 —-D—- E:Program FilesQIP======List of files/folders modified in the last 1 months======
2009-05-03 17:06:12 —-A—- E:WINDOWSSchedLgU.Txt
2009-05-01 20:06:24 —-A—- E:WINDOWSsystem32userinit.exe
2009-04-14 19:30:50 —-A—- E:WINDOWSNeroDigital.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; E:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-01 1241088]
R3 BlueletAudio;Bluetooth Audio Service; E:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
R3 BTHidEnum;Bluetooth HID Enumerator; E:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
R3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2008-06-26 223128]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; E:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; E:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); E:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S1 InCDPass;InCDPass; E:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; E:WINDOWSsystem32driversInCDRm.sys []
S3 BT;Bluetooth PAN Network Adapter; E:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:WINDOWSSystem32Driversbtcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; ??E:WINDOWSsystem32driversBTNetFilter.sys []
S3 CCDECODE;Closed Caption декодер; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; E:WINDOWSsystem32DRIVERSfetnd5b.sys [2003-09-04 41984]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Vsp;Vsp; ??E:WINDOWSsystem32driversVsp.sys []
S3 WSTCODEC;World Standard Teletext кодек; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; E:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ashevtsvc;ashevtsvc; E:WINDOWSSystem32AshEvtSvc.exe [2009-04-30 32768]
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; E:WINDOWSsystem32Ati2evxx.exe [2004-08-01 376832]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 IJPLMSVC;PIXMA Extended Survey Program; E:Program FilesCanonIJPLMIJPLMSVC.EXE [2006-11-10 99936]
R3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-02-10 72704]
EOF
Добрый день.
Программой Combofix пролечить ПК не получилось, он зависает. Снова появилась программа Malware Doctor, теперь через каждые 5-7 секунд компьютер подвисает, и ещё Аваст находит Spyware (не знаю, что это за вирус, он впервые появился).
Прикладываваю log программы RSIT:Logfile of random’s system information tool 1.06 (written by random/random)
Run by Алина at 2009-04-30 22:12:02
Microsoft Windows XP Professional Service Pack 2
System drive E: has 10 GB (32%) free of 31 GB
Total RAM: 255 MB (24% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:38, on 30.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32SVCHOST.EXE
E:WINDOWSSystem32AshEvtSvc.exe
E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
E:Program FilesICQ6ToolbarICQ Service.exe
E:Program FilesCanonIJPLMIJPLMSVC.EXE
E:WINDOWSsystem32svchost.exe
E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:Documents and SettingsLocalServiceApplication Data916653139.exe
E:Program FilesCommon FilesARS CompanyAgentAgent.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesICQ6ICQ.exe
E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Program FilesAlwil SoftwareAvast4setupavast.setup
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Documents and SettingsАлинаРабочий столRSIT.exe
E:Program Filestrend microАлина.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — E:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: (no name) — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — (no file)
O2 — BHO: Microsoft copyright — {56bb6d01-7bd5-4458-a4ae-f03df643d6ee} — stfa.dll (file missing)
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — E:Program FilesICQ6ToolbarICQToolBar.dll
O4 — HKLM..Run: [Uninstall0001] «E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe» LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 — HKLM..Run: [Easy-PrintToolBox] E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SpywareTerminator] «E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKLM..Run: [NeroFilterCheck] E:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKCU..Run: [AMP Agent] E:Program FilesCommon FilesARS CompanyAgentAgent.exe
O4 — HKCU..Run: [PcSync] E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP.Online] E:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [QIP2005] E:Program FilesQIPqip.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Malware Doctor] E:Documents and SettingsLocalServiceApplication Data916653139.exe
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 — Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 — Global Startup: BlueSoleil.lnk = ?
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — E:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — E:Program FilesFlashGetjc_link.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra button: ICQ6 — {e59eb121-f339-4851-a3ba-fe49c35617c2} — E:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {e59eb121-f339-4851-a3ba-fe49c35617c2} — E:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: E:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240034035468
O17 — HKLMSystemCCSServicesTcpip..{70F5FC79-68B1-44DE-AF25-BF5254464F8E}: NameServer = 213.130.21.11,213.130.10.10
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: ashevtsvc — Unknown owner — E:WINDOWSSystem32AshEvtSvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — E:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: ICQ Service (icq service) — Unknown owner — E:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — E:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8378 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{56bb6d01-7bd5-4458-a4ae-f03df643d6ee}]
Microsoft copyright — stfa.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — E:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Uninstall0001″=E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe [2007-08-03 57344]
«Easy-PrintToolBox»=E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2006-10-17 398944]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe -lang 1033 []
«SpywareTerminator»=E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe []
«NeroFilterCheck»=E:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe [2009-04-30 81920][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AMP Agent»=E:Program FilesCommon FilesARS CompanyAgentAgent.exe [2002-02-28 37888]
«PcSync»=E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog []
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=E:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«QIP.Online»=E:Program FilesQIP.Onlineqiponline.exe auto_start []
«QIP2005″=E:Program FilesQIPqip.exe []
«ICQ»=E:Program FilesICQ6ICQ.exe [2008-08-24 173304]
«Malware Doctor»=E:Documents and SettingsLocalServiceApplication Data916653139.exe [2009-04-30 81920]E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
Microsoft Office.lnk — E:Program FilesMicrosoft OfficeOffice10OSA.EXE
BlueSoleil.lnk — E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exeE:Documents and SettingsАлинаГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
E:WINDOWSsystem32Ati2evxx.dll [2004-08-01 46080][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableRegistryTools»=1
«DisableTaskMgr»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«E:WINDOWSSystem32muzapp.exe»=»E:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»
«E:Program FilesICQ6ICQ.exe»=»E:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-30 13:18:03 —-A—- E:WINDOWSsystem32AshEvtSvc.exe
2009-04-29 20:35:30 —-SHD—- E:FOUND.037
2009-04-24 18:32:36 —-SHD—- E:FOUND.036
2009-04-22 20:05:12 —-SHD—- E:FOUND.035
2009-04-22 13:28:34 —-D—- E:WINDOWSMinidump
2009-04-21 14:48:07 —-A—- E:WINDOWSsystem32stu2.exe
2009-04-19 12:13:37 —-D—- E:Documents and SettingsAll UsersApplication DataВеселаяФерма2
2009-04-19 12:13:18 —-D—- E:Documents and SettingsAll UsersApplication DataEgoset
2009-04-18 09:55:18 —-D—- E:WINDOWSsystem32SoftwareDistribution
2009-04-17 19:58:03 —-D—- E:ComboFix
2009-04-17 19:58:02 —-A—- E:WINDOWSsystem32CF25570.exe
2009-04-17 19:44:40 —-A—- E:WINDOWSsystem32CF22951.exe
2009-04-17 19:38:29 —-D—- E:WINDOWSERDNT
2009-04-17 19:38:27 —-A—- E:WINDOWSsystem32CF21730.exe
2009-04-17 19:38:25 —-D—- E:Qoobox
2009-04-17 14:09:58 —-D—- E:Documents and SettingsAll UsersApplication DataMumboJumbo
2009-04-15 13:51:46 —-A—- E:WINDOWSsystem32smstf.dll
2009-04-13 23:11:20 —-D—- E:_OTMoveIt
2009-04-13 23:00:33 —-RASHD—- E:autorun.inf
2009-04-10 00:01:19 —-D—- E:Program Filestrend micro
2009-04-10 00:01:18 —-D—- E:rsit
2009-04-09 23:26:33 —-D—- E:Documents and SettingsАлинаApplication DataMalwarebytes
2009-04-09 23:26:24 —-D—- E:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-04-09 23:26:23 —-D—- E:Program FilesMalwarebytes’ Anti-Malware
2009-04-09 21:05:58 —-D—- E:Program FilesICQ6Toolbar
2009-04-09 21:05:36 —-D—- E:Documents and SettingsAll UsersApplication DataICQ
2009-04-09 21:05:09 —-D—- E:Documents and SettingsАлинаApplication DataMozilla
2009-04-09 20:59:18 —-D—- E:Documents and SettingsАлинаApplication DataICQ
2009-04-09 20:56:40 —-D—- E:Program FilesICQ6
2009-04-07 16:09:37 —-A—- E:Program FilesUNWISE.EXE
2009-04-05 20:46:06 —-D—- E:Documents and SettingsАлинаApplication DataQIP.Online
2009-04-05 20:40:34 —-D—- E:Program FilesQIP
2009-04-02 20:03:28 —-SHD—- E:FOUND.034======List of files/folders modified in the last 1 months======
2009-04-30 21:50:54 —-A—- E:WINDOWSSchedLgU.Txt
2009-04-30 20:29:26 —-A—- E:WINDOWSsystem32userinit.exe
2009-04-14 19:30:50 —-A—- E:WINDOWSNeroDigital.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; E:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-01 1241088]
R3 BlueletAudio;Bluetooth Audio Service; E:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
R3 BTHidEnum;Bluetooth HID Enumerator; E:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
R3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2008-06-26 223128]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; E:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; E:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); E:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S1 InCDPass;InCDPass; E:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; E:WINDOWSsystem32driversInCDRm.sys []
S3 BT;Bluetooth PAN Network Adapter; E:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:WINDOWSSystem32Driversbtcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; ??E:WINDOWSsystem32driversBTNetFilter.sys []
S3 CCDECODE;Closed Caption декодер; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; E:WINDOWSsystem32DRIVERSfetnd5b.sys [2003-09-04 41984]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Vsp;Vsp; ??E:WINDOWSsystem32driversVsp.sys []
S3 WSTCODEC;World Standard Teletext кодек; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; E:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ashevtsvc;ashevtsvc; E:WINDOWSSystem32AshEvtSvc.exe [2009-04-30 32768]
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; E:WINDOWSsystem32Ati2evxx.exe [2004-08-01 376832]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 icq service;ICQ Service; E:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 IJPLMSVC;PIXMA Extended Survey Program; E:Program FilesCanonIJPLMIJPLMSVC.EXE [2006-11-10 99936]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-02-10 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
EOF
Заранее большое спасибо.Добрый вечер.
Я все сделала по Вашей инструкции.
Программа Malware Doctor больше не запускается и ее значок исчез из строки состояния! Она удалилась окончательно?
Антивирус Аваст все равно обнаруживает руткит, я нажимаю «удалить немедленно», но через время сообщение о рутките появляется снова. Что это может быть?
Спасибо.Прилагаю лог OTMoveIt3:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Malware Doctor not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\csrcs not found.
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableRegistryTools»|0 /E : value set successfully!
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableTaskMgr»|0 /E : value set successfully!
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{89841cd2-4601-11dd-ac1a-f2525e1a62d7}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9c2160f4-a5a1-11db-aa77-00138f582dc8}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bef0217c-5fab-11dd-ac34-e0c3654604d7}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cc5c71c6-1eba-11dd-abf0-dc54086d47c0}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d9331a3c-121a-11dd-abdf-101111111111}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d949125e-afbc-11db-aa7f-00138f582dc8}\ not found.
========== FILES ==========
File/Folder E:WINDOWSTEMPD6B8A8D2.exe not found.
File/Folder G:v.exe not found.
File/Folder H:qd.cmd not found.
File/Folder H:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1033 not found.
File/Folder H:a3g3.bat not found.
File/Folder H:gbemjm.exe not found.
========== COMMANDS ==========
File delete failed. E:DOCUME~1АЛИНАLOCALS~1TempJET1236.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. E:Documents and SettingsАлинаLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
File delete failed. E:Documents and SettingsLocalServiceLocal SettingsTempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. E:Documents and SettingsLocalServiceLocal SettingsTempCookiesindex.dat scheduled to be deleted on reboot.
File delete failed. E:Documents and SettingsLocalServiceLocal SettingsTempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. E:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. E:WINDOWStemp_avast4_Webshlock.txt scheduled to be deleted on reboot.
File delete failed. E:WINDOWStempPerflib_Perfdata_628.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04132009_233423
Files moved on Reboot…
File E:DOCUME~1АЛИНАLOCALS~1TempJET1236.tmp not found!
File E:WINDOWStemp_avast4_Webshlock.txt not found!
E:WINDOWStempPerflib_Perfdata_628.dat moved successfully.Свежий свежий RSIT лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Алина at 2009-04-13 23:40:40
Microsoft Windows XP Professional Service Pack 2
System drive E: has 10 GB (31%) free of 31 GB
Total RAM: 255 MB (22% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:51, on 13.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32Ati2evxx.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
E:Program FilesAlwil SoftwareAvast4ashServ.exe
E:WINDOWSsystem32spoolsv.exe
E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
E:Program FilesICQ6ToolbarICQ Service.exe
E:Program FilesCanonIJPLMIJPLMSVC.EXE
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32Ati2evxx.exe
E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
E:WINDOWSExplorer.EXE
E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
E:WINDOWSnotepad.exe
E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe
E:PROGRA~1ALWILS~1Avast4ashDisp.exe
E:Program FilesCommon FilesARS CompanyAgentAgent.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesICQ6ICQ.exe
E:WINDOWSsystem32wscntfy.exe
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Documents and SettingsАлинаРабочий столRSIT.exe
E:Program Filestrend microАлина.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — E:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: (no name) — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — (no file)
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — E:Program FilesICQ6ToolbarICQToolBar.dll
O4 — HKLM..Run: [Uninstall0001] «E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe» LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 — HKLM..Run: [Easy-PrintToolBox] E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [SpywareTerminator] «E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKLM..Run: [NeroFilterCheck] E:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKCU..Run: [AMP Agent] E:Program FilesCommon FilesARS CompanyAgentAgent.exe
O4 — HKCU..Run: [PcSync] E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP.Online] E:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKCU..Run: [QIP2005] E:Program FilesQIPqip.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Malware Doctor] E:WINDOWSTEMPD6B8A8D2.exe
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 — Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 — Global Startup: BlueSoleil.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — E:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — E:Program FilesFlashGetjc_link.htm
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — E:PROGRA~1FLASHGETflashget.exe (file missing)
O9 — Extra button: ICQ6 — {e59eb121-f339-4851-a3ba-fe49c35617c2} — E:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {e59eb121-f339-4851-a3ba-fe49c35617c2} — E:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: E:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{70F5FC79-68B1-44DE-AF25-BF5254464F8E}: NameServer = 213.130.21.11,213.130.10.10
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — E:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — E:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — E:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: ICQ Service (icq service) — Unknown owner — E:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — E:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7531 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — E:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Uninstall0001″=E:Program FilesCommon FilesTotem SharedUninstall0001upd.exe [2007-08-03 57344]
«Easy-PrintToolBox»=E:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2006-10-17 398944]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe -lang 1033 []
«SpywareTerminator»=E:Program FilesSpyware TerminatorSpywareTerminatorShield.exe []
«NeroFilterCheck»=E:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«avast!»=E:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«AMP Agent»=E:Program FilesCommon FilesARS CompanyAgentAgent.exe [2002-02-28 37888]
«PcSync»=E:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog []
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=E:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«QIP.Online»=E:Program FilesQIP.Onlineqiponline.exe auto_start []
«QIP2005″=E:Program FilesQIPqip.exe []
«ICQ»=E:Program FilesICQ6ICQ.exe [2008-08-24 173304]
«Malware Doctor»=E:WINDOWSTEMPD6B8A8D2.exe []E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — E:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
Microsoft Office.lnk — E:Program FilesMicrosoft OfficeOffice10OSA.EXE
BlueSoleil.lnk — E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exeE:Documents and SettingsАлинаГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
E:WINDOWSsystem32Ati2evxx.dll [2004-08-01 46080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»E:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«E:WINDOWSSystem32muzapp.exe»=»E:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»
«E:Program FilesICQ6ICQ.exe»=»E:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-13 23:11:20 —-D—- E:_OTMoveIt
2009-04-13 23:00:33 —-RASHD—- E:autorun.inf
2009-04-10 00:01:19 —-D—- E:Program Filestrend micro
2009-04-10 00:01:18 —-D—- E:rsit
2009-04-09 23:26:33 —-D—- E:Documents and SettingsАлинаApplication DataMalwarebytes
2009-04-09 23:26:24 —-D—- E:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-04-09 23:26:23 —-D—- E:Program FilesMalwarebytes’ Anti-Malware
2009-04-09 21:05:58 —-D—- E:Program FilesICQ6Toolbar
2009-04-09 21:05:36 —-D—- E:Documents and SettingsAll UsersApplication DataICQ
2009-04-09 21:05:09 —-D—- E:Documents and SettingsАлинаApplication DataMozilla
2009-04-09 20:59:18 —-D—- E:Documents and SettingsАлинаApplication DataICQ
2009-04-09 20:56:40 —-D—- E:Program FilesICQ6
2009-04-07 16:09:37 —-A—- E:Program FilesUNWISE.EXE
2009-04-05 20:46:06 —-D—- E:Documents and SettingsАлинаApplication DataQIP.Online
2009-04-05 20:40:34 —-D—- E:Program FilesQIP
2009-04-02 20:03:28 —-SHD—- E:FOUND.034
2009-03-29 19:58:17 —-SHD—- E:Config.Msi
2009-03-29 19:58:09 —-A—- E:WINDOWSsystem32FileOps.exe
2009-03-29 16:19:44 —-SHD—- E:FOUND.033
2009-03-27 22:19:43 —-D—- E:Program FilesKaraoke GALAXY
2009-03-26 16:30:40 —-A—- E:WINDOWSsystem32atl71.dll
2009-03-26 16:30:27 —-A—- E:WINDOWSsystem32MFC71u.dll
2009-03-25 19:08:30 —-SHD—- E:FOUND.032
2009-03-25 15:33:46 —-D—- E:Program FilesOpenAL
2009-03-25 14:50:24 —-A—- E:WINDOWSsystem32d3dx10_40.dll
2009-03-25 14:50:24 —-A—- E:WINDOWSsystem32D3DCompiler_40.dll
2009-03-25 14:50:22 —-A—- E:WINDOWSsystem32D3DX9_40.dll
2009-03-25 14:50:21 —-A—- E:WINDOWSsystem32XAudio2_3.dll
2009-03-25 14:50:21 —-A—- E:WINDOWSsystem32XAPOFX1_2.dll
2009-03-25 14:50:20 —-A—- E:WINDOWSsystem32xactengine3_3.dll
2009-03-25 14:50:20 —-A—- E:WINDOWSsystem32X3DAudio1_5.dll
2009-03-25 14:50:19 —-A—- E:WINDOWSsystem32XAudio2_2.dll
2009-03-25 14:50:19 —-A—- E:WINDOWSsystem32XAPOFX1_1.dll
2009-03-25 14:50:19 —-A—- E:WINDOWSsystem32xactengine3_2.dll
2009-03-25 14:50:18 —-A—- E:WINDOWSsystem32d3dx10_39.dll
2009-03-25 14:50:18 —-A—- E:WINDOWSsystem32D3DCompiler_39.dll
2009-03-25 14:50:16 —-A—- E:WINDOWSsystem32D3DX9_39.dll
2009-03-25 14:50:15 —-A—- E:WINDOWSsystem32XAudio2_1.dll
2009-03-25 14:50:15 —-A—- E:WINDOWSsystem32XAPOFX1_0.dll
2009-03-25 14:50:15 —-A—- E:WINDOWSsystem32xactengine3_1.dll
2009-03-25 14:50:14 —-A—- E:WINDOWSsystem32X3DAudio1_4.dll
2009-03-25 14:50:13 —-A—- E:WINDOWSsystem32d3dx10_38.dll
2009-03-25 14:50:13 —-A—- E:WINDOWSsystem32D3DCompiler_38.dll
2009-03-25 14:50:11 —-A—- E:WINDOWSsystem32D3DX9_38.dll
2009-03-25 14:50:10 —-A—- E:WINDOWSsystem32XAudio2_0.dll
2009-03-25 14:50:10 —-A—- E:WINDOWSsystem32xactengine3_0.dll
2009-03-25 14:50:09 —-A—- E:WINDOWSsystem32X3DAudio1_3.dll
2009-03-25 14:50:09 —-A—- E:WINDOWSsystem32d3dx10_37.dll
2009-03-25 14:50:09 —-A—- E:WINDOWSsystem32D3DCompiler_37.dll
2009-03-25 14:50:07 —-A—- E:WINDOWSsystem32D3DX9_37.dll
2009-03-25 14:50:06 —-A—- E:WINDOWSsystem32xactengine2_10.dll
2009-03-25 14:50:05 —-A—- E:WINDOWSsystem32d3dx10_36.dll
2009-03-25 14:50:05 —-A—- E:WINDOWSsystem32D3DCompiler_36.dll
2009-03-25 14:50:03 —-A—- E:WINDOWSsystem32d3dx9_36.dll
2009-03-25 14:48:44 —-D—- E:WINDOWSLogs
2009-03-16 21:17:12 —-D—- E:Documents and SettingsAll UsersApplication DataGogii
2009-03-16 17:06:59 —-D—- E:Documents and SettingsAll UsersApplication DataSandlot Games
2009-03-16 17:06:34 —-D—- E:Documents and SettingsАлинаApplication DataSandlot Games======List of files/folders modified in the last 1 months======
2009-04-13 23:35:10 —-A—- E:WINDOWSSchedLgU.Txt
2009-04-04 20:54:42 —-A—- E:WINDOWSNeroDigital.ini
2009-03-25 15:33:48 —-N—- E:WINDOWSsystem32wrap_oal.dll
2009-03-25 15:33:48 —-N—- E:WINDOWSsystem32OpenAL32.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; E:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; E:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 aswFsBlk;aswFsBlk; E:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; E:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; E:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; E:WINDOWSsystem32DRIVERSati2mtag.sys [2004-08-01 1241088]
R3 BlueletAudio;Bluetooth Audio Service; E:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
R3 BTHidEnum;Bluetooth HID Enumerator; E:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
R3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2008-06-26 223128]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; E:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; E:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; E:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); E:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S1 InCDPass;InCDPass; E:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; E:WINDOWSsystem32driversInCDRm.sys []
S3 BT;Bluetooth PAN Network Adapter; E:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:WINDOWSSystem32Driversbtcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; ??E:WINDOWSsystem32driversBTNetFilter.sys []
S3 CCDECODE;Closed Caption декодер; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; E:WINDOWSsystem32DRIVERSfetnd5b.sys [2003-09-04 41984]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Vsp;Vsp; ??E:WINDOWSsystem32driversVsp.sys []
S3 WSTCODEC;World Standard Teletext кодек; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; E:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; E:WINDOWSsystem32Ati2evxx.exe [2004-08-01 376832]
R2 avast! Antivirus;avast! Antivirus; E:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 icq service;ICQ Service; E:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 IJPLMSVC;PIXMA Extended Survey Program; E:Program FilesCanonIJPLMIJPLMSVC.EXE [2006-11-10 99936]
R3 avast! Mail Scanner;avast! Mail Scanner; E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-02-10 72704]
S3 avast! Web Scanner;avast! Web Scanner; E:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
EOF
