- This topic has 1 ответ, 2 участника, and was last updated 14 years, 9 months назад by
.
-
Сообщения
-
Помогите пожалуйста с лечением компьютера т.к. drweb вообще не может даже запуститься
вот логи rsitinfo.txt logfile of random’s system information tool 1.06 2010-03-03 17:44:16
======Uninstall list======
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Acronis PartitionExpert—>C:Program FilesAcronisPartitionExpertMediaBuilder.exe -uninstall
Acronis True Image—>C:Program FilesAcronisTrue ImageMediaBuilder.exe -uninstall
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70000000000}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AudaPen/AudaStation v.2.64 (Remove Only)—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FE58DBD8-129B-11D7-8D51-005056CAD6CB}setup.exe» -l0x9 ~Uninstall ~RemoveOnly ~NoCabData
AudaUpdate Client 2.3 (Remove Only)—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AFC6827A-7D8E-4569-9F53-43FACA98F384}setup.exe» -l0x9 UNINSTALL
Borland Delphi 7—>MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
CCleaner—>»C:Program FilesCCleaneruninst.exe»
DosWin—>»c:DosWinUninstal.exe»
Dr.Web anti-virus for Windows 5.0—>MsiExec.exe /I{2BD3661D-1384-4EF4-9E5C-DFDB8EE6E3EA}
Firebird 1.0.2.908—>»C:Program FilesFirebirdunins000.exe»
HijackThis 2.0.2—>»C:DOCUME~1VVLOCALS~1TempRarSFX0HijackThis.exe» /uninstall
ImTOO 3GP Video Converter—>C:Program Files3GP Video Converter 3Uninstall.exe
K-Lite Codec Pack 2.59 Full Beta1—>»C:Program FilesK-Lite Codec Packunins000.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 7 Demo—>MsiExec.exe /I{3F7C2E67-9FA7-4558-B335-DA0C509F1049}
Opera 9.10—>MsiExec.exe /X{0AE234C5-B763-4A84-884F-25485BFDDBD8}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Perfect Uninstaller v6.1—>»C:Program FilesPerfect Uninstallerunins000.exe»
PIXMA Extended Survey Program—>C:Program FilesCanonIJPLMSETUP.EXE -R
Radmin Viewer 3.2—>MsiExec.exe /X{5AFF9A56-B7EB-486D-912C-FB89C857DFAB}
Revo Uninstaller 1.83—>C:Program FilesVS Revo GroupRevo Uninstalleruninst.exe
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
Total Commander (Remove or Repair)—>c:totalcmdtcuninst.exe
TwinTouch SE—>C:Program FilesTwinTouch SESetup.exe /Uninstall
VIA Platform Device Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver—>C:PROGRA~1S3UChromePs3minset.exe /u UChromeP.uns
Visual FoxPro ODBC Driver—>MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168}
Windows Installer Clean Up—>MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
XoftSpySE—>C:Program FilesXoftSpySEuninstall.exe
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
Переводчик автоэксперта 2.0—>»C:Program FilesTranslate2unins000.exe»Securitycenter WMI appears to be broken
======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesBorlandDelphi7Bin;C:Program FilesBorlandDelphi7ProjectsBpl;%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32WBEM
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 1, GenuineIntel
«PROCESSOR_REVISION»=0401
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by VV at 2010-03-03 18:38:54
WIN_XP Service Pack 2
System drive C: has 11 GB (28%) free of 38 GB
Total RAM: 447 MB (56% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38, on 03.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesCanonIJPLMIJPLMSVC.EXE
C:Program FilesFirebirdbinibguard.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFirebirdbinibserver.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32VTTimer.exe
C:PROGRA~1TWINTO~1MouseElf.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesDrWebSpIDerAgent.exe
C:PROGRA~1DrWebspiderui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTwinTouch SEEMouse.exe
C:totalcmdTOTALCMD.EXE
C:Program FilesOperaOpera.exe
c:InstallPortable111RSIT.exe
C:Program FilesTrend MicroHijackThisVV.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ya.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 — HKLM..Run: [VTTimer] VTTimer.exe
O4 — HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [mouseElf] C:PROGRA~1TWINTO~1MouseElf.EXE
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [Synchronization Manager] %SystemRoot%system32mobsync.exe /logon
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [3d3234c] C:WINDOWSsystem323d3234c.exe
O4 — HKLM..RunServices: [csrcs] C:WINDOWSsystem32csrcs.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘?’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘?’)
O4 — HKUSS-1-5-21-1659004503-1343024091-839522115-1003..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘?’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘?’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘?’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O15 — Trusted Zone: *.D:
O17 — HKLMSystemCCSServicesTcpip..{C833186E-1B5E-4F87-8AAC-553E2A3579C4}: NameServer = 212.3.137.41,212.3.133.6
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Dr.Web ® Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — C:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Unknown owner — C:DOCUME~1VVLOCALS~1TempRarSFX0sp_rsser.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5619 bytes======Scheduled tasks folder======
C:WINDOWStasksDrwebScan.job
C:WINDOWStasksDrwebUpdate.job
C:WINDOWStasksXoftSpySE 2.job
C:WINDOWStasksXoftSpySE.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VTTimer»=C:WINDOWSsystem32VTTimer.exe [2005-03-07 53248]
«High Definition Audio Property Page Shortcut»=C:WINDOWSsystem32HDAShCut.exe [2004-10-27 61952]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«mouseElf»=C:PROGRA~1TWINTO~1MouseElf.EXE [2004-08-26 192512]
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«Synchronization Manager»=C:WINDOWSsystem32mobsync.exe [2006-03-02 143360]
«SpIDerAgent»=C:Program FilesDrWebSpIDerAgent.exe [2008-12-17 697584]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2008-12-09 197896]
«3d3234c»=C:WINDOWSsystem323d3234c.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinaf48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinaf61.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinch72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci27.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindi62.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindi83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfk26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfk48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfk83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingl72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingl83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingm04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinim72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin37.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin50.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin51.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin84.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinjo04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkp15.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkp72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmr16.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinot48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinot50.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpu15.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpu26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqv26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx62.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsw04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsx48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsx83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinua04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinva05.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc73.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwe50.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd27.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinye15.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinye51.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinaf48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinaf61.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinch72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci27.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindi62.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindi83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfk26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfk48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfk83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWingl72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWingl83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWingm04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinim72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin37.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin50.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin51.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin84.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinjo04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkp15.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkp72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmr16.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinns72.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinns83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinot48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinot50.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpu15.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpu26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqv26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrw83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx62.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsw04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsx48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsx83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinua04.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinva05.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwc73.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwe50.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxd27.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxd48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinye15.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinye51.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{135176d1-4a4f-11dc-ad86-0015f2903daf}]
shellAutocommand — E:bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2245cd8c-4b33-11dc-ad87-0015f2903daf}]
shellAutocommand — E:bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2cfa263e-5a23-11dc-ad98-0015f2903daf}]
shellAutocommand — E:bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{52493b9c-2153-11df-911a-0015f2903daf}]
shellAutoRuncommand — F:DSNQOk.EXE
shellOpEncommand — F:dsNqOK.eXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64d2bfa8-27ec-11dd-aea2-0015f2903daf}]
shellAutoRuncommand — E:xn1i9x.com
shellexplorecommand — E:xn1i9x.com
shellopencommand — E:xn1i9x.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64f6fb9c-e8fa-11db-ad20-0015f2903daf}]
shellAutocommand — bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{77979ac6-4417-11dd-aec0-0015f2903daf}]
shellAutoRuncommand — E:EXPLORER.EXE
shellexplorecommand — E:EXPLORER.EXE
shellopencommand — E:EXPLORER.EXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{90d3b49a-7ab5-11de-9036-0015f2903daf}]
shellAutoRuncommand — F:DSNQOk.EXE
shellOpEncommand — F:dsNqOK.eXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ad027a52-feca-11db-ad39-0015f2903daf}]
shellAutocommand — E:bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{af704e6c-1a55-11dc-ad57-0015f2903daf}]
shellAutocommand — E:bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c47a9ec3-3358-11dc-ad73-0015f2903daf}]
shellAutocommand — E:bittorrent.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e======List of files/folders created in the last 1 months======
2010-03-03 17:52:49 —-D—- C:_OTM
2010-03-03 17:44:12 —-D—- C:rsit
2010-03-03 17:37:16 —-D—- C:Program FilesTrend Micro
2010-03-02 18:19:45 —-D—- C:Documents and SettingsVVApplication DataMalwarebytes
2010-03-02 18:19:35 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-03-02 18:19:35 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-03-02 16:39:16 —-A—- C:WINDOWSsystem3248a15468.exe
2010-03-02 16:39:15 —-A—- C:temp2.exe
2010-03-02 16:39:03 —-A—- C:temp.exe
2010-02-24 17:47:48 —-D—- C:Documents and SettingsVVApplication DataDesign Science
2010-02-24 17:47:35 —-D—- C:Program FilesMathType
2010-02-24 17:46:47 —-A—- C:WINDOWSsystem32inetwh32.dll
2010-02-24 08:49:19 —-A—- C:WINDOWSsystem323HCuuXg.exe
2010-02-20 09:31:42 —-A—- C:WINDOWSsystem322l1xeD4.exe
2010-02-19 08:44:11 —-A—- C:WINDOWSsystem32DtQKfXx.exe
2010-02-18 12:48:14 —-A—- C:WINDOWSsystem32ec9fde1e.exe
2010-02-17 09:44:39 —-A—- C:WINDOWSsystem32TEO7Oeh.exe
2010-02-15 16:49:36 —-A—- C:WINDOWSsystem32462f9bee.exe
2010-02-15 08:41:52 —-A—- C:WINDOWSsystem32jJJ2410.exe
2010-02-15 08:34:06 —-A—- C:WINDOWSsystem32JeYlUsJ.exe
2010-02-13 15:12:54 —-A—- C:WINDOWSsystem32RVT9pCW.exe
2010-02-13 15:12:38 —-D—- C:Program FilesCommon Fileswm
2010-02-13 15:12:37 —-A—- C:WINDOWSsystem32zC4PRZg.exe
2010-02-13 15:12:28 —-A—- C:WINDOWSsystem32bd1a06d1.exe======List of files/folders modified in the last 1 months======
2010-03-03 18:38:54 —-D—- C:WINDOWSTemp
2010-03-03 18:34:37 —-A—- C:WINDOWSwincmd.ini
2010-03-03 18:14:24 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-03 17:52:53 —-D—- C:WINDOWSsystem32
2010-03-03 17:52:53 —-D—- C:WINDOWS
2010-03-03 17:37:16 —-RD—- C:Program Files
2010-03-03 17:36:10 —-D—- C:Install
2010-03-03 16:39:03 —-A—- C:WINDOWSNeroDigital.ini
2010-03-02 19:01:08 —-RD—- C:WINDOWSOffline Web Pages
2010-03-02 19:01:08 —-D—- C:WINDOWSsystem32drivers
2010-02-27 10:13:36 —-D—- C:Program FilesTranslate2
2010-02-24 17:47:37 —-RSD—- C:WINDOWSFonts
2010-02-19 17:27:04 —-SHD—- C:WINDOWSInstaller
2010-02-19 17:27:04 —-SHD—- C:Config.Msi
2010-02-13 15:12:38 —-D—- C:Program FilesCommon Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2006-03-02 14848]
R2 Consult;Consult; ??C:WINDOWSsystem32driversConsult.sys []
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2004-05-17 41984]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2004-08-03 11868]
R2 tifsfilter;Acronis TrueImage FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2009-02-12 27040]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-03-18 42496]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:WINDOWSsystem32DRIVERSgflmouhid.sys [2004-04-19 6656]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2006-03-02 9600]
R3 HSF_DP;HSF_DP; C:WINDOWSsystem32DRIVERSHSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:WINDOWSsystem32DRIVERSHSFBS2S2.sys [2004-08-03 220032]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2006-03-02 5888]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2006-03-02 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-03-02 26624]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2006-03-02 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-03-02 20480]
R3 viagfx;viagfx; C:WINDOWSsystem32DRIVERSvtmini.sys [2005-07-07 226560]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSFCXTS2.sys [2004-08-03 685056]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
S3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
S3 ATE_PROCMON;ATE_PROCMON; ??C:Program FilesAnti Trojan EliteATEPMon.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2006-03-02 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2006-03-02 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2006-03-02 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2006-03-02 18944]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys []
S3 genmcmn;Scroll Mouse Driver; C:WINDOWSsystem32DRIVERSgmfiltr.sys [2004-05-12 8064]
S3 mirrorv3;mirrorv3; C:WINDOWSsystem32DRIVERSrminiv3.sys [2006-11-01 3328]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2006-03-02 59648]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS []
S3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-08-11 393088]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Serial emulation modem driver; C:WINDOWSsystem32DRIVERSusbser.sys [2004-08-03 25600]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2006-03-02 26496]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2006-03-02 14336]
R2 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2008-10-17 869688]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:Program FilesCanonIJPLMIJPLMSVC.EXE [2007-04-13 101528]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:DOCUME~1VVLOCALS~1TempRarSFX0sp_rsser.exe []
S2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2008-12-09 197896]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-01-11 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-12-29 654848]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 A015BE00;AudaUpdate; C:AudatexAudaUpdateA015BE00.EXE [2004-04-06 45182]
EOF
а вот лог hijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44, on 03.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesCanonIJPLMIJPLMSVC.EXE
C:Program FilesFirebirdbinibguard.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesFirebirdbinibserver.exe
C:WINDOWSsystem32VTTimer.exe
C:PROGRA~1TWINTO~1MouseElf.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesDrWebSpIDerAgent.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesTwinTouch SEEMouse.exe
C:WINDOWSsystem32ctfmon.exe
c:InstallPortable111RSIT.exe
C:Program FilesTrend MicroHijackThisVV.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ya.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 — HKLM..Run: [VTTimer] VTTimer.exe
O4 — HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [mouseElf] C:PROGRA~1TWINTO~1MouseElf.EXE
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [Synchronization Manager] %SystemRoot%system32mobsync.exe /logon
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [3d3234c] C:WINDOWSsystem323d3234c.exe
O4 — HKLM..RunServices: [csrcs] C:WINDOWSsystem32csrcs.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘?’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘?’)
O4 — HKUSS-1-5-21-1659004503-1343024091-839522115-1003..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘?’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘?’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘?’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O15 — Trusted Zone: *.D:
O17 — HKLMSystemCCSServicesTcpip..{C833186E-1B5E-4F87-8AAC-553E2A3579C4}: NameServer = 212.3.137.41,212.3.133.6
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Dr.Web ® Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: PIXMA Extended Survey Program (IJPLMSVC) — Unknown owner — C:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Unknown owner — C:DOCUME~1VVLOCALS~1TempRarSFX0sp_rsser.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5559 bytesЗдравствуйте, добро пожаловать на Spyware-ru форум.
Компьютер так же заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите HijackThis.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:O4 - HKLM..RunServices: [csrcs] C:WINDOWSsystem32csrcs.exeЗакройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
:reg
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"3d3234c"=-
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinaf48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinaf61.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinch72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinci27.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindi62.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWindi83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfk26.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfk48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfk83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingl72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingl83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWingm04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinim72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin37.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin50.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin51.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinin84.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinjo04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkp15.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinkp72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinmr16.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinns83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinot48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinot50.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpu15.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinpu26.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinqv26.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrw83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinrx62.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsw04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsx48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinsx83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinua04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinva05.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwc73.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinwe50.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd27.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinxd48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinye15.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinye51.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinaf48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinaf61.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinch72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinci27.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindi62.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWindi83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfk26.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfk48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfk83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWingl72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWingl83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWingm04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinim72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin37.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin50.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin51.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinin84.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinjo04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkp15.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinkp72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinmr16.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinns72.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinns83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinot48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinot50.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpu15.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinpu26.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinqv26.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrw83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinrx62.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsw04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsx48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinsx83.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinua04.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinva05.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwc73.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinwe50.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxd27.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinxd48.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinye15.sys]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinye51.sys]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{135176d1-4a4f-11dc-ad86-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2245cd8c-4b33-11dc-ad87-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2cfa263e-5a23-11dc-ad98-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{52493b9c-2153-11df-911a-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64d2bfa8-27ec-11dd-aea2-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64f6fb9c-e8fa-11db-ad20-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{77979ac6-4417-11dd-aec0-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{90d3b49a-7ab5-11de-9036-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ad027a52-feca-11db-ad39-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{af704e6c-1a55-11dc-ad57-0015f2903daf}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c47a9ec3-3358-11dc-ad73-0015f2903daf}]
:files
C:WINDOWSsystem3248a15468.exe
C:temp2.exe
C:temp.exe
C:WINDOWSsystem32inetwh32.dll
C:WINDOWSsystem323HCuuXg.exe
C:WINDOWSsystem322l1xeD4.exe
C:WINDOWSsystem32DtQKfXx.exe
C:WINDOWSsystem32ec9fde1e.exe
C:WINDOWSsystem32TEO7Oeh.exe
C:WINDOWSsystem32462f9bee.exe
C:WINDOWSsystem32jJJ2410.exe
C:WINDOWSsystem32JeYlUsJ.exe
C:WINDOWSsystem32RVT9pCW.exe
C:WINDOWSsystem32zC4PRZg.exe
C:WINDOWSsystem32bd1a06d1.exe
C:WINDOWStasksXoftSpySE 2.job
C:WINDOWStasksXoftSpySE.job
:Commands
[emptytemp]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
- Для ответа в этой теме необходимо авторизоваться.
