- This topic has 12 ответов, 3 участника, and was last updated 15 years, 7 months назад by
.
-
Сообщения
-
меня проблема комп работает нормально, но есть дни что вдруг вылетают 100 и даже 1000 окон Symantek с разными текстами , комп блокируется и сделать ничего невозможно,помогите.
@zohar wrote:
меня проблема комп работает нормально, но есть дни что вдруг вылетают 100 и даже 1000 окон Symantek с разными текстами , комп блокируется и сделать ничего невозможно,помогите.
Здраствуйте добро пожаловать на форум
сделайте логи и мы сможем точно или приблизительно вам сказать, возможно ваш ПК заражён ❗Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-06 10:38:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (6%) free of 50 GB
Total RAM: 2046 MB (51% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:04 AM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1SYMANT~1VPTray.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesElectronic ArtsEADMCore.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesSandiskCommonBinWinCinemaMgr.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exe
C:Documents and SettingsHebrewHebrew.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mp3music.co.il/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
R3 — URLSearchHook: (no name) — {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} — C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL (file missing)
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: Ask Search Assistant BHO — {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} — C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL (file missing)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: (no name) — {5C255C8A-E604-49b4-9D64-90988571CECB} — (no file)
O2 — BHO: ???? ?????? ?? Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] «C:PROGRA~1SYMANT~1VPTray.exe»
O4 — HKLM..Run: [NvCplDaemon] «C:WINDOWSsystem32RUNDLL32.EXE» C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] «C:WINDOWSsystem32nwiz.exe» /install
O4 — HKLM..Run: [SkyTel] «C:WINDOWSSkyTel.EXE»
O4 — HKLM..Run: [RTHDCPL] «C:WINDOWSRTHDCPL.EXE»
O4 — HKLM..Run: [Alcmtr] «C:WINDOWSALCMTR.EXE»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [NvMediaCenter] «C:WINDOWSsystem32RUNDLL32.EXE» C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpySweeper] C:Program FilesWebrootWebrootSecuritySpySweeperUI.exe /startintray
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [RGSC] D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [Hebrew] C:Documents and SettingsHebrewHebrew.exe /i
O4 — HKCU..Run: [] C:Documents and SettingsHebrew.exe /i
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Startup: Netvision Cable Connect.url
O4 — Global Startup: WinCinema Manager.lnk = C:Program FilesSandiskCommonBinWinCinemaMgr.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:ICQICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:ICQICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:WINDOWSsystem32GameMon.des.exe (file missing)
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: PCLEPCI — Pinnacle Systems GmbH — C:WINDOWSsystem32driverspclepci.sys
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe—
End of file — 11110 bytes======Scheduled tasks folder======
C:WINDOWStasksMP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO — C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-07-16 1266992][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
???? ?????? ?? Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-07-07 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-09-11 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-07-07 2403392]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-07-16 1266992]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-10-14 863688]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-11-12 13672448]
«nwiz»=C:WINDOWSsystem32nwiz.exe [2008-11-12 1630208]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-08-02 1826816]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-09-19 16844800]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2005-10-26 159744]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-11-12 86016]
«SpySweeper»=C:Program FilesWebrootWebrootSecuritySpySweeperUI.exe /startintray []
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-07-11 68856]
«MsnMsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe [2009-02-06 3885408]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe [2009-02-06 3325952]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-13 1695232]
«RGSC»=D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe [2009-01-30 306088]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480]
«Hebrew»=C:Documents and SettingsHebrewHebrew.exe [2009-03-29 20451]
«»=C:Documents and SettingsHebrew.exe /i [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-12-05 54832][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
C:Program FilesNeroNero 7Nero BackItUpNBKeyScan.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2006-11-23 56928]C:Documents and SettingsAll UsersStart MenuProgramsStartup
WinCinema Manager.lnk — C:Program FilesSandiskCommonBinWinCinemaMgr.exeC:Documents and SettingsHebrewStart MenuProgramsStartup
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Netvision Cable Connect.url[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WIFD1F~1MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»
«C:ijjiENGLISHu_gunz.exe»=»C:ijjiENGLISHu_gunz.exe:*:Enabled:»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«D:GUNZGunz.exe»=»D:GUNZGunz.exe:*:Enabled:Gunz»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:Program FilesPinnacleStudio 11programsRM.exe»=»E:Program FilesPinnacleStudio 11programsRM.exe:*:Enabled:Render Manager»
«E:Program FilesPinnacleStudio 11programsStudio.exe»=»E:Program FilesPinnacleStudio 11programsStudio.exe:*:Enabled:Studio»
«E:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe»=»E:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe:*:Enabled:PMSRegisterFile»
«E:Program FilesPinnacleStudio 11programsumi.exe»=»E:Program FilesPinnacleStudio 11programsumi.exe:*:Enabled:umi»
«D:ICQICQ6ICQ.exe»=»D:ICQICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«D:Program FilesÍîâûé ÄèñêJohn Woo Presents StrangleholdBinariesRetail-Stranglehold.exe»=»D:Program FilesÍîâûé ÄèñêJohn Woo Presents StrangleholdBinariesRetail-Stranglehold.exe:*:Enabled:Stranglehold»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Disabled:EA Download Manager»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.734eMule-v0.49b-MagicAngel-v3.5-binemule.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.734eMule-v0.49b-MagicAngel-v3.5-binemule.exe:*:Enabled:eMule»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.985eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.985eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe:*:Enabled:eMule»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.703eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.703eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe:*:Enabled:eMule»
«C:Program FilesActivisionCall of Duty — World at WarCoDWaW.exe»=»C:Program FilesActivisionCall of Duty — World at WarCoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.390eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.390eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe:*:Enabled:eMule»
«C:WINDOWSTEMPinit.exe»=»C:WINDOWSTEMPinit.exe:*:Enabled:ENABLE»
«C:Program FilesActivisionCall of Duty — World at WarCoDWaWmp.exe»=»C:Program FilesActivisionCall of Duty — World at WarCoDWaWmp.exe:*:Disabled:Call of Duty(R): World at War Multiplayer»
«D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe»=»D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club»
«C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.813eMule-v0.49b-MagicAngel-v3.5-binemule.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.813eMule-v0.49b-MagicAngel-v3.5-binemule.exe:*:Enabled:eMule»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.687eMule-v0.49b-MagicAngel-v3.5-binemule.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.687eMule-v0.49b-MagicAngel-v3.5-binemule.exe:*:Enabled:eMule»
«C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«E:theduel.exe»=»E:theduel.exe:*:Enabled:balagunz»
«D:ICQICQ6.5ICQ.exe»=»D:ICQICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:WINDOWSsystem32spoolsvc.exe»=»C:WINDOWSsystem32spoolsvc.exe:*:Disabled:Ssydufuf Uguhojo»
«C:WINDOWSsystem32dxvsqf.exe»=»C:WINDOWSsystem32dxvsqf.exe:*:Enabled:Ultimate Tool»
«C:WINDOWSsystem32WgaTray.exe»=»C:WINDOWSsystem32WgaTray.exe:*:Enabled:ENABLE»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»======List of files/folders created in the last 1 months======
2009-04-06 10:38:55 —-D—- C:rsit
2009-03-30 11:58:19 —-D—- C:Program FilesWindows Defender
2009-03-29 13:59:29 —-D—- C:Program FilesWinPcap
2009-03-29 13:40:48 —-A—- C:WINDOWSsystem32bktuyxaw.exe
2009-03-29 13:00:40 —-D—- C:ANTIVIRYS
2009-03-29 12:21:09 —-A—- C:WINDOWSsystem32bvawx.exe
2009-03-29 12:14:23 —-A—- C:WINDOWSsystem32wqzzbqw.exe
2009-03-29 11:59:42 —-A—- C:WINDOWSsystem32lrykuot.exe
2009-03-28 11:07:27 —-HDC—- C:WINDOWS$NtUninstallKB961118$
2009-03-28 08:11:30 —-A—- C:WINDOWSsystem32dxvsqf.exe
2009-03-24 09:58:08 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-03-24 09:58:03 —-D—- C:Program FilesCDBurnerXP
2009-03-20 11:17:31 —-D—- C:Documents and SettingsAll UsersApplication DataElectronic Arts
2009-03-16 07:11:24 —-HD—- C:WINDOWSPIF
2009-03-14 00:58:14 —-A—- C:WINDOWSsystem32muweb.dll
2009-03-14 00:58:14 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-03-14 00:58:14 —-A—- C:WINDOWSsystem32mucltui.dll
2009-03-13 04:43:19 —-D—- C:Program FilesMicrosoft
2009-03-13 04:42:49 —-D—- C:Program FilesWindows Live SkyDrive
2009-03-13 04:42:26 —-D—- C:Program FilesWindows Live
2009-03-13 04:36:12 —-D—- C:Program FilesCommon FilesWindows Live
2009-03-12 13:23:21 —-D—- C:Documents and SettingsHebrewApplication DataMSNInstaller
2009-03-11 03:00:51 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-11 03:00:46 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-11 03:00:17 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-10 11:41:30 —-D—- C:Program FilesICQ6Toolbar
2009-03-10 11:41:26 —-D—- C:Documents and SettingsAll UsersApplication DataICQ======List of files/folders modified in the last 1 months======
2009-04-06 10:38:55 —-D—- C:WINDOWSPrefetch
2009-04-06 10:18:06 —-D—- C:WINDOWSTemp
2009-04-06 10:17:55 —-HD—- C:WINDOWSsystem32drivers
2009-04-06 07:45:41 —-A—- C:WINDOWSNeroDigital.ini
2009-04-05 22:54:49 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-05 22:54:47 —-SD—- C:WINDOWSTasks
2009-04-05 22:52:31 —-D—- C:Program FilesSymantec AntiVirus
2009-04-05 14:17:39 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-05 09:00:50 —-D—- C:WINDOWSMinidump
2009-04-05 09:00:50 —-D—- C:WINDOWS
2009-04-04 23:21:33 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2009-04-03 08:39:26 —-SHD—- C:System Volume Information
2009-04-03 08:39:26 —-D—- C:WINDOWSsystem32Restore
2009-04-01 06:36:23 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-31 11:30:40 —-RD—- C:Program Files
2009-03-30 11:58:24 —-SHD—- C:WINDOWSInstaller
2009-03-30 11:58:20 —-HD—- C:WINDOWSinf
2009-03-30 11:58:19 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-30 10:37:05 —-AD—- C:WINDOWSsystem32
2009-03-30 06:55:30 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-29 22:58:31 —-D—- C:WINDOWSHelp
2009-03-29 13:36:55 —-D—- C:Program FilesSpybot — Search & Destroy
2009-03-29 13:08:41 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-29 08:02:32 —-D—- C:WINDOWSnetwork diagnostic
2009-03-28 11:07:38 —-D—- C:WINDOWSsystem32CatRoot
2009-03-28 11:07:32 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-27 02:35:43 —-D—- C:WINDOWSMicrosoft.NET
2009-03-27 02:35:42 —-RSD—- C:WINDOWSassembly
2009-03-27 02:22:11 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 02:21:59 —-D—- C:WINDOWSWinSxS
2009-03-27 02:19:25 —-D—- C:WINDOWSsystem32XPSViewer
2009-03-27 02:19:22 —-D—- C:WINDOWSsystem32en-US
2009-03-27 02:19:18 —-RSD—- C:WINDOWSFonts
2009-03-17 05:15:36 —-D—- C:WINDOWSsystem32wbem
2009-03-15 13:56:52 —-A—- C:WINDOWSwin.ini
2009-03-15 09:51:21 —-A—- C:WINDOWSGunzLauncher.INI
2009-03-14 13:38:13 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-13 04:36:12 —-D—- C:Program FilesCommon Files
2009-03-11 09:10:26 —-D—- C:Documents and SettingsHebrewApplication DataICQ
2009-03-11 03:00:54 —-A—- C:WINDOWSimsins.BAK
2009-03-11 00:20:04 —-HD—- C:WINDOWS$hf_mig$
2009-03-10 22:18:20 —-N—- C:WINDOWSsystem32LegitCheckControl.dll
2009-03-10 22:18:14 —-N—- C:WINDOWSsystem32WgaTray.exe
2009-03-10 22:18:00 —-A—- C:WINDOWSsystem32WgaLogon.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
R2 npf;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2007-11-15 34064]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-09-19 4617728]
R3 Iviaspi;IVI ASPI Shell; C:WINDOWSsystem32driversiviaspi.sys [2005-09-20 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090403.004naveng.sys []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090403.004navex15.sys []
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-11-12 6188320]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-09-19 101504]
R3 SymEvent;SymEvent; ??C:Program FilesSymantecSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S2 npkcrypt;npkcrypt; ??D:MAPLE STORYnpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2008-04-13 48128]
S3 a30fc7q2;a30fc7q2; C:WINDOWSsystem32driversa30fc7q2.sys []
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2008-04-13 38912]
S3 catchme;catchme; ??C:DOCUME~1HebrewLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSsystem32DRIVERSmsdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversvinyl97.sys [2006-03-31 163712]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2006-11-22 250496]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-11-12 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-28 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-07 167936]
R2 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S2 PCLEPCI;PCLEPCI; C:WINDOWSsystem32driverspclepci.sys [2005-02-09 14165]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-01-07 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-07-07 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2006-08-25 2528960]
S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2009-02-16 2741114]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe []
EOF
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
a30fc7q2
usprserv
:reg
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"Hebrew"=-
""=-
:files
C:WINDOWSsystem32bktuyxaw.exe
C:WINDOWSsystem32bvawx.exe
C:WINDOWSsystem32wqzzbqw.exe
C:WINDOWSsystem32lrykuot.exe
C:WINDOWSsystem32dxvsqf.exe
C:WINDOWSsystem32driversa30fc7q2.sys
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите к ответу свежий RSIT лог.
========= SERVICES/DRIVERS ==========
ServiceDriver a30fc7q2 not found.
ServiceDriver a30fc7q2 not found.
ServiceDriver a30fc7q2 not found.
ServiceDriver usprserv deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Hebrew deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ deleted successfully.
========== FILES ==========
C:WINDOWSsystem32bktuyxaw.exe moved successfully.
C:WINDOWSsystem32bvawx.exe moved successfully.
C:WINDOWSsystem32wqzzbqw.exe moved successfully.
C:WINDOWSsystem32lrykuot.exe moved successfully.
C:WINDOWSsystem32dxvsqf.exe moved successfully.
File/Folder C:WINDOWSsystem32driversa30fc7q2.sys not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5SJ7SO9EPviewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_6664.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04082009_074800
== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver a30fc7q2 not found.
ServiceDriver a30fc7q2 not found.
ServiceDriver a30fc7q2 not found.
ServiceDriver usprserv deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Hebrew deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ deleted successfully.
========== FILES ==========
C:WINDOWSsystem32bktuyxaw.exe moved successfully.
C:WINDOWSsystem32bvawx.exe moved successfully.
C:WINDOWSsystem32wqzzbqw.exe moved successfully.
C:WINDOWSsystem32lrykuot.exe moved successfully.
C:WINDOWSsystem32dxvsqf.exe moved successfully.
File/Folder C:WINDOWSsystem32driversa30fc7q2.sys not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5SJ7SO9EPviewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_6664.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04082009_074800
Files moved on Reboot…
C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5SJ7SO9EPviewtopic[1].htm moved successfully.
C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:WINDOWStempPerflib_Perfdata_6664.dat not found!
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-08 07:55:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (6%) free of 50 GB
Total RAM: 2046 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:53 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSnotepad.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesElectronic ArtsEADMCore.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesSandiskCommonBinWinCinemaMgr.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exe
C:Documents and SettingsHebrewHebrew.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mp3music.co.il/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
R3 — URLSearchHook: (no name) — {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} — C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL (file missing)
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: Ask Search Assistant BHO — {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} — C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL (file missing)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: (no name) — {5C255C8A-E604-49b4-9D64-90988571CECB} — (no file)
O2 — BHO: ???? ?????? ?? Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] «C:PROGRA~1SYMANT~1VPTray.exe»
O4 — HKLM..Run: [NvCplDaemon] «C:WINDOWSsystem32RUNDLL32.EXE» C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] «C:WINDOWSsystem32nwiz.exe» /install
O4 — HKLM..Run: [SkyTel] «C:WINDOWSSkyTel.EXE»
O4 — HKLM..Run: [RTHDCPL] «C:WINDOWSRTHDCPL.EXE»
O4 — HKLM..Run: [Alcmtr] «C:WINDOWSALCMTR.EXE»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [NvMediaCenter] «C:WINDOWSsystem32RUNDLL32.EXE» C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SpySweeper] C:Program FilesWebrootWebrootSecuritySpySweeperUI.exe /startintray
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [RGSC] D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [Hebrew] C:Documents and SettingsHebrewHebrew.exe /i
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Startup: Netvision Cable Connect.url
O4 — Global Startup: WinCinema Manager.lnk = C:Program FilesSandiskCommonBinWinCinemaMgr.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:ICQICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:ICQICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:WINDOWSsystem32GameMon.des.exe (file missing)
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: PCLEPCI — Pinnacle Systems GmbH — C:WINDOWSsystem32driverspclepci.sys
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe—
End of file — 10533 bytes======Scheduled tasks folder======
C:WINDOWStasksMP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO — C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-07-16 1266992][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
???? ?????? ?? Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-07-07 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-09-11 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-07-07 2403392]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-07-16 1266992]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-10-14 863688]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-11-12 13672448]
«nwiz»=C:WINDOWSsystem32nwiz.exe [2008-11-12 1630208]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-08-02 1826816]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-09-19 16844800]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2005-10-26 159744]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-11-12 86016]
«SpySweeper»=C:Program FilesWebrootWebrootSecuritySpySweeperUI.exe /startintray []
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-07-11 68856]
«MsnMsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe [2009-02-06 3885408]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe [2009-02-06 3325952]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-13 1695232]
«RGSC»=D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe [2009-01-30 306088]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480]
«Hebrew»=C:Documents and SettingsHebrewHebrew.exe [2009-03-29 20451][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-12-05 54832][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
C:Program FilesNeroNero 7Nero BackItUpNBKeyScan.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2006-11-23 56928]C:Documents and SettingsAll UsersStart MenuProgramsStartup
WinCinema Manager.lnk — C:Program FilesSandiskCommonBinWinCinemaMgr.exeC:Documents and SettingsHebrewStart MenuProgramsStartup
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Netvision Cable Connect.url[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WIFD1F~1MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»
«C:ijjiENGLISHu_gunz.exe»=»C:ijjiENGLISHu_gunz.exe:*:Enabled:»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«D:GUNZGunz.exe»=»D:GUNZGunz.exe:*:Enabled:Gunz»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:Program FilesPinnacleStudio 11programsRM.exe»=»E:Program FilesPinnacleStudio 11programsRM.exe:*:Enabled:Render Manager»
«E:Program FilesPinnacleStudio 11programsStudio.exe»=»E:Program FilesPinnacleStudio 11programsStudio.exe:*:Enabled:Studio»
«E:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe»=»E:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe:*:Enabled:PMSRegisterFile»
«E:Program FilesPinnacleStudio 11programsumi.exe»=»E:Program FilesPinnacleStudio 11programsumi.exe:*:Enabled:umi»
«D:ICQICQ6ICQ.exe»=»D:ICQICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«D:Program FilesÍîâûé ÄèñêJohn Woo Presents StrangleholdBinariesRetail-Stranglehold.exe»=»D:Program FilesÍîâûé ÄèñêJohn Woo Presents StrangleholdBinariesRetail-Stranglehold.exe:*:Enabled:Stranglehold»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Disabled:EA Download Manager»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.734eMule-v0.49b-MagicAngel-v3.5-binemule.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.734eMule-v0.49b-MagicAngel-v3.5-binemule.exe:*:Enabled:eMule»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.985eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.985eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe:*:Enabled:eMule»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.703eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.703eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe:*:Enabled:eMule»
«C:Program FilesActivisionCall of Duty — World at WarCoDWaW.exe»=»C:Program FilesActivisionCall of Duty — World at WarCoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.390eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.390eMule-v0.49b-ZZUL Plus-v1.1-binemule.ZZUL+.exe:*:Enabled:eMule»
«C:WINDOWSTEMPinit.exe»=»C:WINDOWSTEMPinit.exe:*:Enabled:ENABLE»
«C:Program FilesActivisionCall of Duty — World at WarCoDWaWmp.exe»=»C:Program FilesActivisionCall of Duty — World at WarCoDWaWmp.exe:*:Disabled:Call of Duty(R): World at War Multiplayer»
«D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe»=»D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club»
«C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.813eMule-v0.49b-MagicAngel-v3.5-binemule.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.813eMule-v0.49b-MagicAngel-v3.5-binemule.exe:*:Enabled:eMule»
«C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.687eMule-v0.49b-MagicAngel-v3.5-binemule.exe»=»C:Documents and SettingsHebrewLocal SettingsTempRar$EX00.687eMule-v0.49b-MagicAngel-v3.5-binemule.exe:*:Enabled:eMule»
«C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«E:theduel.exe»=»E:theduel.exe:*:Enabled:balagunz»
«D:ICQICQ6.5ICQ.exe»=»D:ICQICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:WINDOWSsystem32spoolsvc.exe»=»C:WINDOWSsystem32spoolsvc.exe:*:Disabled:Ssydufuf Uguhojo»
«C:WINDOWSsystem32dxvsqf.exe»=»C:WINDOWSsystem32dxvsqf.exe:*:Enabled:Ultimate Tool»
«C:WINDOWSsystem32WgaTray.exe»=»C:WINDOWSsystem32WgaTray.exe:*:Enabled:ENABLE»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»
«C:WINDOWSRTHDCPL.exe»=»C:WINDOWSRTHDCPL.exe:*:Enabled:ENABLE»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»======List of files/folders created in the last 1 months======
2009-04-08 07:48:00 —-D—- C:_OTMoveIt
2009-04-06 10:38:55 —-D—- C:rsit
2009-03-30 11:58:19 —-D—- C:Program FilesWindows Defender
2009-03-29 13:59:29 —-D—- C:Program FilesWinPcap
2009-03-29 13:00:40 —-D—- C:ANTIVIRYS
2009-03-28 11:07:27 —-HDC—- C:WINDOWS$NtUninstallKB961118$
2009-03-24 09:58:08 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-03-24 09:58:03 —-D—- C:Program FilesCDBurnerXP
2009-03-20 11:17:31 —-D—- C:Documents and SettingsAll UsersApplication DataElectronic Arts
2009-03-16 07:11:24 —-HD—- C:WINDOWSPIF
2009-03-14 00:58:14 —-A—- C:WINDOWSsystem32muweb.dll
2009-03-14 00:58:14 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-03-14 00:58:14 —-A—- C:WINDOWSsystem32mucltui.dll
2009-03-13 04:43:19 —-D—- C:Program FilesMicrosoft
2009-03-13 04:42:49 —-D—- C:Program FilesWindows Live SkyDrive
2009-03-13 04:42:26 —-D—- C:Program FilesWindows Live
2009-03-13 04:36:12 —-D—- C:Program FilesCommon FilesWindows Live
2009-03-12 13:23:21 —-D—- C:Documents and SettingsHebrewApplication DataMSNInstaller
2009-03-11 03:00:51 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-11 03:00:46 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-11 03:00:17 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-10 11:41:30 —-D—- C:Program FilesICQ6Toolbar
2009-03-10 11:41:26 —-D—- C:Documents and SettingsAll UsersApplication DataICQ======List of files/folders modified in the last 1 months======
2009-04-08 07:55:02 —-D—- C:WINDOWSTemp
2009-04-08 07:54:59 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-08 07:54:56 —-SD—- C:WINDOWSTasks
2009-04-08 07:54:01 —-HD—- C:WINDOWSsystem32drivers
2009-04-08 07:52:55 —-D—- C:WINDOWSPrefetch
2009-04-08 07:52:15 —-D—- C:Program FilesSymantec AntiVirus
2009-04-08 07:51:01 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-08 07:48:00 —-AD—- C:WINDOWSsystem32
2009-04-06 07:45:41 —-A—- C:WINDOWSNeroDigital.ini
2009-04-05 09:00:50 —-D—- C:WINDOWSMinidump
2009-04-05 09:00:50 —-D—- C:WINDOWS
2009-04-04 23:21:33 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2009-04-03 08:39:26 —-SHD—- C:System Volume Information
2009-04-03 08:39:26 —-D—- C:WINDOWSsystem32Restore
2009-04-01 06:36:23 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-31 11:30:40 —-RD—- C:Program Files
2009-03-30 11:58:24 —-SHD—- C:WINDOWSInstaller
2009-03-30 11:58:20 —-HD—- C:WINDOWSinf
2009-03-30 11:58:19 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-30 06:55:30 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-29 22:58:31 —-D—- C:WINDOWSHelp
2009-03-29 13:36:55 —-D—- C:Program FilesSpybot — Search & Destroy
2009-03-29 13:08:41 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-03-29 08:02:32 —-D—- C:WINDOWSnetwork diagnostic
2009-03-28 11:07:38 —-D—- C:WINDOWSsystem32CatRoot
2009-03-28 11:07:32 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-27 02:35:43 —-D—- C:WINDOWSMicrosoft.NET
2009-03-27 02:35:42 —-RSD—- C:WINDOWSassembly
2009-03-27 02:22:11 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 02:21:59 —-D—- C:WINDOWSWinSxS
2009-03-27 02:19:25 —-D—- C:WINDOWSsystem32XPSViewer
2009-03-27 02:19:22 —-D—- C:WINDOWSsystem32en-US
2009-03-27 02:19:18 —-RSD—- C:WINDOWSFonts
2009-03-17 05:15:36 —-D—- C:WINDOWSsystem32wbem
2009-03-15 13:56:52 —-A—- C:WINDOWSwin.ini
2009-03-15 09:51:21 —-A—- C:WINDOWSGunzLauncher.INI
2009-03-14 13:38:13 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-03-13 04:36:12 —-D—- C:Program FilesCommon Files
2009-03-11 09:10:26 —-D—- C:Documents and SettingsHebrewApplication DataICQ
2009-03-11 03:00:54 —-A—- C:WINDOWSimsins.BAK
2009-03-11 00:20:04 —-HD—- C:WINDOWS$hf_mig$
2009-03-10 22:18:20 —-N—- C:WINDOWSsystem32LegitCheckControl.dll
2009-03-10 22:18:14 —-N—- C:WINDOWSsystem32WgaTray.exe
2009-03-10 22:18:00 —-A—- C:WINDOWSsystem32WgaLogon.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
R2 npf;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2007-11-15 34064]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-09-19 4617728]
R3 Iviaspi;IVI ASPI Shell; C:WINDOWSsystem32driversiviaspi.sys [2005-09-20 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090403.004naveng.sys []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090403.004navex15.sys []
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-11-12 6188320]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-09-19 101504]
R3 SymEvent;SymEvent; ??C:Program FilesSymantecSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S2 ksi32sk;ksi32sk; ??C:WINDOWSsystem32driversksi32sk.sys []
S2 npkcrypt;npkcrypt; ??D:MAPLE STORYnpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2008-04-13 48128]
S3 aj3s9v1h;aj3s9v1h; C:WINDOWSsystem32driversaj3s9v1h.sys []
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2008-04-13 38912]
S3 catchme;catchme; ??C:DOCUME~1HebrewLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSsystem32DRIVERSmsdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversvinyl97.sys [2006-03-31 163712]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2006-11-22 250496]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-11-12 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-28 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-07 167936]
R2 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S2 PCLEPCI;PCLEPCI; C:WINDOWSsystem32driverspclepci.sys [2005-02-09 14165]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-01-07 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-07-07 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2006-08-25 2528960]
S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2009-02-16 2741114]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe []
EOF
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
ComboFix 09-04-04.01 — Hebrew 2009-04-10 9:08:18.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1394 [GMT -7:00]
Running from: c:documents and settingsHebrewDesktopComboFix.exe
Command switches used :: c:documents and settingsHebrewDesktopWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsHebrewHebrew.exe
c:documents and settingsHebrewLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsHebrewLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsHebrewLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsHebrewLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsHebrewLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:documents and settingsHebrewLocal SettingsTemporary Internet Filesijjistarter_verinfo.dat
c:windowssystem32tmp65.tmp
c:windowssystem32tmp66.tmp.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.2009-04-08 07:48 . 2009-04-08 07:48 d
C:_OTMoveIt
2009-04-06 10:38 . 2009-04-06 10:39 d
C:rsit
2009-04-03 02:46 . 2009-04-03 02:46 d
c:documents and settingsRussianApplication DataMalwarebytes
2009-03-30 11:58 . 2009-03-30 11:58 d
c:program filesWindows Defender
2009-03-29 13:59 . 2009-03-29 13:59 d
c:program filesWinPcap
2009-03-29 13:00 . 2009-04-04 12:15 d
C:ANTIVIRYS
2009-03-27 07:54 . 2009-01-09 12:19 1,089,593
c— c:windowssystem32dllcachentprint.cat
2009-03-24 09:58 . 2009-03-24 09:58 d
c:program filesCDBurnerXP
2009-03-24 09:58 . 2009-03-24 09:58 d
c:documents and settingsHebrewApplication DataCanneverbe_Limited
2009-03-20 11:17 . 2009-03-20 11:17 d
c:documents and settingsAll UsersApplication DataElectronic Arts
2009-03-16 07:11 . 2009-03-16 07:11 d—h
c:windowsPIF
2009-03-14 00:58 . 2008-10-16 14:06 268,648 —a
c:windowssystem32mucltui.dll
2009-03-14 00:58 . 2008-10-16 14:06 208,744 —a
c:windowssystem32muweb.dll
2009-03-14 00:58 . 2008-10-16 14:06 27,496 —a
c:windowssystem32mucltui.dll.mui
2009-03-13 04:45 . 2009-04-10 07:54 d
c:documents and settingsHebrewTracing
2009-03-13 04:43 . 2009-03-13 04:43 d
c:program filesMicrosoft
2009-03-13 04:42 . 2009-03-13 04:42 d
c:program filesWindows Live SkyDrive
2009-03-13 04:42 . 2009-03-13 04:43 d
c:program filesWindows Live
2009-03-13 04:36 . 2009-03-13 04:36 d
c:program filesCommon FilesWindows Live
2009-03-12 13:23 . 2009-03-12 13:23 d
c:documents and settingsHebrewApplication DataMSNInstaller
2009-03-10 11:41 . 2009-03-10 11:41 d
c:program filesICQ6Toolbar
2009-03-10 11:41 . 2009-03-10 11:41 d
c:documents and settingsAll UsersApplication DataICQ.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 16:05
d
w c:program filesSymantec AntiVirus
2009-04-10 10:13
d
w c:program filesSpybot — Search & Destroy
2009-04-10 09:39
d
w c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-04-05 06:21 138,464 —-a-w c:windowssystem32driversPnkBstrK.sys
2009-04-05 06:21 111,928 —-a-w c:windowssystem32PnkBstrB.exe
2009-04-01 13:36
d
w c:documents and settingsHebrewApplication DatauTorrent
2009-03-30 13:55
d
w c:program filesMalwarebytes’ Anti-Malware
2009-03-26 23:49 38,496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-03-26 23:49 15,504 —-a-w c:windowssystem32driversmbam.sys
2009-03-11 16:10
d
w c:documents and settingsHebrewApplication DataICQ
2009-03-05 17:28
d
w c:documents and settingsHebrewApplication DataWINAMP
2009-02-19 06:02
d—h—w c:program filesInstallShield Installation Information
2009-02-17 09:39
d
w c:program filesCommon FilesAdobe
2009-02-13 09:39
d
w c:program filesMy Application
2009-02-09 11:13 1,846,784 —-a-w c:windowssystem32win32k.sys
2009-02-07 01:52 49,504 —-a-w c:windowssystem32sirenacm.dll
2008-11-28 21:34 22,328 —-a-w c:documents and settingsHebrewApplication DataPnkBstrK.sys
2008-07-08 13:58 22,328 —-a-w c:documents and settingsRussianApplication DataPnkBstrK.sys
2008-08-29 04:50 32,768 —sha-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5MSHist012008082820080829index.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-07-16 1266992][HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-13 15360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-07-11 68856]
«MsnMsgr»=»c:program filesWindows LiveMessengermsnmsgr.exe» [2009-02-06 3885408]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-08-08 490952]
«EA Core»=»c:program filesElectronic ArtsEADMCore.exe» [2009-02-06 3325952]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-13 1695232]
«RGSC»=»d:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe» [2009-01-30 306088]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2006-09-27 125168]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13672448]
«nwiz»=»c:windowssystem32nwiz.exe» [2008-11-12 1630208]
«SkyTel»=»c:windowsSkyTel.EXE» [2007-08-02 1826816]
«RTHDCPL»=»c:windowsRTHDCPL.EXE» [2007-09-19 16844800]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2005-10-26 159744]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 86016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-13 15360]c:documents and settingsHebrewStart MenuProgramsStartup
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 113664]
Netvision Cable Connect.url [2009-01-15 97]c:documents and settingsAll UsersStart MenuProgramsStartup
WinCinema Manager.lnk — c:program filesSandiskCommonBinWinCinemaMgr.exe [2008-12-23 303104][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.MJPG»= Pvmjpg30.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
—a
2007-05-11 03:06 40048 c:program filesAdobeReader 8.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
—a
2008-04-13 17:12 15360 c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
—a
2006-12-05 22:55 54832 c:program filesCyberLinkPowerDVDLanguageLanguage.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
—a
2006-11-23 15:10 56928 c:program filesCyberLinkPowerDVDPDVDServ.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\ijji\ENGLISH\u_gunz.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«d:\GUNZ\Gunz.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«e:\Program Files\Pinnacle\Studio 11\programs\RM.exe»=
«e:\Program Files\Pinnacle\Studio 11\programs\Studio.exe»=
«e:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe»=
«e:\Program Files\Pinnacle\Studio 11\programs\umi.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Winamp Remote\bin\Orb.exe»=
«c:\Program Files\Winamp Remote\bin\OrbTray.exe»=
«c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe»=
«c:\Program Files\Electronic Arts\EADM\Core.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaW.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«d:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«d:\ICQ\ICQ6.5\ICQ.exe»=
«c:\Program Files\Windows Live\Messenger\wlcsdk.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\WINDOWS\system32\WgaTray.exe»=
«c:\WINDOWS\system32\userinit.exe»=
«c:\WINDOWS\RTHDCPL.EXE»=R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [2009-03-10 222456]
R2 npf;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-15 34064]
R2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2009-03-07 101936]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service —> c:windowssystem32GameMon.des -service [?]
S3 SavRoam;SAVRoam;c:program filesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
.
Contents of the ‘Scheduled Tasks’ folder2009-04-10 c:windowsTasksMP Scheduled Scan.job
— c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 19:20]
.
— — — — ORPHANS REMOVED — — — —URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} — c:program filesAskSBarSrchAstt1.binA2SRCHAS.DLL
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} — c:program filesAskSBarSrchAstt1.binA2SRCHAS.DLL
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} — c:program filesCommon FilesAheadLibNMBgMonitor.exe
HKCU-Run-Hebrew — c:documents and settingsHebrewHebrew.exe
HKLM-Run-SpySweeper — c:program filesWebrootWebrootSecuritySpySweeperUI.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} — c:program filesCommon FilesAheadLibNMBgMonitor.exe
MSConfigStartUp-NBKeyScan — c:program filesNeroNero 7Nero BackItUpNBKeyScan.exe
MSConfigStartUp-NeroFilterCheck — c:program filesCommon FilesAheadLibNeroCheck.exe.
Supplementary Scan
.
uStart Page = hxxp://www.mp3music.co.il/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 09:09:23
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-790525478-2025429265-839522115-1004SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)[HKEY_USERSS-1-5-21-790525478-2025429265-839522115-1004SoftwareMicrosoft M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*Recent File List]
«File1″=»c:\WINDOWS\system32\devmgmt.msc»[HKEY_USERSS-1-5-21-790525478-2025429265-839522115-1004SoftwareSecuROMLicense information*]
«datasecu»=hex:4b,64,b6,84,a0,f4,4b,bc,29,24,11,73,30,70,79,55,83,ea,68,59,b3,
f1,94,54,f1,a7,49,15,36,fc,a2,4f,7e,2f,b7,18,bb,52,af,11,92,02,a6,eb,cb,b6,
«rkeysecu»=hex:85,26,92,16,23,5b,07,ba,6e,16,43,fe,fa,ac,17,fd[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«cd042efbbd7f7af1647644e76e06692b»=hex:e2,63,26,f1,3f,c8,ff,68,d0,76,aa,f9,1d,
46,75,73,c8,28,51,af,b0,29,a3,98,23,44,52,ed,47,0b,8d,a7,e2,63,26,f1,3f,c8,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«bca643cdc5c2726b20d2ecedcc62c59b»=hex:46,47,15,b0,92,4b,c7,ef,26,fd,3f,0b,f5,
8c,00,25,71,3b,04,66,8b,46,0d,96,d1,b8,23,4e,9d,46,41,16,6a,9c,d6,61,af,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{684373FB-9CD8-4e47-B990-5A4466C16034}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2c81e34222e8052573023a60d06dd016″=hex:ff,7c,85,e0,43,d4,0e,fe,dd,7d,ed,dc,45,
c4,d7,65,25,da,ec,7e,55,20,c9,26,03,b6,cd,eb,5a,75,52,c0,ff,7c,85,e0,43,d4,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2582ae41fb52324423be06337561aa48″=hex:86,8c,21,01,be,91,eb,e7,d1,22,37,04,91,
b8,57,89,3e,1e,9e,e0,57,5a,93,61,76,1d,76,16,2b,d0,6c,5c,86,8c,21,01,be,91,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«caaeda5fd7a9ed7697d9686d4b818472″=hex:cd,44,cd,b9,a6,33,6c,cd,d3,90,d4,c5,63,
27,1a,d9,cd,44,cd,b9,a6,33,6c,cd,d4,3e,8f,b2,67,f5,35,17,f5,1d,4d,73,a8,13,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«a4a1bcf2cc2b8bc3716b74b2b4522f5d»=hex:50,93,e5,ab,ec,6a,4e,ab,2e,4d,12,61,1a,
78,7c,db,b0,18,ed,a7,3f,8d,37,a4,2b,03,34,50,e3,a9,57,7a,df,20,58,62,78,6b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«4d370831d2c43cd13623e232fed27b7b»=hex:31,77,e1,ba,b1,f8,68,02,bf,b5,e0,d2,d9,
54,e3,72,31,77,e1,ba,b1,f8,68,02,aa,47,d2,7d,fa,16,94,37,fb,a7,78,e6,12,2f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1d68fe701cdea33e477eb204b76f993d»=hex:01,3a,48,fc,e8,04,4a,f1,5b,93,87,fe,71,
05,c5,ea,83,6c,56,8b,a0,85,96,ab,b1,9a,8e,9a,e3,ea,ca,b0,01,3a,48,fc,e8,04,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1fac81b91d8e3c5aa4b0a51804d844a3″=hex:f6,0f,4e,58,98,5b,89,c9,a8,c9,76,5a,e9,
dc,2f,8c,51,fa,6e,91,28,9e,14,cc,fd,ef,bd,ef,5b,69,ed,09,f6,0f,4e,58,98,5b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«f5f62a6129303efb32fbe080bb27835b»=hex:3d,ce,ea,26,2d,45,aa,78,30,ef,39,07,3c,
22,2b,a8,b1,cd,45,5a,a8,c4,f8,b9,15,7f,4f,f3,63,ba,03,bb,3d,ce,ea,26,2d,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«fd4e2e1a3940b94dceb5a6a021f2e3c6″=hex:2a,b7,cc,b5,b9,7f,41,e7,e0,ca,1f,b2,e7,
49,83,12,e3,0e,66,d5,eb,bc,2f,6b,31,48,ad,c8,30,d1,77,be,2a,b7,cc,b5,b9,7f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«8a8aec57dd6508a385616fbc86791ec2″=hex:fa,ea,66,7f,d4,3b,6b,70,45,67,62,17,ba,
09,47,29,fa,ea,66,7f,d4,3b,6b,70,b0,69,dc,88,33,2d,68,3f,6c,43,2d,1e,aa,22,
.
Completion time: 2009-04-10 9:10:47
ComboFix-quarantined-files.txt 2009-04-10 16:10:45Pre-Run: 3,209,129,984 bytes free
Post-Run: 3,239,378,944 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /noexecute=optin /fastdetect278 — E O F — 2009-04-07 06:29:47
Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.Запустите антивирус, найдите вкладку Карантин (Quarantine) и удалите всё содержимое.
Combofix лог выглядит нормально.
Как сейчас работает компьютер ? Антивирус ругается на что-нибуть ?огромное спосибо, всё работает отлично,чтоб вам руки не болели.
С уважение ваш форумчанин.Рад вам помочь 🙂
Несколько завершающих действий.
1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и обновите Windows.
2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.3. Подойдите к защите вашего компьютера более серьёзно.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую использовать только Оперу или Firefox.
4. Создайте новую точку восстановления и удалите все старые.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
5. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
