- This topic has 7 ответов, 2 участника, and was last updated 15 years, 4 months назад by
.
-
Сообщения
-
Здравствуйте Valeri!
Я уже однажды обращалась к Вам и Вы помогли мне. У меня снова проблема 🙁 .
Поймала вирус HEUR: Trojan. Win.32. Generic. Касперский при проверке засунул его в карантин и вроде бы пишет, что компьютер защищен, но после каждой перезагрузки вирус или какой то его компонент снова возникает, Касперский его находит и опять кладет в карантин, и так до бесконечности….Что делать? Spybot-SD и Malwarebytes’ Anti-Malware ничего не видят :(((Здравствуйте Ирина.
Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.
* Дважды кликните по скачанному файлу.
* Если у вас есть файрвал (firewall) и он покажет, что программа RSIT пытается выйти в Интернет, то разрешите ей.
* Кликните по кнопке Continue.
* Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте оба RSIT лога в ваш ответ. Каждый лог в отдельное сообщение.
Здравствуйте Valeri!
Вот лог от RSIT:Logfile of random’s system information tool 1.06 (written by random/random)
Run by user at 2009-07-22 23:44:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (18%) free of 68 GB
Total RAM: 1023 MB (15% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:52, on 22.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
c:WINDOWSsystem32IFXSPMGT.exe
c:WINDOWSsystem32IFXTCS.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WINDOWSExplorer.EXE
c:Program FilesInfineonSecurity Platform SoftwarePSDrt.exe
c:Program FilesInfineonSecurity Platform SoftwareSpTna.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSATK0100ATKOSD.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesASUSASUS Live UpdateALU.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesWireless Console 2wcourier.exe
C:Program FilesASUSSplendidACMON.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32ACEngSvr.exe
C:Program FilesASUSTeKASUSDVDPDVDServ.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:Program FilesWinampwinampa.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesASUSNet4SwitchNet4Switch.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesDAPDAP.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesASUSAsus MultiFrameMultiFrame.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsuserРабочий столRSIT.exe
C:Program Filestrend microuser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=43914
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: SBCONVERT — {A1056498-D09A-41E4-864B-505EDD640D9E} — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MegaIEMn — {bf00e119-21a3-4fd1-b178-3b8537e75c92} — C:Program FilesMegauploadMega ManagerMegaIEMn.dll
O2 — BHO: Ask.com Toolbar BHO — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: DAPIELoader Class — {FF6C3CF0-4B15-11D1-ABED-709549C10000} — C:PROGRA~1DAPDAPIEL~1.DLL
O2 — BHO: GrabberObj Class — {FF7C3CF0-4B15-11D1-ABED-709549C10000} — C:PROGRA~1SPEEDB~1Toolbargrabber.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: (no name) — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — (no file)
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: SpeedBit Video Downloader — {0329E7D6-6F54-462D-93F6-F5C3118BADF2} — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll
O3 — Toolbar: Ask.com Toolbar — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe
O4 — HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 — HKLM..Run: [Wireless Console 2] C:Program FilesWireless Console 2wcourier.exe
O4 — HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ABLKSR] C:windowsABLKSRABLKSR.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesASUSTeKASUSDVDPDVDServ.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [IntelZeroConfig] «C:Program FilesIntelWirelessbinZCfgSvc.exe»
O4 — HKLM..Run: [IntelWireless] «C:Program FilesIntelWirelessBinifrmewrk.exe» /tf Intel PROSet/Wireless
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [YSearchProtection] «C:Program FilesYahoo!Search ProtectionSearchProtection.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [JavaVM] C:Program FilesJavajre1.6.2java.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 — HKLM..RunOnce: [SpybotDeletingA3259] command.com /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKLM..RunOnce: [SpybotDeletingC5774] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKLM..RunOnce: [SpybotDeletingA1288] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingC1831] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingA3720] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingC4057] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingA4829] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingC9505] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingA845] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingC3437] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingA1257] command.com /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingC7152] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingA9521] command.com /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingC8688] cmd.exe /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingA7396] command.com /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingC5568] cmd.exe /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Net4Switch] C:Program FilesASUSNet4SwitchNet4Switch.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [Yahoo! Pager] «C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE» -quiet
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [DownloadAccelerator] «C:Program FilesDAPDAP.EXE» /STARTUP
O4 — HKCU..RunOnce: [SpybotDeletingB9184] command.com /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKCU..RunOnce: [SpybotDeletingD6618] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKCU..RunOnce: [SpybotDeletingB4501] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingD9831] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingB8754] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingD8204] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingB945] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingD9279] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingB8732] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingD3685] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingB6318] command.com /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingD2009] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingB6683] command.com /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingD5628] cmd.exe /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingB9468] command.com /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingD9435] cmd.exe /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: MultiFrame.lnk = ?
O8 — Extra context menu item: &Clean Traces — C:Program FilesDAPPrivacy Packagedapcleanerie.htm
O8 — Extra context menu item: &Download with &DAP — C:Program FilesDAPdapextie.htm
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Download &all with DAP — C:Program FilesDAPdapextie2.htm
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Отправка в блог — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: &Отправка в блог Windows Live Writer — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 — DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) — http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O16 — DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) — http://www.ipix.com/download/ipixx.cab
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) — C:Program FilesYahoo!CommonYinsthelper.dll
O16 — DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} (CRicharoundVR2111 Object) — http://www.enternetica.com/viewer/evp.cab
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://irishkamoscow.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 — DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197331351546
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://foto.mail.ru/ImageUploader4.cab
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 — DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games — Installer) — http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 — DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) — http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 — HKLMSystemCCSServicesTcpip..{490AFAC8-1642-40EE-BCCE-D94360A21D70}: NameServer = 212.1.224.34 212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: OneCard — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
O23 — Service: Kaspersky Internet Security (avp) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: Google Update Service (gupdate1c9ba50dff63758) (gupdate1c9ba50dff63758) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Security Platform Management Service (IFXSpMgtSrv) — Infineon Technologies AG — c:WINDOWSsystem32IFXSPMGT.exe
O23 — Service: Trusted Platform Core Service (IFXTCS) — Infineon Technologies AG — c:WINDOWSsystem32IFXTCS.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Unknown owner — C:Program FilesiPodbiniPodService.exe (file missing)
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Personal Secure Drive Service (PersonalSecureDriveService) — Infineon Technologies AG — c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) — Intel Corporation — C:Program FilesIntelWirelessBinS24EvMon.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 23083 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job
C:WINDOWStasksScheduled Update for Ask Toolbar.job
C:WINDOWStasksSymantec NetDetect.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-03-27 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2009-07-20 312928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2006-11-01 198136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-11 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll [2009-07-15 2498056][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class — C:Program FilesMegauploadMega ManagerMegaIEMn.dll [2007-10-08 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-04-02 809864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-07-16 41368][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-01-24 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-07-16 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class — C:PROGRA~1DAPDAPIEL~1.DLL [2009-07-15 140888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class — C:PROGRA~1SPEEDB~1Toolbargrabber.dll [2009-07-15 198232][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2009-03-07 849392]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-11 680624]
{893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2009-06-17 210728]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-04 3117856]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} — SpeedBit Video Downloader — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll [2009-07-15 2498056]
{D4027C7F-154A-4066-A1AD-4243D8127440} — Ask.com Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-04-02 809864][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-02-23 106496]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-02-08 7405568]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-02-08 86016]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-08-14 16050176]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«ASUS Live Update»=C:Program FilesASUSASUS Live UpdateALU.exe [2006-02-21 180224]
«SMSERIAL»=C:WINDOWSsm56hlpr.exe [2006-01-19 544768]
«Wireless Console 2″=C:Program FilesWireless Console 2wcourier.exe [2005-10-17 987136]
«ACMON»=C:Program FilesASUSSplendidACMON.exe [2006-05-30 811008]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2006-05-25 786521]
«ABLKSR»=C:windowsABLKSRABLKSR.exe [2006-01-03 61440]
«RemoteControl»=C:Program FilesASUSTeKASUSDVDPDVDServ.exe [2004-11-02 32768]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Power_Gear»=C:Program FilesASUSPower4 GearBatteryLife.exe [2006-03-14 90112]
«IntelZeroConfig»=C:Program FilesIntelWirelessbinZCfgSvc.exe [2006-08-02 802816]
«IntelWireless»=C:Program FilesIntelWirelessBinifrmewrk.exe [2006-08-02 696320]
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2009-04-11 6210744]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2009-07-01 37888]
«YSearchProtection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-07-22 208616]
«JavaVM»=C:Program FilesJavajre1.6.2java.exe []
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-07-16 148888]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2009-07-20 198160]
«UserFaultCheck»=C:WINDOWSsystem32dumprep 0 -u [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«SpybotDeletingA3259″=command.com /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingC5774″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingA1288″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingC1831″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingA3720″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingC4057″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingA4829″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingC9505″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingA845″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingC3437″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingA1257″=command.com /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingC7152″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingA9521″=command.com /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingC8688″=cmd.exe /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingA7396″=command.com /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL []
«SpybotDeletingC5568″=cmd.exe /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Net4Switch»=C:Program FilesASUSNet4SwitchNet4Switch.exe [2006-03-02 1101824]
«MsnMsgr»=C:Program FilesWindows LiveMessengerMsnMsgr.Exe [2009-02-06 3885408]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
«Yahoo! Pager»=C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE [2007-11-06 3810544]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe [2009-06-22 2558728]
«Search Protection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480]
«DownloadAccelerator»=C:Program FilesDAPDAP.EXE [2009-07-15 2754048][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«SpybotDeletingB9184″=command.com /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingD6618″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingB4501″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingD9831″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingB8754″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingD8204″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingB945″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingD9279″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingB8732″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingD3685″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingB6318″=command.com /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingD2009″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingB6683″=command.com /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingD5628″=cmd.exe /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingB9468″=command.com /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL []
«SpybotDeletingD9435″=cmd.exe /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
MultiFrame.lnk — C:Program FilesASUSAsus MultiFrameMultiFrame.exeC:Documents and SettingsuserГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIfxWlxEN]
C:WINDOWSsystem32IfxWlxEN.dll [2006-03-10 434176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll [2006-05-03 40448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMessengerMSMSGS.EXE»=»C:Program FilesMessengerMSMSGS.EXE:*:Enabled:Windows Messenger»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesQIPQIP.EXE»=»C:Program FilesQIPQIP.EXE:*:Enabled:Quiet Internet Pager»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesuTorrent [tfile.ru]utorrent.exe»=»C:Program FilesuTorrent [tfile.ru]utorrent.exe:*:Enabled:µTorrent»
«C:Program FilesPC Playerpcplayer.exe»=»C:Program FilesPC Playerpcplayer.exe:*:Enabled:Verimatrix ViewRight PC Player Application»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype. The whole world can talk for free.»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:DOCUME~1userLOCALS~1Temp49.exe»=»C:DOCUME~1userLOCALS~1Temp49.exe:*:Enabled:Microsoft Windows Update Platform»
«C:Documents and SettingsuserLocal SettingsTemp49.tmp»=»C:Documents and SettingsuserLocal SettingsTemp49.tmp:*:Disabled:49»
«C:DOCUME~1userLOCALS~1TempEA.tmp»=»C:DOCUME~1userLOCALS~1TempEA.tmp:*:Enabled:RASS Server»
«C:DOCUME~1userLOCALS~1Temp69.tmp»=»C:DOCUME~1userLOCALS~1Temp69.tmp:*:Enabled:RASS Server»
«C:DOCUME~1userLOCALS~1Temp1398.tmp»=»C:DOCUME~1userLOCALS~1Temp1398.tmp:*:Enabled:RASS Server»
«C:DOCUME~1userLOCALS~1Temp728.exe»=»C:DOCUME~1userLOCALS~1Temp728.exe:*:Enabled:Microsoft Windows Update Platform»
«C:Documents and SettingsuserLocal SettingsTemp728.tmp»=»C:Documents and SettingsuserLocal SettingsTemp728.tmp:*:Disabled:728»
«C:WINDOWSsystem32728.exe»=»C:WINDOWSsystem32728.exe:*:Enabled:Microsoft Windows Update Platform»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f7159c6-5b1f-11dc-b717-001641b2c995}]
shellAutoRuncommand — G:USBNB.exe======List of files/folders created in the last 1 months======
2009-07-20 10:10:17 —-A—- C:WINDOWSwininit.ini
2009-07-20 02:20:18 —-D—- C:Program FilesCommon Filesxing shared
2009-07-16 10:49:47 —-D—- C:WINDOWSSun
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32javaws.exe
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32javaw.exe
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32java.exe
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32deploytk.dll
2009-07-16 10:40:19 —-D—- C:Documents and SettingsuserApplication DataSun
2009-07-16 08:23:35 —-D—- C:Documents and SettingsuserApplication DataKeepsoft
2009-07-16 08:14:50 —-D—- C:Program FilesKeepsoft
2009-07-16 08:14:50 —-D—- C:Documents and SettingsAll UsersApplication DataKeepsoft
2009-07-16 08:00:03 —-D—- C:bp7
2009-07-15 08:56:58 —-D—- C:Program FilesPichugin-M Telephone Book
2009-07-15 08:31:39 —-D—- C:Program FilesAlexPro Lab
2009-07-15 07:55:10 —-D—- C:Program FilesNames
2009-07-15 07:38:29 —-A—- C:WINDOWSsystem32UNWISE.EXE
2009-07-15 07:38:27 —-D—- C:Program FilesMosMap-Lite31
2009-07-15 07:19:35 —-D—- C:Program FilesCookRecepts
2009-07-15 07:09:35 —-D—- C:Program FilesTNR Vision 3.6
2009-07-15 07:06:02 —-D—- C:Program FilesChinese Pattern
2009-07-15 07:00:17 —-D—- C:Program FilespMetro
2009-07-15 06:29:28 —-D—- C:Program FilesxLines
2009-07-15 06:14:57 —-D—- C:Program FilesAura
2009-07-15 05:42:50 —-A—- C:WINDOWSsystem32IdleTrac1.dll
2009-07-15 05:42:49 —-D—- C:Program FilesMailinfo
2009-07-15 05:41:58 —-N—- C:WINDOWSsystem32vbar332.dll
2009-07-15 05:31:46 —-D—- C:Program FilesAsk.com
2009-07-15 05:25:25 —-D—- C:Documents and SettingsAll UsersApplication DataSpeedBit
2009-07-15 05:25:14 —-A—- C:WINDOWSsystem32wbhelp2.dll
2009-07-15 05:25:08 —-D—- C:Program FilesDAP
2009-07-15 05:24:24 —-D—- C:Program FilesSpeedBit Video Downloader
2009-07-15 05:12:19 —-D—- C:Documents and SettingsuserApplication DataStellarium
2009-07-15 05:09:24 —-D—- C:Program FilesStellarium
2009-07-15 03:33:00 —-HDC—- C:WINDOWS$NtUninstallKB973346$
2009-07-15 03:32:16 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-07-15 03:18:14 —-HDC—- C:WINDOWS$NtUninstallKB961371$
2009-07-15 01:10:53 —-A—- C:WINDOWSis-03TGN.exe
2009-07-10 19:58:50 —-D—- C:Program FilesJava
2009-07-10 00:10:29 —-A—- C:WINDOWSIE4 Error Log.txt======List of files/folders modified in the last 1 months======
2009-07-22 23:44:39 —-D—- C:Program Filestrend micro
2009-07-22 23:44:32 —-D—- C:WINDOWStemp
2009-07-22 23:44:28 —-D—- C:WINDOWSPrefetch
2009-07-22 20:14:21 —-RSHD—- C:WINDOWSsystem32dllcache
2009-07-22 20:14:16 —-D—- C:WINDOWSsystem32
2009-07-22 20:14:09 —-D—- C:WINDOWSsystem32CatRoot2
2009-07-20 10:10:17 —-D—- C:WINDOWS
2009-07-20 10:10:07 —-D—- C:Program Files
2009-07-20 06:56:14 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-07-20 06:55:48 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-07-20 06:55:17 —-D—- C:WINDOWSsystem32drivers
2009-07-20 06:52:48 —-A—- C:WINDOWSSchedLgU.Txt
2009-07-20 02:30:27 —-D—- C:Program FilesThe KMPlayer
2009-07-20 02:20:18 —-D—- C:Program FilesCommon Files
2009-07-20 02:20:06 —-D—- C:Program FilesCommon FilesReal
2009-07-20 02:20:02 —-A—- C:WINDOWSsystem32rmoc3260.dll
2009-07-20 02:19:40 —-A—- C:WINDOWSsystem32pndx5032.dll
2009-07-20 02:19:40 —-A—- C:WINDOWSsystem32pndx5016.dll
2009-07-20 02:19:33 —-A—- C:WINDOWSsystem32pncrt.dll
2009-07-20 01:53:03 —-D—- C:Program FilesWinamp
2009-07-19 07:48:59 —-D—- C:Documents and SettingsuserApplication DatauTorrent
2009-07-16 10:46:20 —-SHD—- C:WINDOWSInstaller
2009-07-16 10:46:03 —-SHD—- C:Config.Msi
2009-07-15 10:44:47 —-A—- C:WINDOWSNeroDigital.ini
2009-07-15 05:47:23 —-A—- C:WINDOWS_MSRSTRT.EXE
2009-07-15 05:31:54 —-SD—- C:WINDOWSTasks
2009-07-15 03:33:16 —-HD—- C:WINDOWSinf
2009-07-15 03:32:58 —-HD—- C:WINDOWS$hf_mig$
2009-07-15 03:32:43 —-A—- C:WINDOWSimsins.BAK
2009-07-15 03:30:48 —-RSD—- C:WINDOWSassembly
2009-07-15 02:08:14 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-07-10 21:07:15 —-D—- C:Program FilesWebMoney
2009-07-09 23:09:59 —-D—- C:Documents and SettingsuserApplication DataVerimatrix
2009-07-09 20:26:05 —-SD—- C:WINDOWSDownloaded Program Files
2009-07-07 19:10:56 —-A—- C:WINDOWSsystem32MRT.exe
2009-07-06 21:39:28 —-D—- C:WINDOWSMicrosoft.NET
2009-07-06 21:15:22 —-D—- C:Program FilesGoogle
2009-07-05 18:38:37 —-D—- C:Documents and SettingsuserApplication DataYandex======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 ItSDisk;ItSDisk; C:WINDOWSSystem32DriversItSDisk.sys [2006-05-16 17840]
R1 klif;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-05 213520]
R1 PersonalSecureDrive;PersonalSecureDrive; C:WINDOWSSystem32driverspsd.sys [2005-11-29 36768]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2006-09-28 21419]
R2 fssfltr;FssFltr; C:WINDOWSsystem32DRIVERSfssfltr_tdi.sys [2009-02-06 55152]
R2 s24trans;WLAN Transport; C:WINDOWSsystem32DRIVERSs24trans.sys [2006-08-02 12544]
R2 VMSD;VMSD; ??C:WINDOWSsystem32driversvmVMSD.sys []
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-06-07 329901]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-06-07 30459]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-06-07 855018]
R3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-06-07 149028]
R3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2006-06-07 47811]
R3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-06-07 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-06-07 67384]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:WINDOWSsystem32DRIVERSIFXTPM.SYS [2005-10-21 36352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-15 4368896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 NETw3x32;Драйвер адаптера Intel(R) PRO/Wireless 3945ABG для 32-разрядной версии Windows XP; C:WINDOWSsystem32DRIVERSNETw3x32.sys [2006-07-26 1707776]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-02-08 3640608]
R3 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2005-11-01 308992]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2005-11-16 78976]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2006-01-19 862340]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:WINDOWSsystem32DRIVERSsnp2sxp.sys [2006-01-04 10219904]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-05-25 193088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 ipswuio;ipswuio; C:WINDOWSSystem32DRIVERSipswuio.sys [2006-01-24 34944]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 sffdisk;Драйвер класса SFF Storage; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversSPT2Sp50.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 avp;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-07-22 208616]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2006-06-07 266295]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2006-08-02 434176]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 IFXSpMgtSrv;Security Platform Management Service; c:WINDOWSsystem32IFXSPMGT.exe [2006-03-10 507904]
R2 IFXTCS;Trusted Platform Core Service; c:WINDOWSsystem32IFXTCS.exe [2006-03-10 741376]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-07-16 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-02-08 143426]
R2 PersonalSecureDriveService;Personal Secure Drive Service; c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE [2005-11-29 99872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:Program FilesIntelWirelessBinS24EvMon.exe [2006-08-02 937984]
S2 gupdate1c9ba50dff63758;Google Update Service (gupdate1c9ba50dff63758); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-04-11 133104]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Семейная безопасность Windows Live; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Проверим ещё одной программой.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Здравствуйте!
Все сделала, как Вы написали….. лог от Combofix:ComboFix 09-07-23.02 — user 24.07.2009 4:51.2.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1023.529 [GMT 4:00]
Running from: c:documents and settingsuserРабочий столComboFix.exe
Command switches used :: c:documents and settingsuserРабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesSpeedBit Video DownloaderToolbartbhelper.dll
c:program filesWebMoney Advisor
c:program filesWebMoney Advisor16x16x32b.bmp
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorbasis.xml
c:program filesWebMoney Advisorbooble.html
c:program filesWebMoney Advisorfavicon.ico
c:program filesWebMoney Advisorinfo.txt
c:program filesWebMoney Advisortbhelper.dll
c:program filesWebMoney Advisortbs_include_script_014708.js
c:program filesWebMoney Advisortbs_include_script_wmadvisor.js
c:program filesWebMoney Advisoruninstall.exe
c:program filesWebMoney Advisorversion.txt
c:program filesWebMoney Advisorwmadvisor.crc
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:windowsInstaller1460fd02.msp
c:windowsInstaller1460fd07.msp
c:windowsInstaller150acf50.msp
c:windowsInstaller150acf55.msp
c:windowsInstaller150acf5a.msp
c:windowsInstaller150acf5f.msp
c:windowsInstaller150acf64.msp
c:windowsInstaller150acf69.msp
c:windowsInstaller150acf6e.msp
c:windowsInstaller150acf73.msp
c:windowsInstaller150acf78.msp
c:windowsInstaller150acf7d.msp
c:windowsInstaller150acf82.msp
c:windowsInstaller150acf87.msp
c:windowsInstaller155bc6.msp
c:windowsInstaller155bcb.msp
c:windowsInstaller155bd0.msp
c:windowsInstaller155bd5.msp
c:windowsInstaller155bda.msp
c:windowsInstaller155bdf.msp
c:windowsInstaller155be4.msp
c:windowsInstaller155be9.msp
c:windowsInstaller155bee.msp
c:windowsInstaller155bf3.msp
c:windowsInstaller155bf8.msp
c:windowsInstaller155bfd.msp
c:windowsInstaller1e89beb1.msp
c:windowsInstaller227fd43.msp
c:windowsInstaller28e66164.msp
c:windowsInstaller28e66169.msp
c:windowsInstaller28e6616e.msp
c:windowsInstaller3e501660.msp
c:windowsInstaller3e50166e.msp
c:windowsInstaller3e501673.msp
c:windowsInstaller3e501678.msp
c:windowsInstaller3e50167d.msp
c:windowsInstaller3e501682.msp
c:windowsInstaller3e501687.msp
c:windowsInstaller3e50168c.msp
c:windowsInstaller3e501691.msp
c:windowsInstaller3e501696.msp
c:windowsInstaller3e50169b.msp
c:windowsInstaller3e5016a0.msp
c:windowsInstaller3ec8161.msp
c:windowsInstaller3ec8166.msp
c:windowsInstaller3ec8176.msp
c:windowsInstaller41e505c9.msp
c:windowsInstaller4a246d4.msp
c:windowsInstaller4aaba9.msp
c:windowsInstaller4ef1f.msp
c:windowsInstaller4ef24.msp
c:windowsInstaller4ef29.msp
c:windowsInstaller4ef2e.msp
c:windowsInstaller4ef33.msp
c:windowsInstaller4ef38.msp
c:windowsInstaller4ef3d.msp
c:windowsInstaller4fe1092.msp
c:windowsInstaller4fe1097.msp
c:windowsInstaller4fe109c.msp
c:windowsInstaller4fe10a1.msp
c:windowsInstaller4fe10a6.msp
c:windowsInstaller4fe10ab.msp
c:windowsInstaller4fe10b0.msp
c:windowsInstaller4fe10b5.msp
c:windowsInstaller50ca367.msp
c:windowsInstaller51c00.msp
c:windowsInstaller51c05.msp
c:windowsInstaller51c0a.msp
c:windowsInstaller51c0f.msp
c:windowsInstaller51c14.msp
c:windowsInstaller51c19.msp
c:windowsInstaller51c1e.msp
c:windowsInstaller51c23.msp
c:windowsInstaller51c28.msp
c:windowsInstaller51c2d.msp
c:windowsInstaller51c32.msp
c:windowsInstaller5262d9d.msp
c:windowsInstaller5262dab.msp
c:windowsInstaller53aab18.msp
c:windowsInstaller53afb5b.msp
c:windowsInstaller53afb60.msp
c:windowsInstaller53afb65.msp
c:windowsInstaller53afb6a.msp
c:windowsInstaller53afb6f.msp
c:windowsInstaller53afb74.msp
c:windowsInstaller53afb79.msp
c:windowsInstaller53afb7e.msp
c:windowsInstaller53afb83.msp
c:windowsInstaller53afb88.msp
c:windowsInstaller5500e22.msp
c:windowsInstaller5a987d5.msp
c:windowsInstaller5a987da.msp
c:windowsInstaller5a987df.msp
c:windowsInstaller5a987e4.msp
c:windowsInstaller5a987e9.msp
c:windowsInstaller5a987ee.msp
c:windowsInstaller5a987f3.msp
c:windowsInstaller5a987f8.msp
c:windowsInstaller5a987fd.msp
c:windowsInstaller5a98802.msp
c:windowsInstaller5a98807.msp
c:windowsInstaller5a9880c.msp
c:windowsInstaller5c34873.msp
c:windowsInstaller5c34878.msp
c:windowsInstaller5d997ba.msp
c:windowsInstaller5d997bf.msp
c:windowsInstaller5d997c4.msp
c:windowsInstaller5d997c9.msp
c:windowsInstaller5d997ce.msp
c:windowsInstaller5d997d3.msp
c:windowsInstaller5d997d8.msp
c:windowsInstaller5d997dd.msp
c:windowsInstaller5d997e2.msp
c:windowsInstaller5d997e7.msp
c:windowsInstaller5d997ec.msp
c:windowsInstaller5fdb600.msp
c:windowsInstaller62fd2ec.msp
c:windowsInstaller62fd2f1.msp
c:windowsInstaller62fd2f6.msp
c:windowsInstaller62fd2fb.msp
c:windowsInstaller62fd300.msp
c:windowsInstaller62fd318.msp
c:windowsInstaller6f155cd.msp
c:windowsInstaller70586e8.msp
c:windowsInstaller70586ed.msp
c:windowsInstaller70586f2.msp
c:windowsInstaller7a8c6f.msp
c:windowsInstaller7a8c74.msp
c:windowsInstaller7a8c82.msp
c:windowsInstaller87af61d.msp
c:windowsInstaller9aad509.msp
c:windowsInstaller9b4e136.msp
c:windowsInstaller9b4e13b.msp
c:windowsInstaller9b4e140.msp
c:windowsInstaller9b4e145.msp
c:windowsInstaller9ebd786.msp
c:windowsInstaller9ebd78b.msp
c:windowsInstaller9ebd790.msp
c:windowsInstaller9ebd795.msp
c:windowsInstaller9ebd79a.msp
c:windowsInstaller9ebd79f.msp
c:windowsInstaller9ebd7a4.msp
c:windowsInstaller9ebd7a9.msp
c:windowsInstaller9ebd7ae.msp
c:windowsInstaller9ebd7b3.msp
c:windowsInstaller9ebd7b8.msp
c:windowsInstallercc7186.msp
c:windowssystem32Фантик.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.2009-07-20 01:41 . 2009-07-20 01:41 61 —-a-w- c:documents and settingsuserdel.bat
2009-07-19 22:20 . 2009-07-19 22:20
d
w- c:program filesCommon Filesxing shared
2009-07-16 06:49 . 2009-07-16 06:49
d
w- c:windowsSun
2009-07-16 06:45 . 2009-07-16 06:45 410984 —-a-w- c:windowssystem32deploytk.dll
2009-07-16 06:44 . 2009-07-16 06:44 152576 —-a-w- c:documents and settingsuserApplication DataSunJavajre1.6.0_14lzma.dll
2009-07-16 04:23 . 2009-07-16 04:23
d
w- c:documents and settingsuserApplication DataKeepsoft
2009-07-16 04:14 . 2009-07-16 04:14
d
w- c:program filesKeepsoft
2009-07-16 04:14 . 2009-07-16 04:14
d
w- c:documents and settingsAll UsersApplication DataKeepsoft
2009-07-16 04:00 . 2009-07-16 04:09
d
w- C:bp7
2009-07-15 04:56 . 2009-07-15 04:56
d
w- c:program filesPichugin-M Telephone Book
2009-07-15 04:31 . 2009-07-15 04:31
d
w- c:program filesAlexPro Lab
2009-07-15 03:55 . 2009-07-15 03:56
d
w- c:program filesNames
2009-07-15 03:38 . 2001-11-05 06:30 165376 —-a-w- c:windowssystem32UNWISE.EXE
2009-07-15 03:38 . 2009-07-15 05:00
d
w- c:program filesMosMap-Lite31
2009-07-15 03:19 . 2009-07-15 03:19
d
w- c:program filesCookRecepts
2009-07-15 03:09 . 2009-07-15 03:09
d
w- c:program filesTNR Vision 3.6
2009-07-15 03:06 . 2009-07-15 03:07
d
w- c:program filesChinese Pattern
2009-07-15 03:00 . 2009-07-15 03:00
d
w- c:program filespMetro
2009-07-15 02:29 . 2009-07-22 21:27
d
w- c:program filesxLines
2009-07-15 02:14 . 2009-07-15 02:15
d
w- c:program filesAura
2009-07-15 01:42 . 2005-02-28 04:32 24576 —-a-w- c:windowssystem32IdleTrac1.dll
2009-07-15 01:42 . 2009-07-15 01:42
d
w- c:program filesMailinfo
2009-07-15 01:41 . 1998-04-23 20:00 368912
w- c:windowssystem32vbar332.dll
2009-07-15 01:36 . 2009-07-20 00:05
d
w- c:documents and settingsuserLocal SettingsApplication DataAskToolbar
2009-07-15 01:31 . 2009-07-15 01:31
d
w- c:program filesAsk.com
2009-07-15 01:29 . 2009-07-15 01:29 83456 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPSDCondition.dll
2009-07-15 01:28 . 2009-07-15 01:28 1943560 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPOffersmailinfo30.exe
2009-07-15 01:28 . 2009-07-15 01:28 2169880 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPOffersspo3.exe
2009-07-15 01:28 . 2009-07-15 01:28 3315736 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPOffersVA3_DapSo.exe
2009-07-15 01:27 . 2009-07-22 19:43 95744 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPUpdatesCondition.dll
2009-07-15 01:25 . 2009-07-15 02:10
d
w- c:documents and settingsAll UsersApplication DataSpeedBit
2009-07-15 01:25 . 2009-07-15 01:25 50688 —-a-w- c:windowssystem32wbhelp2.dll
2009-07-15 01:25 . 2009-07-15 01:29
d
w- c:program filesDAP
2009-07-15 01:24 . 2009-07-15 01:24
d
w- c:program filesSpeedBit Video Downloader
2009-07-15 01:12 . 2009-07-15 01:12
d
w- c:documents and settingsuserApplication DataStellarium
2009-07-15 01:09 . 2009-07-15 01:11
d
w- c:program filesStellarium
2009-07-14 21:10 . 2009-07-14 21:10 687104 —-a-w- c:windowsis-03TGN.exe
2009-07-10 15:58 . 2009-07-16 06:45
d
w- c:program filesJava
2009-07-06 17:09 . 2009-07-06 17:13
d
w- c:documents and settingsuserLocal SettingsApplication DataTemp.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 00:29 . 2008-02-16 01:56
d
w- c:documents and settingsuserApplication DatauTorrent
2009-07-22 19:49 . 2009-02-17 23:19
d
w- c:program filestrend micro
2009-07-22 18:15 . 2009-02-05 17:17 208616 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP8DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav8exec8.0.0.454avp.exe
2009-07-20 02:56 . 2008-08-25 16:33
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-07-20 02:55 . 2007-07-03 11:37
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-20 02:53 . 2007-08-10 13:45 2775620 —sha-w- c:windowssystem32driversfidbox.idx
2009-07-20 02:53 . 2007-08-10 13:45 2111264 —sha-w- c:windowssystem32driversfidbox2.dat
2009-07-20 02:53 . 2007-08-10 13:45 201044 —sha-w- c:windowssystem32driversfidbox2.idx
2009-07-20 02:53 . 2007-08-10 13:45 207010080 —sha-w- c:windowssystem32driversfidbox.dat
2009-07-19 22:30 . 2009-05-10 00:42
d
w- c:program filesThe KMPlayer
2009-07-19 22:20 . 2007-10-29 16:09
d
w- c:program filesCommon FilesReal
2009-07-19 21:53 . 2007-03-11 14:53
d
w- c:program filesWinamp
2009-07-15 01:47 . 2007-09-19 19:06 2560 —-a-w- c:windows_MSRSTRT.EXE
2009-07-14 22:08 . 2009-02-13 01:48
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-07-14 21:09 . 2009-03-31 23:10 3775176 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2009-07-13 17:32 . 2009-07-10 15:58 3 —-a-w- c:program filesCommon Filestime.cv
2009-07-13 09:36 . 2009-02-13 01:48 38160 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-07-13 09:36 . 2009-02-13 01:48 19096 —-a-w- c:windowssystem32driversmbam.sys
2009-07-10 17:07 . 2008-08-25 16:33
d
w- c:program filesWebMoney
2009-07-09 19:09 . 2009-05-07 17:08
d
w- c:documents and settingsuserApplication DataVerimatrix
2009-07-06 17:15 . 2007-02-09 19:32
d
w- c:program filesGoogle
2009-07-05 14:38 . 2007-10-06 22:48
d
w- c:documents and settingsuserApplication DataYandex
2009-06-16 14:40 . 2004-09-22 13:51 119808 —-a-w- c:windowssystem32t2embed.dll
2009-06-16 14:40 . 2004-09-22 13:50 81920 —-a-w- c:windowssystem32fontsub.dll
2009-06-03 19:11 . 2004-09-22 13:51 1292800 —-a-w- c:windowssystem32quartz.dll
2009-05-20 21:50 . 2007-08-10 13:45 94643 —-a-w- c:windowssystem32driversklick.dat
2009-05-20 21:50 . 2007-08-10 13:45 105395 —-a-w- c:windowssystem32driversklin.dat
2009-05-07 15:33 . 2004-09-22 13:51 346624 —-a-w- c:windowssystem32localspl.dll
2009-04-29 04:35 . 2004-09-22 13:51 667136 —-a-w- c:windowssystem32wininet.dll
2009-04-29 04:35 . 2004-09-22 13:51 81920 —-a-w- c:windowssystem32ieencode.dll
2009-04-27 00:49 . 2004-09-22 13:51 81150 —-a-w- c:windowssystem32perfc019.dat
2009-04-27 00:49 . 2004-09-22 13:51 478476 —-a-w- c:windowssystem32perfh019.dat
2009-07-15 01:25 . 2009-07-15 01:29 251392 —-a-w- c:program filesoperaprogrampluginsdapop.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 15:50 809864 —-a-w- c:program filesAsk.comGenericAskToolbar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{893AE660-AE80-4dd0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2009-06-17 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-04 3117856]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-04-02 809864][HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{893AE660-AE80-4DD0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2009-06-17 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-04 3117856]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-04-02 809864][HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersSecure Disks]
@=»{666C7836-A9B6-4AB4-94ED-DC238C81E925}»
[HKEY_CLASSES_ROOTCLSID{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 16:08 381952 —-a-r- c:program filesASUS Security CenterASUS Security Protect ManagerBinSFSShell.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Net4Switch»=»c:program filesASUSNet4SwitchNet4Switch.exe» [2006-03-02 1101824]
«MsnMsgr»=»c:program filesWindows LiveMessengerMsnMsgr.Exe» [2009-02-06 3885408]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2009-06-22 2558728]
«Search Protection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2008-10-07 111856]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
«DownloadAccelerator»=»c:program filesDAPDAP.EXE» [2009-07-15 2754048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»c:windowssystem32dumprep 0 -u» [X]
«HControl»=»c:windowsATK0100HControl.exe» [2006-02-23 106496]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-02-08 7405568]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-02-08 86016]
«ASUS Live Update»=»c:program filesASUSASUS Live UpdateALU.exe» [2006-02-21 180224]
«Wireless Console 2″=»c:program filesWireless Console 2wcourier.exe» [2005-10-17 987136]
«ACMON»=»c:program filesASUSSplendidACMON.exe» [2006-05-30 811008]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«ABLKSR»=»c:windowsABLKSRABLKSR.exe» [2006-01-03 61440]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Power_Gear»=»c:program filesASUSPower4 GearBatteryLife.exe» [2006-03-14 90112]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2006-08-01 802816]
«IntelWireless»=»c:program filesIntelWirelessBinifrmewrk.exe» [2006-08-01 696320]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2009-04-11 6210744]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-07-01 37888]
«YSearchProtection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2008-10-07 111856]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-07-22 208616]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-07-16 148888]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2009-07-19 198160]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-02-08 1519616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2006-08-13 16050176]
«SkyTel»=»SkyTel.EXE» — c:windowsSkyTel.exe [2006-05-16 2879488]
«SMSERIAL»=»sm56hlpr.exe» — c:windowssm56hlpr.exe [2006-01-19 544768][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsuserѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
€бва㬥⠯஢ҐаЄЁ ®бЁвҐ«п ¤«п Cyber-shot Viewer.lnk — c:program filesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2007-2-17 155648]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-23 29696]
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2006-6-7 553021]
MultiFrame.lnk — c:program filesASUSAsus MultiFrameMultiFrame.exe [2006-9-28 491520][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2006-05-02 21:23 40448 —-a-r- c:program filesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyIfxWlxEN]
2006-03-10 06:20 434176 —-a-w- c:windowssystem32IfxWlxEN.dll[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Messenger\MSMSGS.EXE»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\QIP\QIP.EXE»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\uTorrent [tfile.ru]\utorrent.exe»=
«c:\Program Files\PC Player\pcplayer.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\DAP\DAP.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 18:29 33808]
R1 ItSDisk;ItSDisk;c:windowssystem32driversitsdisk.sys [16.05.2006 14:14 17840]
R1 PersonalSecureDrive;PersonalSecureDrive;c:windowssystem32driverspsd.sys [29.11.2005 13:50 36768]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [22.09.2004 17:51 14336]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [21.02.2009 4:53 55152]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [07.03.2009 0:19 222456]
R2 VMSD;VMSD;c:windowssystem32driversvmVMSD.sys [15.05.2008 16:08 6016]
R3 IFXTPM;IFXTPM;c:windowssystem32driversifxtpm.sys [28.09.2006 22:21 36352]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [13.03.2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.12.2007 14:28 24592]
S2 gupdate1c9ba50dff63758;Google Update Service (gupdate1c9ba50dff63758);c:program filesGoogleUpdateGoogleUpdate.exe [11.04.2009 6:54 133104]
S3 fsssvc;Семейная безопасность Windows Live;c:program filesWindows LiveFamily Safetyfsssvc.exe [06.02.2009 19:08 533360]
S3 ipswuio;ipswuio;c:windowssystem32driversipswuio.sys [28.09.2006 22:06 34944]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver;c:windowssystem32DriversSPT2Sp50.sys —> c:windowssystem32DriversSPT2Sp50.sys [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the ‘Scheduled Tasks’ folder2009-03-18 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-01-10 11:42]2009-07-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-11 02:54]2009-07-22 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-11 02:54]2009-07-22 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2009-04-02 15:50]2006-09-28 c:windowsTasksSymantec NetDetect.job
— c:program filesSymantecLiveUpdateNDETECT.EXE [2006-09-28 13:26]
.
— — — — ORPHANS REMOVED — — — —BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
HKLM-Run-JavaVM — c:program filesJavajre1.6.2java.exe.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=43914
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Clean Traces — c:program filesDAPPrivacy Packagedapcleanerie.htm
IE: &Download with &DAP — c:program filesDAPdapextie.htm
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Download &all with DAP — c:program filesDAPdapextie2.htm
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Добавить в Анти-Баннер — c:program filesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Опубликовать в Дневнике — c:program filesRambler AssistantramblertoolbarU0.dll/planet.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
TCP: {490AFAC8-1642-40EE-BCCE-D94360A21D70} = 212.1.224.34 212.1.230.111
DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} — hxxp://www.enternetica.com/viewer/evp.cab
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 04:58
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1608)
c:program filesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
c:windowssystem32IfxWlxEN.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinAsChnl.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinItMsg.dll— — — — — — — > ‘lsass.exe'(1664)
c:program filesASUS Security CenterASUS Security Protect ManagerbinASWLNPkg.dll
.
Completion time: 2009-07-24 5:04
ComboFix-quarantined-files.txt 2009-07-24 01:03Pre-Run: 12 236 563 968 байт свободно
Post-Run: 12 252 281 856 байт свободноWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Home Edition RU» /noexecute=optin /fastdetect455 — E O F — 2009-07-14 23:33
Вроде бы все наладилось , Касперский ничего не нашел при последней проверке 🙂
Спасибо Вам большое за помощь! Мне теперь удалить RSIT и Combofix?Да, Ирина.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Всего доброго 🙂
- Тема ‘ПОМОГИТЕ избавиться!!! Вирус HEUR: Trojan. Win.32. Generic’ закрыта для новых сообщений.
