Заблокированы некоторые сайты

[88]

После атаки троянов остались заблокированы некоторые сайты. Проблема со скачиванием, сайты или не открываются (пишет, что заблокировано удаленным сервером) или, если и открылись, то скачивать не дает.
Logfile of random’s system information tool 1.08 (written by random/random)
Run by 1 at 2010-09-28 01:15:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (42%) free of 30 GB
Total RAM: 383 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:04, on 28.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesOperaopera.exe
C:Documents and Settings1Рабочий столRSIT.exe
C:Program Filestrend micro1.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: UrlSearchHook Class — {00000000-6E41-4FD3-8538-502F5495E5FC} — C:Program FilesAsk.comGenericAskToolbar.dll
R3 — URLSearchHook: MyAshampoo Toolbar — {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} — C:Program FilesMyAshampootbMyA0.dll
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe
O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: MyAshampoo Toolbar — {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} — C:Program FilesMyAshampootbMyA0.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (file missing)
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.6.5612.1312swg.dll (file missing)
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll (file missing)
O2 — BHO: Ask Toolbar BHO — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O2 — BHO: HP Smart BHO Class — {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (file missing)
O3 — Toolbar: MyAshampoo Toolbar — {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} — C:Program FilesMyAshampootbMyA0.dll
O3 — Toolbar: (no name) — {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} — (no file)
O3 — Toolbar: Ask Toolbar — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [Nikon Transfer Monitor] C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Показать или скрыть HP Smart Web Printing — {DDE87865-83C5-48c4-8357-2F5B1AA84522} — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{9929AFD7-A871-4379-BB43-3B69CF54309E}: NameServer = 78.36.171.200 212.48.193.36
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: ArcSoft Connect Daemon (ACDaemon) — ArcSoft Inc. — C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NMSAccess — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8191 bytes

[88]

Вот второй лог

======Scheduled tasks folder======

C:WINDOWStasksScheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar — C:Program FilesMyAshampootbMyA0.dll [2010-09-27 2735200]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.6.5612.1312swg.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll []
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} — MyAshampoo Toolbar — C:Program FilesMyAshampootbMyA0.dll [2010-09-27 2735200]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
{D4027C7F-154A-4066-A1AD-4243D8127440} — Ask Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-09-19 16844800]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-08-03 1826816]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2005-01-12 32768]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«Nikon Transfer Monitor»=C:Program FilesCommon FilesNikonMonitorNkMonitor.exe [2009-09-15 479232]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-03-19 2029640]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-06-09 15360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Utility Tray.lnk]
C:WINDOWSsystem32sistray.exe [2008-12-03 262144]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkhitmanpro35]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkhitmanpro35.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHitmanPro35Crusader]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital Imagingbinhpqcopy2.exe»=»C:Program FilesHPDigital Imagingbinhpqcopy2.exe:*:Enabled:hpqcopy2.exe»
«C:Program FilesHPDigital Imagingbinhpqnrs08.exe»=»C:Program FilesHPDigital Imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe»
«C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe»=»C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe»
«C:Program FilesHPDigital Imagingbinhpqpsapp.exe»=»C:Program FilesHPDigital Imagingbinhpqpsapp.exe:*:Enabled:hpqpsapp.exe»
«C:Program FilesHPDigital Imagingbinhpqpse.exe»=»C:Program FilesHPDigital Imagingbinhpqpse.exe:*:Enabled:hpqpse.exe»
«C:Program FilesHPDigital Imagingbinhpqusgm.exe»=»C:Program FilesHPDigital Imagingbinhpqusgm.exe:*:Enabled:hpqusgm.exe»
«C:Program FilesHPDigital Imagingbinhpqusgh.exe»=»C:Program FilesHPDigital Imagingbinhpqusgh.exe:*:Enabled:hpqusgh.exe»
«C:Program FilesHPHP Software UpdateHPWUCli.exe»=»C:Program FilesHPHP Software UpdateHPWUCli.exe:*:Enabled:hpwucli.exe»
«C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe»=»C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital Imagingbinhpqcopy2.exe»=»C:Program FilesHPDigital Imagingbinhpqcopy2.exe:*:Enabled:hpqcopy2.exe»
«C:Program FilesHPDigital Imagingbinhpqnrs08.exe»=»C:Program FilesHPDigital Imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe»
«C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe»=»C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe»
«C:Program FilesHPDigital Imagingbinhpqpsapp.exe»=»C:Program FilesHPDigital Imagingbinhpqpsapp.exe:*:Enabled:hpqpsapp.exe»
«C:Program FilesHPDigital Imagingbinhpqpse.exe»=»C:Program FilesHPDigital Imagingbinhpqpse.exe:*:Enabled:hpqpse.exe»
«C:Program FilesHPDigital Imagingbinhpqusgm.exe»=»C:Program FilesHPDigital Imagingbinhpqusgm.exe:*:Enabled:hpqusgm.exe»
«C:Program FilesHPDigital Imagingbinhpqusgh.exe»=»C:Program FilesHPDigital Imagingbinhpqusgh.exe:*:Enabled:hpqusgh.exe»
«C:Program FilesHPHP Software UpdateHPWUCli.exe»=»C:Program FilesHPHP Software UpdateHPWUCli.exe:*:Enabled:hpwucli.exe»
«C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe»=»C:Program FilesHPDigital Imagingsmart web printingSmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe»

======List of files/folders created in the last 1 months======

2010-09-27 23:43:07 —-D—- C:Program FilesRecuva
2010-09-27 21:33:22 —-D—- C:WINDOWSLastGood
2010-09-27 19:39:59 —-A—- C:WINDOWSresetlog.txt
2010-09-27 19:06:32 —-D—- C:Program FilesCommon Filese2660288
2010-09-27 17:47:10 —-D—- C:Program FilesCommon Filese2660261
2010-09-27 17:15:09 —-A—- C:WINDOWSsystem323347a350.exe
2010-09-26 15:10:06 —-D—- C:WINDOWSDownloaded Installations
2010-09-15 22:03:35 —-HDC—- C:WINDOWS$NtUninstallKB2259922$
2010-09-15 22:03:27 —-HDC—- C:WINDOWS$NtUninstallKB975558_WM8$
2010-09-15 22:03:20 —-HDC—- C:WINDOWS$NtUninstallKB2347290$
2010-09-15 22:03:13 —-HDC—- C:WINDOWS$NtUninstallKB2121546$
2010-09-15 22:03:04 —-HDC—- C:WINDOWS$NtUninstallKB982802$
2010-09-15 22:02:49 —-HDC—- C:WINDOWS$NtUninstallKB981322$
2010-09-15 21:59:55 —-A—- C:WINDOWSimsins.BAK
2010-09-15 21:59:46 —-HDC—- C:WINDOWS$NtUninstallKB2141007$
2010-09-07 15:34:13 —-D—- C:Documents and Settings1Application DataUniblue

======List of files/folders modified in the last 1 months======

2010-09-28 01:15:58 —-D—- C:Program Filestrend micro
2010-09-28 01:15:54 —-D—- C:WINDOWSPrefetch
2010-09-28 01:15:49 —-D—- C:WINDOWSTemp
2010-09-28 01:01:21 —-SHD—- C:WINDOWSInstaller
2010-09-28 01:01:19 —-D—- C:Program FilesAsk.com
2010-09-28 01:01:18 —-HD—- C:Config.Msi
2010-09-27 23:43:07 —-RD—- C:Program Files
2010-09-27 23:16:02 —-SHD—- C:RECYCLER
2010-09-27 21:33:28 —-HD—- C:WINDOWSinf
2010-09-27 21:33:22 —-D—- C:WINDOWS
2010-09-27 20:25:04 —-D—- C:WINDOWSsystem32
2010-09-27 20:03:34 —-D—- C:WINDOWSsystem32CatRoot2
2010-09-27 20:00:25 —-A—- C:WINDOWSSchedLgU.Txt
2010-09-27 19:40:01 —-D—- C:WINDOWSsystem32driversetc
2010-09-27 19:27:46 —-SH—- C:boot.ini
2010-09-27 19:27:46 —-A—- C:WINDOWSwin.ini
2010-09-27 19:27:46 —-A—- C:WINDOWSsystem.ini
2010-09-27 19:27:45 —-D—- C:WINDOWSpss
2010-09-27 19:06:32 —-RD—- C:Program FilesCommon Files
2010-09-27 18:41:38 —-A—- C:WINDOWSntbtlog.txt
2010-09-27 18:39:51 —-D—- C:WINDOWSsystem32drivers
2010-09-27 18:18:47 —-D—- C:Program FilesGoogle
2010-09-27 18:18:47 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2010-09-27 18:16:46 —-D—- C:Program FilesGRETECH
2010-09-27 18:15:12 —-D—- C:WINDOWSsystem32appmgmt
2010-09-27 17:28:18 —-D—- C:Documents and Settings1Application DataHPAppData
2010-09-27 17:21:10 —-D—- C:Program FilesMyAshampoo
2010-09-27 17:19:34 —-D—- C:Program FilesMozilla Firefox
2010-09-27 16:25:53 —-D—- C:WINDOWSsystem32config
2010-09-27 16:24:54 —-D—- C:WINDOWSsystem32wbem
2010-09-27 16:24:47 —-D—- C:WINDOWSRegistration
2010-09-27 06:09:26 —-SHD—- C:System Volume Information
2010-09-27 06:09:26 —-D—- C:WINDOWSsystem32Restore
2010-09-26 15:53:02 —-RSD—- C:WINDOWSFonts
2010-09-26 15:18:04 —-A—- C:WINDOWSNeroDigital.ini
2010-09-15 22:03:34 —-HD—- C:WINDOWS$hf_mig$
2010-09-15 22:03:30 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-09-15 22:00:14 —-A—- C:WINDOWSsystem32MRT.exe
2010-09-15 21:01:51 —-D—- C:WINDOWSsystem32CatRoot
2010-09-12 23:57:37 —-SD—- C:WINDOWSTasks
2010-09-10 23:07:53 —-D—- C:Program FilesOpera
2010-09-06 10:40:19 —-HDC—- C:WINDOWS$NtUninstallKB981852$
2010-09-02 11:27:57 —-D—- C:Documents and SettingsAll UsersApplication DataHP
2010-09-02 11:27:57 —-D—- C:Documents and Settings1Application DataHP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Microsoft AGPv3.5 фильтр; C:WINDOWSsystem32DRIVERSuagp35.sys [2008-04-14 44672]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-03-19 93848]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-06-09 40704]
R1 SiSkp;SiSkp; C:WINDOWSsystem32DRIVERSsrvkp.sys [2008-12-03 19072]
R1 uzezmjy3;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzezmjy3.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-03-19 113960]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-06-09 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-09-19 4617728]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2007-08-24 5760]
R3 SiS315;SiS315; C:WINDOWSsystem32DRIVERSsisgrp.sys [2008-12-03 324096]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:WINDOWSsystem32DRIVERSSiSGbeXP.sys [2006-12-20 41600]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2007-03-08 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2009-11-12 7168]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:WINDOWSsystem32driversWsAudio_DeviceS(1).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:WINDOWSsystem32driversWsAudio_DeviceS(2).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:WINDOWSsystem32driversWsAudio_DeviceS(3).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:WINDOWSsystem32driversWsAudio_DeviceS(4).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:WINDOWSsystem32driversWsAudio_DeviceS(5).sys [2009-12-04 25704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe [2010-03-18 113152]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-03-19 731840]
R2 hpqddsvc;Служба HP CUE DeviceDiscovery; C:WINDOWSsystem32svchost.exe [2008-06-09 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-06-09 14336]
R2 NMSAccess;NMSAccess; C:Program FilesCDBurnerXPNMSAccessU.exe [2010-03-04 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-06-09 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2008-06-09 14336]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Необходима дополнительная проверка.
Скачайте программу Combofix. Если вы уже скачивали эту программу, то удалите её и скачайте свежую копию.
Закройте все открытые окна и запустите эту программу.

После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

[88]

ComboFix 10-09-27.05 — 1 28.09.2010 23:31:54.2.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.383.110 [GMT 4:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run

---

.
c:documents and settings1Application Datanetprotdrvss
c:windowssystem32AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-27 19:43 . 2010-09-27 19:43

---

d

---

w- c:program filesRecuva
2010-09-27 15:06 . 2010-09-27 15:08

---

d

---

w- c:program filesCommon Filese2660288
2010-09-27 14:21 . 2010-09-27 14:21 67480 —-a-w- c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-09-27 13:47 . 2010-09-27 13:47

---

d

---

w- c:program filesCommon Filese2660261
2010-09-27 13:22 . 2010-09-27 13:22

---

d-sh—w- c:documents and settings1IECompatCache
2010-09-27 12:24 . 2010-09-27 12:24

---

d

---

w- c:windowssystem32wbemRepository
2010-09-26 11:59 . 2010-09-26 11:59

---

d

---

w- c:documents and settings1Local SettingsApplication DataThinstall
2010-09-26 11:10 . 2010-09-26 11:10

---

d

---

w- c:windowsDownloaded Installations
2010-09-07 11:34 . 2010-09-07 11:34

---

d

---

w- c:documents and settings1Application DataUniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 19:01 . 2010-07-21 16:14

---

d

---

w- c:program filesAsk.com
2010-09-28 03:48 . 2010-05-30 13:35 11264 —-a-w- c:windowssystem32driversuzezmjy3.sys
2010-09-27 21:15 . 2010-05-30 21:31

---

d

---

w- c:program filestrend micro
2010-09-27 15:09 . 2010-09-26 10:54 30175 —-a-w- c:program filesCommon Filesjqyrg4inedzz13m
2010-09-27 14:18 . 2010-02-13 11:31

---

d

---

w- c:program filesGoogle
2010-09-27 14:16 . 2010-02-13 11:31

---

d

---

w- c:program filesGRETECH
2010-09-27 13:28 . 2010-08-20 16:24

---

d

---

w- c:documents and settings1Application DataHPAppData
2010-09-27 13:21 . 2010-06-20 19:32

---

d

---

w- c:program filesMyAshampoo
2010-09-26 11:59 . 2010-02-11 20:44 67480 —-a-w- c:documents and settings1Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-09-10 19:07 . 2010-02-12 13:05

---

d

---

w- c:program filesOpera
2010-09-09 09:33 . 2010-07-23 19:19 16968 —-a-w- c:windowssystem32drivershitmanpro35.sys
2010-09-02 07:27 . 2010-02-15 20:44

---

d

---

w- c:documents and settings1Application DataHP
2010-09-02 07:27 . 2010-02-13 14:14

---

d

---

w- c:documents and settingsAll UsersApplication DataHP
2010-09-01 14:29 . 2010-05-23 18:38 20 —h—w- c:documents and settingsAll UsersApplication DataPKP_DLdu.DAT
2010-08-25 05:08 . 2008-06-09 12:00 538050 —-a-w- c:windowssystem32perfh019.dat
2010-08-25 05:08 . 2008-06-09 12:00 106948 —-a-w- c:windowssystem32perfc019.dat
2010-08-17 13:17 . 2008-06-09 12:00 58880 —-a-w- c:windowssystem32spoolsv.exe
2010-08-15 14:21 . 2010-08-15 14:20 23189 —-a-w- c:windowshpqins15.dat
2010-08-15 14:20 . 2010-02-13 14:11

---

d

---

w- c:program filesHP
2010-08-11 15:25 . 2010-08-11 15:25 2944904 —-a-w- c:documents and settings1Application DataMozillaFirefoxProfiles3wrq95e.defaultextensionstoolbar@ask.comchrometempaskToolbar.exe
2010-08-07 05:08 . 2010-08-07 05:08

---

d

---

w- c:program filesTipard Studio
2010-07-31 05:13 . 2010-07-31 05:12

---

d

---

w- c:program filesStamina
2010-07-23 19:32 . 2010-07-23 19:32 12872 —-a-w- c:windowssystem32bootdelete.exe
2010-07-22 15:46 . 2008-06-09 12:00 590848 —-a-w- c:windowssystem32rpcrt4.dll
2010-07-22 11:54 . 2010-05-23 18:41 0 —h—w- c:documents and settingsAll UsersApplication DataPKP_DLdw.DAT
2010-07-22 06:19 . 2008-05-05 03:25 5120 —-a-w- c:windowssystem32xpsp4res.dll
.

---

Sigcheck

---

[-] 2010-02-12 . FAD4579B18A9E134B5BAC0A88874E2FD . 509440 . . [5.1.2600.5512] . . c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{00000000-6E41-4FD3-8538-502F5495E5FC}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-02-04 1197448]
«{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}»= «c:program filesMyAshampootbMyA0.dll» [2010-09-27 2735200]

[HKEY_CLASSES_ROOTclsid{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOTclsid{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-09-27 13:21 2735200 —-a-w- c:program filesMyAshampootbMyA0.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 12:50 1197448 —-a-w- c:program filesAsk.comGenericAskToolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}»= «c:program filesMyAshampootbMyA0.dll» [2010-09-27 2735200]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-02-04 1197448]

[HKEY_CLASSES_ROOTclsid{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}»= «c:program filesMyAshampootbMyA0.dll» [2010-09-27 2735200]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-02-04 1197448]

[HKEY_CLASSES_ROOTclsid{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RTHDCPL»=»RTHDCPL.EXE» [2007-09-19 16844800]
«SkyTel»=»SkyTel.EXE» [2007-08-03 1826816]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2005-01-12 32768]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«Nikon Transfer Monitor»=»c:program filesCommon FilesNikonMonitorNkMonitor.exe» [2009-09-15 479232]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-03-19 2029640]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-06-09 15360]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2007-3-11 210520]

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Utility Tray.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаUtility Tray.lnk
backup=c:windowspssUtility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 18:41 1695232

---

w- c:program filesMessengermsmsgs.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe»=
«c:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqpse.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe»=
«c:\Program Files\HP\HP Software Update\HPWUCli.exe»=
«c:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe»=
«c:\Program Files\Opera\opera.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«33:TCP»= 33:TCP

R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [19.03.2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [19.03.2009 11:45 93848]
R1 uzezmjy3;AVZ-RK Kernel Driver;c:windowssystem32driversuzezmjy3.sys [30.05.2010 17:35 11264]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [19.03.2009 11:44 731840]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:windowssystem32driversWsAudio_DeviceS(1).sys [27.02.2010 23:43 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:windowssystem32driversWsAudio_DeviceS(2).sys [27.02.2010 23:44 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:windowssystem32driversWsAudio_DeviceS(3).sys [27.02.2010 23:44 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:windowssystem32driversWsAudio_DeviceS(4).sys [27.02.2010 23:44 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:windowssystem32driversWsAudio_DeviceS(5).sys [27.02.2010 23:44 25704]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder

2010-09-28 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2010-02-04 12:50]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
uDefault_Search_URL =
mStart Page = about:blank
mSearch Bar =
uSearchAssistant = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Google Sidewiki…
TCP: {9929AFD7-A871-4379-BB43-3B69CF54309E} = 78.36.171.200 212.48.193.36
FF — ProfilePath — c:documents and settings1Application DataMozillaFirefoxProfiles3wrq95e.default
FF — prefs.js: browser.search.selectedEngine — Ask.com
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=40795
FF — prefs.js: keyword.URL — hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=ru_RU&apn_uid=124CA19D-8CC8-42C2-AB71-A5173625E661&apn_ptnrs=FV&apn_sauid=058B7BDF-2382-46C3-8A01-403F25BEE587&apn_dtid=YYYYYYYYRU&q=
FF — component: c:documents and settings1Application DataMozillaFirefoxProfiles3wrq95e.defaultextensions{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}componentsFFExternalAlert.dll
FF — component: c:documents and settings1Application DataMozillaFirefoxProfiles3wrq95e.defaultextensions{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}componentsRadioWMPCore.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpClipBook.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpClipBookDB.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpNeoLogger.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpSaturn.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpSmartSelect.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpSmartWebPrinting.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpSWPOperation.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpXPLogging.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpXPMTC.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpXPMTL.dll
FF — component: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3componentshpXREStub.dll
FF — plugin: c:program filesHPDigital ImagingSmart Web PrintingMozillaAddOn3pluginsnphpclipbook.dll
FF — plugin: c:program filesPhotodex PresenternpPxPlay.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —

AddRemove-GOM Player — c:program filesGRETECHGomPlayerUninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarManager_E582EA556D8DE101.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 23:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘explorer.exe'(3220)
c:windowssystem32WININET.dll
c:windowssystem32webcheck.dll
.
Completion time: 2010-09-28 23:41:21
ComboFix-quarantined-files.txt 2010-09-28 19:41

Pre-Run: 13 687 496 704 байт свободно
Post-Run: 13 674 254 336 байт свободно

— — End Of File — — 74B58DBBF1483D4E849C75D3D199EF0D

[Admin]

Combofix немного подчистил компьютер, в остальном лог выглядит нормально.

Как сейчас работает ваш компьютер ?

[88]

Сейчас нормально. Не могу попасть на сайт, которым пользовалась все время detsad-kitty.ru. При попытке туда попасть постоянно меня куда-то перенаправляет. Не могу понять — это что-то с компьютером или на сайте.

[Автор]

Сообщения