Новости
Видео
Microsoft
Windows 10
Железо
Программы
Форум
Имя пользователя:
Пароль:  
Помощь | Регистрация | Забыли пароль?  

Название темы: сбои в работе системы
Показать сообщение отдельно

Новый участник


Сообщения: 4
Благодарности: 0

Профиль | Отправить PM | Цитировать

Вложения
Тип файла: zip hijackthis.zip
(2.5 Kb, 3 просмотров)

Deckard's System Scanner v20071014.68
Run by ss on 2008-04-04 15:30:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-04-04 12:30:08 UTC - RP645 - Deckard's System Scanner Restore Point
7: 2008-04-04 08:04:54 UTC - RP644 - Системная контрольная точка
6: 2008-04-03 07:47:15 UTC - RP643 - Операция восстановления
5: 2008-04-03 07:42:44 UTC - RP642 - Операция восстановления
4: 2008-04-02 13:40:49 UTC - RP641 - Операция восстановления


-- First Restore Point --
1: 2008-04-02 10:55:54 UTC - RP638 - Системная контрольная точка


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ss.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:34, on 04.04.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\csrss_tc.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CNAB4RPK.EXE
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\ss\Рабочий стол\dss.exe
C:\DOCUME~1\ss\РАБОЧИ~1\HIJACK~1\ss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Радио - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ускоренный запуск Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Быстрый запуск AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E7B440-7C46-4B53-929E-30CD026C73F0}: NameServer = 10.0.0.100,10.0.0.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E15B3C2-2474-4493-BFFB-FB27CE8154C8}: NameServer = 10.0.0.100,10.0.0.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{13E7B440-7C46-4B53-929E-30CD026C73F0}: NameServer = 10.0.0.100,10.0.0.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{13E7B440-7C46-4B53-929E-30CD026C73F0}: NameServer = 10.0.0.100,10.0.0.101
O20 - Winlogon Notify: selog - C:\WINDOWS\SYSTEM32\selog.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Служба сетевого DDE (NetDDE) - Корпорация Майкрософт - C:\WINDOWS\system32\netdde.exe
O23 - Service: Диспетчер сетевого DDE (NetDDEdsdm) - Корпорация Майкрософт - C:\WINDOWS\system32\netdde.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: PsViatau (PTsup5) - Trident Software - C:\Program Files\Trident Software\Pragma\ptsup5.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Administrator Service (r_server) - Realtek Semiconductor Corporation - (no file)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: Модуль поддержки смарт-карт (SCardDrv) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Time Control Service - Unknown owner - C:\WINDOWS\System32\csrss_tc.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6558 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 vcdmpdrv - c:\windows\system32\drivers\vcdmpdrv.sys <Not Verified; H+H Software GmbH; H+H Virtual CD v4>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 hl_mull - c:\windows\system32\drivers\hl_mull.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 imlog - c:\windows\system32\imlog.sys

S3 rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - c:\windows\system32\drivers\r8139n51.sys (file missing)
S3 Secdrv - c:\windows\system32\drivers\secdrv.sys (file missing)
S3 utm3njm3 (AVZ Kernel Driver) - c:\windows\system32\drivers\utm3njm3.sys <Not Verified; ; AVZ Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Time Control Service - c:\windows\system32\csrss_tc.exe
R2 VCDSecS - c:\program files\virtual cd v4\system\vcdsecs.exe <Not Verified; H+H Software GmbH; Virtual CD>

S2 PTsup5 (PsViatau) - c:\program files\trident software\pragma\ptsup5.exe <Not Verified; Trident Software; Pragma>
S2 r_server (Remote Administrator Service) -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 12:00:50 7168 --a------ C:\WINDOWS\System32\drivers\utm3njm3.sys <Not Verified; ; AVZ Driver>
2008-04-04 11:51:36 0 d--hs---- C:\FOUND.002
2008-04-04 11:40:50 0 d--hs---- C:\FOUND.001
2008-04-03 10:48:11 0 dr-h----- C:\Documents and Settings\ss\Recent
2008-04-03 10:42:41 6111232 --a------ C:\Documents and Settings\ss\ntuser.dat
2008-04-02 15:48:24 0 d--hs---- C:\FOUND.000
2008-04-02 14:40:34 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-04-02 14:06:06 0 d-------- C:\WINDOWS\System32\NtmsData
2008-03-27 09:45:34 276610 --a------ C:\WINDOWS\Pragma Uninstaller.exe
2008-03-27 09:45:33 0 d-------- C:\Program Files\Common Files\Thraex Software
2008-03-26 09:17:09 0 d-------- C:\Program Files\Spyware Doctor
2008-03-26 09:17:09 0 d-------- C:\Documents and Settings\ss\Application Data\PC Tools
2008-03-24 11:20:55 298104 --a------ C:\WINDOWS\System32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-03-24 10:35:20 0 d-------- C:\Documents and Settings\Гость\Application Data\Identities
2008-03-24 10:35:07 0 d--h----- C:\Documents and Settings\Гость\Шаблоны
2008-03-24 10:35:07 0 dr------- C:\Documents and Settings\Гость\Мои документы
2008-03-24 10:35:07 0 d-------- C:\Documents and Settings\Гость\Избранное
2008-03-24 10:35:07 0 dr------- C:\Documents and Settings\Гость\Главное меню
2008-03-24 10:35:07 0 dr-h----- C:\Documents and Settings\Гость\SendTo
2008-03-24 10:35:07 0 d--h----- C:\Documents and Settings\Гость\Recent
2008-03-24 10:35:07 0 d--h----- C:\Documents and Settings\Гость\PrintHood
2008-03-24 10:35:07 786432 --ah----- C:\Documents and Settings\Гость\ntuser.dat
2008-03-24 10:35:07 0 d--h----- C:\Documents and Settings\Гость\NetHood
2008-03-24 10:35:07 0 d--h----- C:\Documents and Settings\Гость\Local Settings
2008-03-24 10:35:07 0 d---s---- C:\Documents and Settings\Гость\Cookies
2008-03-24 10:35:07 0 dr-h----- C:\Documents and Settings\Гость\Application Data
2008-03-24 10:35:07 0 d---s---- C:\Documents and Settings\Гость\Application Data\Microsoft
2008-03-21 14:18:07 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-03-21 13:00:19 0 d-------- C:\Program Files\Lavasoft
2008-03-20 16:13:35 0 d-------- C:\Program Files\Ace Utilities
2008-03-20 15:40:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-13 11:50:04 0 d-------- C:\Documents and Settings\ss\Application Data\SEGA
2008-03-13 07:31:27 47952 -----n--- C:\WINDOWS\System32\drivers\vcdmpdrv.sys <Not Verified; H+H Software GmbH; H+H Virtual CD v4>
2008-03-13 07:31:19 57344 -----n--- C:\WINDOWS\System32\VCDScsi.dll <Not Verified; H+H Software GmbH; Virtual CD>
2008-03-13 07:31:19 208896 -----n--- C:\WINDOWS\System32\vcdextse.dll <Not Verified; H+H Software GmbH; Virtual CD>
2008-03-13 07:31:19 102400 -----n--- C:\WINDOWS\System32\VCDEnv.dll <Not Verified; H+H Software GmbH; Virtual CD 4>
2008-03-13 07:31:19 81920 -----n--- C:\WINDOWS\System32\vcdcomm.dll <Not Verified; H+H Software GmbH; Virtual CD>
2008-03-13 07:31:19 0 d-------- C:\Program Files\Virtual CD v4


-- Find3M Report ---------------------------------------------------------------

2008-02-25 17:34:14 0 d-------- C:\Program Files\ReflexiveArcade
2008-02-23 13:50:28 0 d-------- C:\Documents and Settings\ss\Application Data\Gaijin Ent
2008-02-23 09:12:50 0 d-------- C:\Documents and Settings\ss\Application Data\InstallShield
2008-02-01 14:28:32 68920 -----n--- C:\Documents and Settings\ss\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27.10.2004 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [01.03.2007 07:36]
"nwiz"="nwiz.exe" [01.03.2007 07:36 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [01.03.2007 07:36 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"VCDPlayer"="C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe" [24.01.2002 09:23]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [24.03.2008 11:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [24.09.2002 08:32]

C:\Documents and Settings\All Users\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
“бЄ®аҐ**л© §*ЇгбЄ Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 14:44:06]
Ѓлбвал© §*ЇгбЄ AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [29.01.2007 10:30:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\selog]
selog.dll 14.03.2007 13:39 10240 C:\WINDOWS\system32\selog.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSys32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetStart]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb1d2fde-f0be-11dc-bdfb-001bfc8da49e}]
AutoRun\command- B:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-04-04 15:31:45 ------------

Отправлено: 17:19, 04-04-2008 | #5

Название темы: сбои в работе системы