Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirects in MSIE and FireFox ,log from Hijack,help me pls!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby aliatto » October 27th, 2008, 8:06 am

hello, help.
i have much redirects in MSIE and in same times in FireFox.

example from history of my MSIE 7:

links removed

and e.t. e.t.



help me please remove all <removed> from my computer.
i have NOD32,Spyware terminator. and i cant found this bullshit.

NOD FOUND this <removed> files:

Image

below log from Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:48, on 27.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\VMWARE\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
E:\VMWARE\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\ViaCleaner\ViaCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9193
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O1 - Hosts: 67.15.47.4 estsecure.com http://www.estsecure.com
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [vmware-tray] E:\VMWARE\vmware-tray.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Simp] X:\777\Secway\SimpPro 2.2\SimpPro.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ViaCleaner] "C:\Program Files\ViaCleaner\ViaCleaner.exe"
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1029AC6-1AE1-4FCB-93C4-75CBEB2A86E2}: NameServer = 81.30.199.5 81.30.199.94
O20 - AppInit_DLLs: bkhcjw.dll pbwzez.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\VMWARE\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8513 bytes

-------------------------------------
now, i got, and then i click OK, FireFox closed :(

Image

i can fixed this error ?

----------------------
UPDATE

i found FieryAds advertising module v1.4.2, FieryAds.dll , i'm try delete it.
Last edited by Blade81 on October 30th, 2008, 8:26 am, edited 2 times in total.
Reason: language + links removed
aliatto
Active Member
 
Posts: 6
Joined: October 27th, 2008, 7:54 am
Advertisement
Register to Remove

Re: Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby Katana » October 31st, 2008, 7:39 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby aliatto » November 1st, 2008, 6:17 am

thanks much dear katana!

below log:

log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by aliatto at 2008-11-01 15:14:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 594 MB (8%) free of 7 GB
Total RAM: 3071 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:57, on 01.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
E:\VMWARE\vmware-tray.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\ViaCleaner\ViaCleaner.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
E:\VMWARE\vmware-authd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\Nmap\zenmap\zenmap.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ping.exe
C:\Documents and Settings\aliatto\Рабочий стол\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\aliatto.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9193
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O1 - Hosts: 67.15.47.4 estsecure.com www.estsecure.com
O2 - BHO: (no name) - {29E63706-E6EC-4603-98A3-AD0E6BE31EDC} - (no file)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - (no file)
O2 - BHO: {f964ae22-2b56-db28-ef44-484e32e5e989} - {989e5e23-e484-44fe-82bd-65b222ea469f} - C:\WINDOWS\system32\mlbide.dll
O2 - BHO: (no name) - {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [vmware-tray] E:\VMWARE\vmware-tray.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [bcbad61f] rundll32.exe "C:\WINDOWS\system32\ivwvpper.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Simp] X:\777\Secway\SimpPro 2.2\SimpPro.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ViaCleaner] "C:\Program Files\ViaCleaner\ViaCleaner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0829663A-7BA2-4BD3-A5A6-45092D107E50}: NameServer = 195.14.50.1 195.14.50.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{58E02C09-B8FB-4FEE-BA8E-1D662E2FF7DB}: NameServer = 10.100.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1029AC6-1AE1-4FCB-93C4-75CBEB2A86E2}: NameServer = 81.30.199.5 81.30.199.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0829663A-7BA2-4BD3-A5A6-45092D107E50}: NameServer = 195.14.50.1 195.14.50.21
O20 - AppInit_DLLs: mlbide.dll
O20 - Winlogon Notify: efcBqpPf - efcBqpPf.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\VMWARE\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8675 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29E63706-E6EC-4603-98A3-AD0E6BE31EDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{758F6D53-DCC7-4CCF-9080-4B6F9389F641}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989e5e23-e484-44fe-82bd-65b222ea469f}]
C:\WINDOWS\system32\mlbide.dll [2008-10-31 132608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"BCWipeTM Startup"=C:\Program Files\Jetico\BCWipe\BCWipeTM.exe [2008-01-09 543272]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-08-18 1447168]
"vmware-tray"=E:\VMWARE\vmware-tray.exe [2008-05-15 72240]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2008-10-01 209376]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"bcbad61f"=C:\WINDOWS\system32\ivwvpper.dll [2008-10-31 75392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"Tracks Eraser Pro"=C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe [2008-06-17 1359872]
"Simp"=X:\777\Secway\SimpPro 2.2\SimpPro.exe [2007-10-25 2347008]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]
"ViaCleaner"=C:\Program Files\ViaCleaner\ViaCleaner.exe [2004-11-22 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcbad61f]
C:\WINDOWS\system32\wyihebpf.dll [2008-10-22 75904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
C:\WINDOWS\system32\bthprops.cpl [2008-04-15 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[]

C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Documents and Settings\aliatto\Главное меню\Программы\Автозагрузка
OpenVPN GUI.lnk - C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mlbide.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcBqpPf]
efcBqpPf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{758F6D53-DCC7-4CCF-9080-4B6F9389F641}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnmLfCt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Steam\SteamApps\aliatto\counter-strike\hl.exe"="E:\Steam\SteamApps\aliatto\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Мастер переноса файлов и параметров"
"E:\РАБОЧ СТОЛ С ААА\sdc213\StrongDC.exe"="E:\РАБОЧ СТОЛ С ААА\sdc213\StrongDC.exe:*:Enabled:StrongDC++"
"X:\xc798b.apelsin.exe"="X:\xc798b.apelsin.exe:*:Enabled:xc798b.apelsin"
"X:\777\SOFT\miranda_dmikos_v14\miranda32.exe"="X:\777\SOFT\miranda_dmikos_v14\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\WebMoney\WebMoney.exe"="C:\Program Files\WebMoney\WebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"W:\xc798b.apelsin.exe"="W:\xc798b.apelsin.exe:*:Enabled:xc798b.apelsin"
"X:\777\Secway\SimpPro 2.2\SimpPro.exe"="X:\777\Secway\SimpPro 2.2\SimpPro.exe:*:Enabled:SimpPro"
"C:\Program Files\GetRight\GetRight.exe"="C:\Program Files\GetRight\GetRight.exe:*:Enabled:GetRight® Download Manager. www.GetRight.com"
"S:\xc798b.apelsin.exe"="S:\xc798b.apelsin.exe:*:Enabled:xc798b.apelsin"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\aliatto\Local Settings\Temp\Rar$EX00.344\StrongDC.exe"="C:\Documents and Settings\aliatto\Local Settings\Temp\Rar$EX00.344\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\XSpider 7.5 Full\Bin\PTxscan.exe"="C:\Program Files\XSpider 7.5 Full\Bin\PTxscan.exe:*:Enabled:Security Scanner Unit"
"E:\ICQ6\ICQ.exe"="E:\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"C:\WINDOWS\system32\kflb.exe"="C:\WINDOWS\system32\kflb.exe:*:Disabled:Generic Host Process for Win32 Services"
"E:\Steam\SteamApps\aliatto\day of defeat\hl.exe"="E:\Steam\SteamApps\aliatto\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Steam\SteamApps\aliatto\ricochet\hl.exe"="E:\Steam\SteamApps\aliatto\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster.exe"="C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster.exe:*:Enabled:Ratio Master"
"C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster-vs.exe"="C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster-vs.exe:*:Enabled:Ratio Master"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\Runme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dcdc064-4549-11dd-8f43-001617958e5e}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa0942e-4467-11dd-8f3b-806d6172696f}]
shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9714ce4-7208-11dd-8f8a-001617958e5e}]
shell\AutoRun\command - J:\usdeiect.com
shell\explore\command - J:\usdeiect.com
shell\open\command - J:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9714ce5-7208-11dd-8f8a-001617958e5e}]
shell\AutoRun\command - K:\usdeiect.com
shell\explore\command - K:\usdeiect.com
shell\open\command - K:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb7035a-4483-11dd-adb0-806d6172696f}]
shell\AutoRun\command - J:\Setup.exe


======List of files/folders created in the last 1 months======

2008-11-01 15:14:55 ----D---- C:\rsit
2008-10-31 14:21:28 ----A---- C:\WINDOWS\system32\mlbide.dll
2008-10-31 14:21:22 ----A---- C:\WINDOWS\system32\lntcgwlc.dll
2008-10-31 14:18:23 ----SH---- C:\WINDOWS\system32\reppvwvi.ini
2008-10-31 14:18:22 ----A---- C:\WINDOWS\system32\ivwvpper.dll
2008-10-31 14:16:36 ----SH---- C:\WINDOWS\system32\bcbovdqs.ini
2008-10-30 14:16:38 ----A---- C:\WINDOWS\system32\vidtez.dll
2008-10-30 14:16:27 ----A---- C:\WINDOWS\system32\unkspabt.dll
2008-10-30 14:13:51 ----SH---- C:\WINDOWS\system32\wwmjgcuo.ini
2008-10-29 12:51:47 ----A---- C:\WINDOWS\system32\wwnfpqmr.dll
2008-10-29 01:50:37 ----A---- C:\WINDOWS\system32\vcajfwim.dll
2008-10-28 22:51:49 ----D---- C:\Program Files\Magneto Software
2008-10-28 22:28:17 ----D---- C:\Documents and Settings\aliatto\Application Data\EurekaLog
2008-10-28 22:24:53 ----A---- C:\WINDOWS\system32\ntwdblib.dll
2008-10-28 22:24:46 ----D---- C:\Program Files\Common Files\Safety-lab
2008-10-28 22:24:45 ----D---- C:\Program Files\Safety-lab
2008-10-28 22:01:57 ----D---- C:\Program Files\CCleaner
2008-10-28 22:01:36 ----D---- C:\Program Files\Unlocker
2008-10-28 01:48:29 ----SH---- C:\WINDOWS\system32\mlveopvj.ini
2008-10-28 01:47:39 ----A---- C:\WINDOWS\system32\jvpoevlm.dll
2008-10-27 16:51:01 ----D---- C:\Program Files\Trend Micro
2008-10-27 15:20:17 ----SH---- C:\WINDOWS\system32\qjatcbvg.ini
2008-10-27 15:20:11 ----A---- C:\WINDOWS\system32\gvbctajq.dll
2008-10-27 15:17:23 ----A---- C:\WINDOWS\system32\pbwzez.dll
2008-10-27 15:17:12 ----A---- C:\WINDOWS\system32\lwxilkkl.dll
2008-10-26 15:14:59 ----SH---- C:\WINDOWS\system32\uokaknno.ini
2008-10-24 21:19:08 ----SH---- C:\WINDOWS\system32\dcmbmxuu.ini
2008-10-24 20:53:12 ----A---- C:\WINDOWS\system32\borlndmm.dll
2008-10-24 20:52:07 ----D---- C:\Program Files\ViaCleaner
2008-10-24 19:29:38 ----D---- C:\Documents and Settings\aliatto\Application Data\Uniblue
2008-10-24 19:29:26 ----D---- C:\Program Files\Uniblue
2008-10-24 19:28:31 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-24 16:23:41 ----SH---- C:\WINDOWS\system32\cwemxcat.ini
2008-10-24 13:44:26 ----A---- C:\WINDOWS\system32\PrxerNsp.dll
2008-10-24 13:44:26 ----A---- C:\WINDOWS\system32\PrxerDrv.dll
2008-10-24 00:58:58 ----D---- C:\Program Files\WebMoney Agent
2008-10-23 17:30:44 ----D---- C:\Program Files\EuroPoker
2008-10-23 16:20:31 ----A---- C:\WINDOWS\system32\poqmwyak.dll
2008-10-23 04:26:25 ----D---- C:\Program Files\Enigma Software Group
2008-10-23 03:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-23 03:51:36 ----D---- C:\Documents and Settings\aliatto\Application Data\Spyware Terminator
2008-10-23 03:51:31 ----D---- C:\Program Files\Spyware Terminator
2008-10-23 02:35:12 ----SH---- C:\WINDOWS\system32\avxcvhuc.ini
2008-10-22 23:31:07 ----D---- C:\Program Files\Zay Casino
2008-10-22 04:32:26 ----D---- C:\Documents and Settings\aliatto\Application Data\Adobe
2008-10-22 03:09:00 ----D---- C:\Program Files\ESET
2008-10-22 03:09:00 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-22 02:33:10 ----SH---- C:\WINDOWS\system32\fpbehiyw.ini
2008-10-22 02:33:08 ----A---- C:\WINDOWS\system32\wyihebpf.dll
2008-10-22 01:23:48 ----SH---- C:\WINDOWS\system32\kfbjifak.ini
2008-10-20 22:25:42 ----SH---- C:\WINDOWS\system32\mbyoqtht.ini
2008-10-20 22:25:33 ----A---- C:\WINDOWS\system32\thtqoybm.dll
2008-10-20 21:15:05 ----D---- C:\WINDOWS\pss
2008-10-20 13:37:16 ----SH---- C:\WINDOWS\system32\pchjaotx.ini
2008-10-20 13:37:04 ----A---- C:\WINDOWS\system32\uovxaxqs.dll
2008-10-20 13:36:15 ----ASH---- C:\WINDOWS\system32\tCfLmnpo.ini2
2008-10-20 13:36:15 ----ASH---- C:\WINDOWS\system32\tCfLmnpo.ini
2008-10-20 12:47:02 ----D---- C:\Program Files\SpyNoMore
2008-10-20 12:46:51 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-20 02:36:59 ----SH---- C:\WINDOWS\system32\wklbsypb.ini
2008-10-20 02:33:57 ----A---- C:\WINDOWS\system32\kkeehefr.dll
2008-10-19 22:43:06 ----D---- C:\Program Files\WinPcap
2008-10-19 20:31:40 ----SH---- C:\WINDOWS\system32\jcermeai.ini
2008-10-19 20:30:14 ----ASH---- C:\WINDOWS\system32\vwwwyccf.ini2
2008-10-19 20:30:14 ----ASH---- C:\WINDOWS\system32\vwwwyccf.ini
2008-10-19 18:38:05 ----SH---- C:\WINDOWS\system32\usoprvdk.ini
2008-10-19 18:38:04 ----A---- C:\WINDOWS\system32\uymfyyka.dll
2008-10-19 18:37:29 ----A---- C:\WINDOWS\system32\b7991261-.txt
2008-10-19 18:37:11 ----ASH---- C:\WINDOWS\system32\RsrsCcfe.ini2
2008-10-19 18:37:11 ----ASH---- C:\WINDOWS\system32\RsrsCcfe.ini
2008-10-19 18:32:27 ----D---- C:\Documents and Settings\aliatto\Application Data\5
2008-10-19 01:53:52 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-10-19 00:37:18 ----A---- C:\WINDOWS\k.txt
2008-10-19 00:16:39 ----D---- C:\Documents and Settings\aliatto\Application Data\Camfrog
2008-10-19 00:16:28 ----D---- C:\Program Files\Camfrog
2008-10-18 15:29:15 ----D---- C:\Program Files\TouchStoneSoftware
2008-10-16 21:27:36 ----D---- C:\Program Files\Nmap
2008-10-16 20:49:39 ----A---- C:\WINDOWS\ru24_tools.ini
2008-10-16 20:31:03 ----D---- C:\Program Files\NRG Tools v.0.9
2008-10-16 18:37:05 ----D---- C:\Documents and Settings\aliatto\Application Data\gtk-2.0
2008-10-16 02:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 18:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-12 18:53:42 ----D---- C:\Program Files\Common Files\Adobe
2008-10-11 20:01:16 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-10-09 18:23:18 ----D---- C:\Documents and Settings\aliatto\Application Data\ICQ

======List of files/folders modified in the last 1 months======

2008-11-01 14:26:39 ----SHD---- C:\RECYCLER
2008-11-01 14:26:39 ----D---- C:\WINDOWS\Temp
2008-11-01 14:23:40 ----D---- C:\Documents and Settings\aliatto\Application Data\Orbit
2008-11-01 14:18:47 ----D---- C:\WINDOWS\system32
2008-11-01 13:27:06 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 13:27:01 ----D---- C:\Documents and Settings\aliatto\Application Data\VMware
2008-11-01 13:26:59 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-11-01 13:26:33 ----D---- C:\WINDOWS
2008-10-31 23:08:02 ----D---- C:\WINDOWS\Prefetch
2008-10-31 22:05:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 22:05:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-31 14:15:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-31 14:15:13 ----HD---- C:\WINDOWS\inf
2008-10-31 14:15:13 ----D---- C:\WINDOWS\system32\ru-ru
2008-10-31 14:15:13 ----D---- C:\WINDOWS\Help
2008-10-31 14:15:13 ----D---- C:\Program Files\Internet Explorer
2008-10-31 00:28:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-31 00:28:02 ----HD---- C:\Documents and Settings\aliatto\Application Data\Viacleaner
2008-10-30 23:23:32 ----D---- C:\WINDOWS\ie7updates
2008-10-30 23:23:32 ----A---- C:\WINDOWS\imsins.BAK
2008-10-30 23:22:30 ----D---- C:\WINDOWS\WBEM
2008-10-30 23:03:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 13:21:56 ----D---- C:\Program Files\TrueCrypt
2008-10-28 23:21:50 ----SHD---- C:\WINDOWS\Installer
2008-10-28 23:21:50 ----RD---- C:\Program Files
2008-10-28 22:51:50 ----SD---- C:\Documents and Settings\aliatto\Application Data\Microsoft
2008-10-28 22:24:46 ----D---- C:\Program Files\Common Files
2008-10-28 15:22:53 ----D---- C:\Documents and Settings\aliatto\Application Data\WebMoney
2008-10-28 02:09:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 01:58:27 ----D---- C:\Documents and Settings
2008-10-28 01:44:42 ----D---- C:\Program Files\Orbitdownloader
2008-10-27 18:07:03 ----D---- C:\Program Files\MyCentria
2008-10-27 18:05:43 ----D---- C:\Program Files\eMule
2008-10-27 16:47:57 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 12:55:26 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-26 01:16:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-25 03:10:00 ----D---- C:\Program Files\Messenger
2008-10-24 19:17:30 ----A---- C:\WINDOWS\wininit.ini
2008-10-24 13:44:26 ----D---- C:\Program Files\Proxifier
2008-10-24 00:58:59 ----D---- C:\Program Files\WebMoney
2008-10-22 03:58:23 ----SH---- C:\boot.ini
2008-10-22 03:58:23 ----A---- C:\WINDOWS\win.ini
2008-10-22 03:58:23 ----A---- C:\WINDOWS\system.ini
2008-10-20 22:34:44 ----D---- C:\Program Files\PowerISO
2008-10-20 20:34:49 ----D---- C:\WINDOWS\system32\config
2008-10-19 20:31:23 ----D---- C:\Program Files\OpenVPN
2008-10-19 20:24:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-19 19:02:04 ----D---- C:\Documents and Settings\aliatto\Application Data\Hide IP NG
2008-10-19 03:19:38 ----D---- C:\Program Files\WinRAR
2008-10-19 00:51:41 ----D---- C:\Documents and Settings\aliatto\Application Data\uTorrent
2008-10-16 21:27:39 ----D---- C:\WINDOWS\WinSxS
2008-10-16 21:27:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 02:01:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-11 20:11:37 ----A---- C:\WINDOWS\DFC.INI
2008-10-11 18:52:57 ----D---- C:\WINDOWS\security
2008-10-07 22:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-04-30 35840]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 UsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\UsbFltr.sys [2006-04-28 9291]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-05-15 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\E:\VMWARE\vstor2-ws60.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-26 33664]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-26 12928]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-10-08 25216]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-15 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 vmkbd2;VMware kbd2; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-15 16816]
R4 truecrypt;truecrypt; \??\C:\Program Files\TrueCrypt\truecrypt.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S4 BCSWAP;BCSWAP; C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-09-14 91496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-15 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-23 570880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VMAuthdService;VMware Authorization Service; E:\VMWARE\vmware-authd.exe [2008-05-15 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-05-15 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-05-15 150064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 19200]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2008-10-08 15872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ufad-ws60;VMware Agent Service; E:\VMWARE\vmware-ufad.exe [2008-06-10 180224]

-----------------EOF-----------------


below info.txt log:

info.txt logfile of random's system information tool 1.04 2008-11-01 15:14:59

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 9 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
BCWipe 3.0-->"C:\WINDOWS\BCUnInstall.exe" C:\Program Files\Jetico\BCWipe\UnInstall.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{1A3D8A23-3215-46B7-AB97-E304ADABFC18}
EuroPoker (remove only)-->"C:\Program Files\EuroPoker\uninstall.exe"
GetRight-->"C:\Program Files\GetRight\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LaserJet 1020 series-->C:\Program Files\Zenographics\{94BA9314-F985-4823-BCF8-E7B1C5565050}\setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
Media Key-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Media Key\uninst.isu" -c"C:\Program Files\Media Key\UnInst.dll"
MegaPing-->MsiExec.exe /X{D0A79B0C-1099-4361-84E2-CF8122114D29}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Russian) 2007-->MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007-->MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007-->MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007-->MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007-->MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007-->MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007-->MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007-->MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007-->MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Профессиональный плюс 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (2.0.0.17)-->E:\BECKUP AAA тут\FULL CATALOG\FireFox\FirefoxPortable\FirefoxPortable\App\firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nmap 4.68-->"C:\Program Files\Nmap\uninstall.exe"
NRG Tools v.0.9-->"C:\Program Files\NRG Tools v.0.9\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenVPN 2.1_rc13-->C:\Program Files\OpenVPN\Uninstall.exe
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
OrderReminder HP LaserJet 1020-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Proxifier version 2.7-->"C:\Program Files\Proxifier\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Security Update для Microsoft .NET Framework 2.0 (КБ928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Shadow Security Scanner 7.147-->"C:\Program Files\Safety-lab\SSS\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SpyNoMore 2.67-->C:\Program Files\SpyNoMore\uninst.exe
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Tracks Eraser Pro v7.2-->"C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Undelete Plus 2.97-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VDOTool 4.6-->"C:\Program Files\VDOTool\unins000.exe"
ViaCleaner 7.1 (Remove Only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85EBE1DD-B45D-443E-8B57-227B401526A5}\Setup.exe"
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
WebMoney Agent-->C:\Program Files\WebMoney Agent\uninst_wmagent.exe
WebMoney Keeper Classic 3.6.0.6-->"C:\Program Files\WebMoney\Uninstall.exe" "C:\Program Files\WebMoney\install.log" -u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"
Wise Calculator-->C:\Program Files\Wise Calculator\uninstall.exe
Zay Casino v.1.0-->"C:\Program Files\Zay Casino\unins000.exe"
Архиватор WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Исправление для Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Обновление безопасности для Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Обновление для Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Обновление для Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [bcbad61f] rundll32.exe "C:\WINDOWS\system32\jvpoevlm.dll",b
O20 - AppInit_DLLs: bkhcjw.dll pbwzez.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

======Hosts File======

67.15.47.4 estsecure.com www.estsecure.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;D:\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\QTSystem\QTJava.zip
"QTJAVA"=D:\QTSystem\QTJava.zip

-----------------EOF-----------------
aliatto
Active Member
 
Posts: 6
Joined: October 27th, 2008, 7:54 am

Re: Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby Katana » November 1st, 2008, 7:12 am

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



----------------------------------------------------------- -----------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • ComboFix Log
  • Kaspersky Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby aliatto » November 1st, 2008, 8:57 am

log from malwarebytes antymalware(sorry for much russian word's):

Malwarebytes' Anti-Malware 1.30
Версия базы данных: 1349
Windows 5.1.2600 Service Pack 3

01.11.2008 17:55:46
mbam-log-2008-11-01 (17-55-41).txt

Тип проверки: Полная (C:\|D:\|E:\|F:\|G:\|X:\|)
Проверено объектов: 124021
Прошло времени: 34 minute(s), 29 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 2
Заражено ключей реестра: 13
Заражено значений реестра: 1
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 31

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
C:\WINDOWS\system32\ivwvpper.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlbide.dll (Trojan.Vundo) -> No action taken.

Заражено ключей реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989e5e23-e484-44fe-82bd-65b222ea469f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{989e5e23-e484-44fe-82bd-65b222ea469f} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{989e5e23-e484-44fe-82bd-65b222ea469f} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\dkampio (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\kaspaz.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6ecb8e85-7a9e-4175-8113-1136d1a325db} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ecb8e85-7a9e-4175-8113-1136d1a325db} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bcbad61f (Trojan.Vundo.H) -> No action taken.

Заражено параметров реестра:
(Вредоносные программы не обнаружены)

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
C:\WINDOWS\system32\mlbide.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gvbctajq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qjatcbvg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ivwvpper.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\reppvwvi.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jvpoevlm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mlveopvj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\thtqoybm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mbyoqtht.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wyihebpf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fpbehiyw.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\aliatto\Рабочий стол\РАБОЧ СТОЛ КОНЕЦ ОКТЯБРЯ\bkhcjw.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B1Q6Q6JL\cntr[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lwxilkkl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\poqmwyak.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vidtez.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uymfyyka.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vcajfwim.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kkeehefr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pbwzez.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\unkspabt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uovxaxqs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wwnfpqmr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lntcgwlc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> No action taken.
---------------------------------------------

katana, after i'm start ComboFix i see blue screen BSOD. maybe not needed run this application ?

i think Malwarebytes antimalware found all my problems and fixed it.
i will see on action of my computer few hours and send msg here all ok or not ok , k?

i make scan with Hijack, look, i think all OK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:45, on 01.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\VMWARE\vmware-tray.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\ViaCleaner\ViaCleaner.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
E:\VMWARE\vmware-authd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
X:\FF\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9193
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O1 - Hosts: 67.15.47.4 estsecure.com www.estsecure.com
O2 - BHO: (no name) - {29E63706-E6EC-4603-98A3-AD0E6BE31EDC} - (no file)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - (no file)
O2 - BHO: (no name) - {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [vmware-tray] E:\VMWARE\vmware-tray.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Simp] X:\777\Secway\SimpPro 2.2\SimpPro.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ViaCleaner] "C:\Program Files\ViaCleaner\ViaCleaner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0829663A-7BA2-4BD3-A5A6-45092D107E50}: NameServer = 195.14.50.1 195.14.50.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{58E02C09-B8FB-4FEE-BA8E-1D662E2FF7DB}: NameServer = 10.100.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1029AC6-1AE1-4FCB-93C4-75CBEB2A86E2}: NameServer = 81.30.199.5 81.30.199.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0829663A-7BA2-4BD3-A5A6-45092D107E50}: NameServer = 195.14.50.1 195.14.50.21
O20 - Winlogon Notify: efcBqpPf - efcBqpPf.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\VMWARE\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8066 bytes
---------------------

MUCH THANKS KATANA !!!!!!!!
aliatto
Active Member
 
Posts: 6
Joined: October 27th, 2008, 7:54 am

Re: Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby Katana » November 3rd, 2008, 7:31 pm

Do you have the Kaspersky log ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Redirects in MSIE and FireFox ,log from Hijack,help me pls!

Unread postby Gary R » November 8th, 2008, 10:36 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware