Не запускается Др.Веб Кариет.

**ВоваЛЕНИН** · 5 декабря, 2007

Уже пару месяцев не запускается Др.Вэб Кариет.

Описание ошибки тут: http://img380.imageshack.us/img380/7619/dfgiy8.jpg

Лог-файл с Хайджека:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ConnectionServices Class - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: MailRuBHO Class - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll

O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll

O2 - BHO: Radio_Russia - {cbf77fb5-006d-4814-b14f-247e293844b6} - C:\Program Files\Radio_Russia\tbRad1.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll

O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [spybotDeletingA2242] command /c del "C:\WINDOWS\SchedLgU.Txt_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingC6688] cmd /c del "C:\WINDOWS\SchedLgU.Txt_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [Outpost Firewall main module] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Перевести - C:\Program Files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js

O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm

O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm

O8 - Extra context menu item: Поиск@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/SEARCH.HTM

O8 - Extra context menu item: Словари@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/TRANSLATE.HTM

O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe

O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe

O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe

O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/russian/partn...can_unicode.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{390B428E-DB7F-4249-90FA-D71930B059CF}: NameServer = 195.5.61.70,195.5.61.68

O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D8BB66-F1C2-4FB4-A32B-A007F8FA9A02}: NameServer = 195.5.61.70 195.5.61.68

O17 - HKLM\System\CS1\Services\Tcpip\..\{390B428E-DB7F-4249-90FA-D71930B059CF}: NameServer = 195.5.61.70,195.5.61.68

O17 - HKLM\System\CS3\Services\Tcpip\..\{390B428E-DB7F-4249-90FA-D71930B059CF}: NameServer = 195.5.61.70,195.5.61.68

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

AVZ:прикреплён.

Проверка Спайботом показывает запущенный процесс,описанный здесь: http://img380.imageshack.us/img380/7619/dfgiy8.jpg

Помогите плиз.

**rubin-VInfo** · 5 декабря, 2007

Выполните скрипт в AVZ:

beginSearchRootkit(true, true);SetAVZGuardStatus(true);BC_QrFile('C:\WINDOWS\svchost.exe');BC_DeleteFile('C:\WINDOWS\svchost.exe');BC_QrSvc('PowerManager');BC_DeleteSvc('PowerManager');BC_Activate;RebootWindows(true);end.

ConnectionServices очень рекомендуется деинсталлировать, как и SpyBot... от второго у Вас только мусор в реестре

**Sanitar** · 5 декабря, 2007

А что мешает СКАЧАТЬ заново.?

**ВоваЛЕНИН** · 6 декабря, 2007

А что мешает СКАЧАТЬ заново.?

:g: Качал заново несколько раз.НЕ ЗАПУСКАЕТСЯ.

После запуска скрипта комп сам перезагрузился.

Logfile of HijackThis v1.99.1

Scan saved at 13:24:43, on 06.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Free Desktop Clock\DesktopClock.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

C:\WINDOWS\system32\eTSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\drwtsn32.exe

E:\Вова\Софт\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Documents and Settings\user\Application Data\Mra\Update\mrasearch.dll

R3 - URLSearchHook: Radio_Russia - {cbf77fb5-006d-4814-b14f-247e293844b6} - C:\Program Files\Radio_Russia\tbRad1.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

R3 - URLSearchHook: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll

O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll