как удалить порно баннер с рабочего стола???

[shaper]

info.txt logfile of random’s system information tool 1.06 2009-11-06 20:42:01

======Uninstall list======

—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}Setup.exe» -l0x9
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0.5—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ball Attack version 1.03—>»C:Program FilesBall Attackunins000.exe»
BurnAware Professional 2.2.1—>»C:Program FilesBurnAware Professionalunins000.exe»
Canon PIXMA iP1500—>C:WINDOWSsystem32CNMCP5y.exe «-PRINTERNAMECanon PIXMA iP1500» «-HELPERDLLC:BJPrinterCNMWINDOWSCanon PIXMA iP1500 InstallerInst2cnmis.dll» «-RCDLLC:BJPrinterCNMWINDOWSCanon PIXMA iP1500 InstallerInst2cnmi0419.dll»
Choice Guard—>MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DirectX10 LV (Last Version)—>»C:Program FilesCommon Filesunins000.exe»
Easy CD-DA Extractor 11—>»C:WINDOWSEasy CD-DA Extractor 11uninstall.exe» «/U:C:Program FilesEasy CD-DA Extractor 11irunin.xml»
EasyGPRS—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{56108448-9B38-4FF8-BE61-2ED13C19D0FE}setup.exe» -l0x19
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_E582EA556D8DE101.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
InterActual Player—>C:Program FilesInterActualInterActual Playerinuninst.exe
K-Lite Mega Codec Pack 4.9.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
L&H TTS3000 Deutsch—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSGED.inf, Uninstall
L&H TTS3000 Espaсol—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSSPE.inf, Uninstall
L&H TTS3000 Franзais—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSFRF.inf, Uninstall
L&H TTS3000 Italiano—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSITI.inf, Uninstall
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
Logitech Gaming Software—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C1DA723-24FC-48AD-93BA-925695C3EF26}setup.exe» -l0x9 -removeonly
Macromedia Dreamweaver 8—>MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager—>MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder—>MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8—>MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Mail.Ru Агент 5.3 (сборка 2552, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.54—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime—>MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Mobile Partner—>C:Program FilesMobile Partneruninst.exe
Mozilla Firefox (3.0.15)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Need for Speed™ ProStreet—>E:gamesNFSProunwise.exe
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NevoSoft Paparazzi (remove only)—>»C:Program FilesИгры от NevoSoftPaparazziuninstall.exe»
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Opera 9.20—>MsiExec.exe /X{FC0C72DD-A491-43FF-B377-67273E4D94D7}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Perfect World 1.3.4.2265—>»E:gamesPerfect Worldunins000.exe»
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
ProLing Office—>C:WINDOWSIsUn0419.exe -f»C:Program FilesProLingUninst.isu» -c»C:Program FilesProLinguninstal.dll»
PROMT Expert 8 Giant Try-Buy—>MsiExec.exe /I{A4F761F7-FBC8-49BF-BC37-15550C3EAA85}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
SAMSUNG CDMA Modem Driver Set—>C:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software—>C:WINDOWSsystem32Samsung_USB_Drivers6SSBCUninstall.exe
Samsung Mobile phone USB driver Software—>C:WINDOWSsystem32Samsung_USB_Drivers5SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio 3—>»C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -runfromtemp -l0x0019 -removeonly
Segoe UI—>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.224—>MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Sony Ericsson PC Suite for Smartphones—>MsiExec.exe /I{5C4D6CD2-A11F-4BEA-9871-6A92E596B1C8}
Sony Ericsson Symbian 9 Drivers—>C:Program FilesSony EricssonSony Ericsson Symbian 9 DriversZEBRUninstall.exe
Sony Sound Forge 7.0—>MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
SuperCopier2—>»C:Program FilesSuperCopier2SC2Uninst.exe»
TopServer 2.1—>»C:Program FilesTopServer 2.1uninstall.exe»
Total Commander 7.01 Total Commander 7.01 PowerPack 1.10—>»C:Program FilesTotal Commanderuninstall.exe»
Update Service—>C:Program FilesSony EricssonUpdate Serviceuninst.exe
VIMICRO USB PC Camera V—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}setup.exe» -l0x9
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Live Communications Platform—>MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger—>MsiExec.exe /X{4740F152-2F61-4DEF-80C4-BFDEC8D928C3}
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Агент Вконтакте v1.16—>C:Program FilesAgent Vkontakteuninst.exe
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
еда выполнения Visual Studio 2005 Tools for Office, второй выпуск—>C:Program FilesCommon FilesMicrosoft SharedVSTO8.0Microsoft Visual Studio 2005 Tools for Office Runtimeinstall.exe
Основные компоненты Windows Live—>C:Program FilesWindows LiveInstallerwlarp.exe
Основные компоненты Windows Live—>MsiExec.exe /I{C26868BF-3550-4BA2-9B75-8876C5F3D9B1}
Помощник по входу в Windows Live—>MsiExec.exe /I{A327A636-5D38-4D63-8EA9-477B528D3CC2}
Средство передачи Windows Live—>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

======Hosts File======

127.0.0.1 localhost prime second photo-art

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: USER
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.

Record Number: 39412
Source Name: Service Control Manager
Time Written: 20090914202402.000000+240
Event Type: информация
User:

Computer Name: USER
Event Code: 7035
Message: Служба «Служба обнаружения SSDP» успешно отправила управляющий элемент «запустить».

Record Number: 39411
Source Name: Service Control Manager
Time Written: 20090914202357.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: USER
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.

Record Number: 39410
Source Name: Service Control Manager
Time Written: 20090914202356.000000+240
Event Type: информация
User:

Computer Name: USER
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.

Record Number: 39409
Source Name: Service Control Manager
Time Written: 20090914202356.000000+240
Event Type: информация
User:

Computer Name: USER
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».

Record Number: 39408
Source Name: Service Control Manager
Time Written: 20090914202356.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM

=====Application event log=====

Computer Name: USER
Event Code: 100
Message: usrlocalmysql5binmysqld-max-nt.exe: ready for connections.
Version: ‘5.0.18-nt-max’ socket: » port: 3306 MySQL Community Edition (GPL)

For more information, see Help and Support Center at http://www.mysql.com.

Record Number: 5334
Source Name: MySQL
Time Written: 20081226234024.000000+180
Event Type: информация
User:

Computer Name: USER
Event Code: 1
Message:
Record Number: 5333
Source Name: Bonjour Service
Time Written: 20081226234023.000000+180
Event Type: информация
User:

Computer Name: USER
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 5332
Source Name: SecurityCenter
Time Written: 20081226234018.000000+180
Event Type: информация
User:

Computer Name: USER
Event Code: 0
Message:
Record Number: 5331
Source Name: RichVideo
Time Written: 20081226234018.000000+180
Event Type: информация
User:

Computer Name: USER
Event Code: 100
Message: usrlocalmysql5binmysqld-max-nt.exe: ready for connections.
Version: ‘5.0.18-nt-max’ socket: » port: 3306 MySQL Community Edition (GPL)

For more information, see Help and Support Center at http://www.mysql.com.

Record Number: 5330
Source Name: MySQL
Time Written: 20081226233340.000000+180
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesTeleca Shared;C:Program FilesIntuwaveSharedmRouterRuntime;C:Program FilesSamsungSamsung PC Studio 3;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 6 Stepping 5, GenuineIntel
«PROCESSOR_REVISION»=0605
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«DEFAULT_CA_NR»=CA8
«CLASSPATH»=C:Program FilesQuickTimeQTSystemQTJava.zip
«QTJAVA»=C:Program FilesQuickTimeQTSystemQTJava.zip

---

EOF

---

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Администратор at 2009-11-06 20:40:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (6%) free of 30 GB
Total RAM: 1535 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:59, on 06.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5503)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesBurnAware Professionalnmsaccessu.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesSuperCopier2SuperCopier2.exe
C:Program FilesLogitechProfilerlwemon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesAgent VkontakteAgentVkontakte.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wscntfy.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalprogramapachestart.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1IntuwaveSharedMROUTE~1MROUTE~2.EXE
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32DllHost.exe
C:Program FilesOperaOpera.exe
C:Program FilesTotal CommanderTotalcmd.exe
C:Program FilesMobile PartnerMobile Partner.exe
C:WINDOWSsystem32taskmgr.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microАдминистратор.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [PC Suite for Smartphones] «C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [FineReader7NewsReaderPro] C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe»
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [BigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
O4 — HKCU..Run: [Start WingMan Profiler] «C:Program FilesLogitechProfilerlwemon.exe» /noui
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKCU..Run: [NBJ] «C:Program FilesAheadNero BackItUpNBJ.exe»
O4 — HKCU..Run: [VKontakte] C:Program FilesAgent VkontakteAgentVkontakte.exe
O4 — HKCU..Run: [msnmsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Online-словари — C:Program FilesPRMT8PRMTIEoda.htm
O8 — Extra context menu item: Автоматически определить шаблон тематики — C:Program FilesPRMT8PRMTIEaot.htm
O8 — Extra context menu item: Настроить параметры перевода — C:Program FilesPRMT8PRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — C:Program FilesPRMT8PRMTIEinfopanel.htm
O8 — Extra context menu item: Открыть словарную статью — C:Program FilesPRMT8PRMTIEaddentry.htm
O8 — Extra context menu item: Перевести — C:Program FilesPRMT8PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesPRMT8PRMTIEpage.htm
O8 — Extra context menu item: Поиск в Интернете — C:Program FilesPRMT8PRMTIEsearch.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O17 — HKLMSystemCCSServicesTcpip..{01C1994A-EF8B-4DBD-A203-50F7965C168D}: NameServer = 77.109.1.8 77.109.1.9
O17 — HKLMSystemCS1ServicesTcpip..{01C1994A-EF8B-4DBD-A203-50F7965C168D}: NameServer = 77.109.1.8 77.109.1.9
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NMIndexingService — Unknown owner — C:Program FilesCommon FilesAheadLibNMIndexingService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesBurnAware Professionalnmsaccessu.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 12700 bytes

======Scheduled tasks folder======

C:WINDOWStasksAt1.job
C:WINDOWStasksAt2.job
C:WINDOWStasksSystem Check.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-16 676704]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-09-14 256112]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll [2009-09-14 458736]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-16 676704]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-09-14 256112]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«High Definition Audio Property Page Shortcut»=C:WINDOWSsystem32HDAShCut.exe [2004-10-27 61952]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-18 925696]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-07-26 716800]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-08-11 7630848]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-08-11 86016]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2005-12-07 30208]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-04-13 49152]
«PC Suite for Smartphones»=C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe [2006-04-11 487424]
«»= []
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2005-10-26 159744]
«FineReader7NewsReaderPro»=C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-08-05 278528]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe []
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-01-16 5598392]
«BigDog305″=C:WINDOWSVM305_STI.EXE [2005-08-05 61440]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2006-09-26 35328]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2009-02-03 155648]
«MSConfig»=C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe [2008-03-07 171008]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«SuperCopier2.exe»=C:Program FilesSuperCopier2SuperCopier2.exe [2006-07-07 1052672]
«Start WingMan Profiler»=C:Program FilesLogitechProfilerlwemon.exe [2005-04-18 73728]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-01-03 68856]
«NBJ»=C:Program FilesAheadNero BackItUpNBJ.exe []
«VKontakte»=C:Program FilesAgent VkontakteAgentVkontakte.exe [2008-12-26 3522048]
«msnmsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe [2008-12-02 3882312]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregamva]
C:WINDOWSsystem32amvo.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2008-03-07 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregegui]
C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-02-06 2021400]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2007-06-25 2893800]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableRegistryTools»=1
«DisableCMD»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoFolderOptions»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«E:gamesLost Planet Extreme ConditionLostPlanetDx9.exe»=»E:gamesLost Planet Extreme ConditionLostPlanetDx9.exe:*:Enabled:LostPlanetDx9»
«C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe»=»C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe:*:Enabled:mRouterRuntime Module»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{01d13e2e-b78f-11dc-a2bf-001a9264111e}]
shellAutocommand — H:activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — H:activexdebugger32.exe f
shellopencommand — H:activexdebugger32.exe f

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{041068e4-d8cd-11dd-a4fe-001a9264111e}]
shellAutoRuncommand — H:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{041068e5-d8cd-11dd-a4fe-001a9264111e}]
shellAutoRuncommand — H:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{05f60d1e-b742-11dd-a4a4-001a9264111e}]
shellAutocommand — H:activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — H:activexdebugger32.exe f
shellopencommand — H:activexdebugger32.exe f

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{181a200e-a832-11dc-a299-001a9264111e}]
shellAutocommand — H:activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — H:activexdebugger32.exe f
shellopencommand — H:activexdebugger32.exe f

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4b7b06d0-5bc4-11dc-a19c-001a9264111e}]
shellAutoRuncommand — H:LaunchU3.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{51329ba4-45c7-11dd-a3e3-001a9264111e}]
shellAutocommand — H:activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — H:activexdebugger32.exe f
shellopencommand — H:activexdebugger32.exe f

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7f7cf8fa-4f19-11dd-a3f3-001a9264111e}]
shellAutoRuncommand — H:u.bat
shellexplorecommand — H:u.bat
shellopencommand — H:u.bat

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{83b55d66-e586-11dd-a529-001a9264111e}]
shellAutoRuncommand — H:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{97ae7998-fa5d-11dc-a35b-001a9264111e}]
shellAutocommand — H:activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — H:activexdebugger32.exe f
shellopencommand — H:activexdebugger32.exe f

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8b1faaf-bb69-11dc-a2c9-001a9264111e}]
shellAutocommand — H:activexdebugger32.exe f
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shellexplorecommand — H:activexdebugger32.exe f
shellopencommand — H:activexdebugger32.exe f

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f27c72ca-d670-11dd-a4f9-001a9264111e}]
shellAutoRuncommand — H:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f27c72cd-d670-11dd-a4f9-001a9264111e}]
shellAutoRuncommand — H:AutoRun.exe

======File associations======

.js — edit — «C:Program FilesMacromediaDreamweaver 8dreamweaver.exe» «%1»

======List of files/folders created in the last 1 months======

2009-11-06 20:40:53 —-D—- C:Program Filestrend micro
2009-11-06 20:40:52 —-D—- C:rsit
2009-11-06 15:16:22 —-D—- C:WINDOWSLastGood
2009-11-06 15:15:48 —-D—- C:Program FilesESET
2009-11-05 17:44:39 —-A—- C:WINDOWSsystem32syschk32.exe
2009-11-05 17:44:39 —-A—- C:WINDOWSsystem32el32.dll
2009-10-14 11:57:50 —-D—- C:My Music
2009-10-14 11:56:03 —-D—- C:Documents and SettingsAll UsersApplication DataTEMP

======List of files/folders modified in the last 1 months======

2009-11-06 20:41:55 —-D—- C:WINDOWSTemp
2009-11-06 20:41:32 —-D—- C:WINDOWSPrefetch
2009-11-06 20:40:53 —-D—- C:Program Files
2009-11-06 20:29:42 —-A—- C:WINDOWSModemLog_HUAWEI Mobile Connect — 3G Modem.txt
2009-11-06 19:59:16 —-SH—- C:boot.ini
2009-11-06 19:59:16 —-A—- C:WINDOWSwin.ini
2009-11-06 19:59:16 —-A—- C:WINDOWSsystem.ini
2009-11-06 18:45:26 —-D—- C:Program FilesMozilla Firefox
2009-11-06 18:37:39 —-D—- C:Program FilesQIP
2009-11-06 15:16:53 —-SHD—- C:WINDOWSInstaller
2009-11-06 15:16:37 —-HD—- C:WINDOWSinf
2009-11-06 15:16:37 —-D—- C:WINDOWSsystem32drivers
2009-11-06 15:16:22 —-D—- C:WINDOWS
2009-11-06 15:16:21 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-06 15:08:59 —-D—- C:Program FilesTopServer 2.1
2009-11-06 15:07:06 —-A—- C:WINDOWSSchedLgU.Txt
2009-11-05 17:44:39 —-SD—- C:WINDOWSTasks
2009-11-05 17:44:39 —-D—- C:WINDOWSsystem32
2009-10-30 16:48:42 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2009-10-25 09:56:09 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-10-22 16:26:57 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2009-10-14 16:46:53 —-A—- C:Documents and SettingsАдминистраторApplication Databurnaware.ini
2009-10-14 11:55:56 —-D—- C:Program FilesEasy CD-DA Extractor 11

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-03-07 40704]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-07-04 151552]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-12-19 92800]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-03-06 144384]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:WINDOWSsystem32DRIVERSewusbmdm.sys [2007-08-24 101120]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-08-11 3958496]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2007-10-12 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-08-14 83200]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-06-07 393088]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-03-06 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-03-06 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-03-06 59520]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-03-06 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-03-06 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:WINDOWSsystem32driversWmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:WINDOWSsystem32driversWmXlCore.sys [2005-04-12 45504]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:WINDOWSsystem32DRIVERSzebrceb.sys [2009-02-02 63360]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-03-07 14720]
S3 an41oy0o;an41oy0o; C:WINDOWSsystem32driversan41oy0o.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-03-06 17024]
S3 cpuz;cpuz; ??C:DOCUME~19335~1LOCALS~1Tempcpuz.sys []
S3 cpuz126;cpuz126; ??C:DOCUME~19335~1LOCALS~1Tempcpuz.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-03-06 10368]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-03-06 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-03-06 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-03-06 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-03-06 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-03-06 15232]
S3 usb2vcom;USB Data Cable; C:WINDOWSsystem32DRIVERSusb2vcom.sys [2005-08-06 28704]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-03-06 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-03-06 15104]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:WINDOWSsystem32DRIVERSw300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSw300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSw300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSw300obex.sys [2006-03-13 85696]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:WINDOWSsystem32driversWmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:WINDOWSsystem32driversWmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:WINDOWSsystem32driversWmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-03-06 19200]
S3 zebrbus;Sony Ericsson Composite Device driver; C:WINDOWSsystem32DRIVERSzebrbus.sys [2009-02-02 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:WINDOWSsystem32DRIVERSzebrmdfl.sys [2009-02-02 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdm.sys [2009-02-02 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdmc.sys [2009-02-02 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:WINDOWSsystem32DRIVERSzebrsce.sys [2009-02-02 91264]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:WINDOWSSystem32DriversusbVM305.sys [2006-02-09 392444]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 mchInjDrv;mchInjDrv; ??C:DOCUME~19335~1LOCALS~1Tempmc22.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesBurnAware Professionalnmsaccessu.exe [2008-05-03 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-08-11 155715]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-07-28 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-08-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-19 182768]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

К компьютеру неоднократно подключали зараженные внешние диски (флешки).
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[Автор]

Сообщения