Очень прошу помогите!

[madpain]

Добрый день, прошу помогите, уже нет сил. В виндовсе появился Antivirus System Pro я перечитал ваш форум, ставил а avenger и anti-malware ничего не помогает. Установил Rsit чтобы поместить сюда логи но при запуске выскакивает табличка с надписью Application cannot be executed, file Rsist is infected. Запускаю пару раз он запускается но как только заканчивает скан пишется такая же чушь что заражён notepad.exe. Очень прошу помогите.

avira находит троян TR/BHO.whc.15 c:windowssystem32iehelper.dll но не может с ним ничего сделать

перегрузил комп, вроде успел запустить RSIT подойдет или нет незнаю ((

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-04 19:48:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 69 GB (73%) free of 95 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:52 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:WINDOWSsystem32dlbtcoms.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:Documents and SettingsOwnerDesktopRSIT.exe
C:WINDOWSsystem32wuauclt.exe
C:Program Filestrend microOwner.exe
C:WINDOWSsystem32WgaTray.exe
C:Program FilesAviraAntiVir PersonalEdition ClassicGUARDGUI.EXE
C:Program FilesAviraAntiVir PersonalEdition ClassicGUARDGUI.EXE

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsOwnerApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} — — (no file)
O1 — Hosts: ::1 localhost
O1 — Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 — Hosts: 91.212.127.226 winguard-2009.com
O1 — Hosts: 91.212.127.226 http://www.winguard-2009.com
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Search Helper — {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsOwnerApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 — BHO: Windows Live Toolbar Helper — {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} — C:Program FilesWindows LiveToolbarwltcore.dll
O3 — Toolbar: HP view — {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} — C:Program FilesHPDigital ImagingbinHPDTLK02.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 — Toolbar: &Windows Live Toolbar — {21FA44EF-376D-4D53-9B0F-8A89D3229068} — C:Program FilesWindows LiveToolbarwltcore.dll
O4 — HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 — HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 — HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [Tet-a-Tet] C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE522H1PAQYTet-A-Tet[1].exe -m
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe» /min
O4 — HKLM..Run: [WinampAgent] «C:Documents and SettingsOwnerMy DocumentsMy MusicWinampwinampa.exe»
O4 — HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKLM..Run: [kqcxlvcb] C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 — HKCU..Run: [LogitechSoftwareUpdate] «C:Program FilesLogitechVideoManifestEngine.exe» boot
O4 — HKCU..Run: [kqcxlvcb] C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe
O4 — HKUSS-1-5-18..RunOnce: [IETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..RunOnce: [IETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User ‘Default user’)
O4 — .DEFAULT User Startup: AutoTBar.exe (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя PMB.lnk = C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHpDigital Imagingbinhpqtra08.exe
O4 — Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &ICQ Toolbar Search — res://C:Program FilesICQToolbartoolbaru.dll/SEARCH.HTML
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 — Extra button: Blog This — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {85d1f590-48f4-11d9-9669-0800200c9a66} — C:WINDOWSbdoscandel.exe
O9 — Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner — {85d1f590-48f4-11d9-9669-0800200c9a66} — C:WINDOWSbdoscandel.exe
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} — (no file)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP Infium — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIP Infiuminfium.exe (HKCU)
O14 — IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125928672750
O16 — DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) — http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O23 — Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 — Service: AntiVir PersonalEdition Classic Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 — Service: dlbt_device — — C:WINDOWSsystem32dlbtcoms.exe
O23 — Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: HP WMI Interface (hpqwmi) — Hewlett-Packard Development Company, L.P. — C:Program FilesHPQSHAREDHPQWMI.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: iPod Service (iPodService) — Apple Computer, Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Unknown owner — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) — Analog Devices, Inc. — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

—
End of file — 13210 bytes

======Scheduled tasks folder======

C:WINDOWStasksGoogle Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-03-27 1088296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-09-16 308856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsOwnerApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-10-05 150768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll [2009-10-08 762864]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper — C:Program FilesWindows LiveToolbarwltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} — HP view — C:Program FilesHPDigital ImagingbinHPDTLK02.dll [2003-11-21 98304]
— []
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-15 259696]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} — &Windows Live Toolbar — C:Program FilesWindows LiveToolbarwltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«LVCOMSX»=C:WINDOWSsystem32LVCOMSX.EXE [2005-07-19 221184]
«LogitechVideoRepair»=C:Program FilesLogitechVideoISStart.exe [2005-06-08 458752]
«LogitechVideoTray»=C:Program FilesLogitechVideoLogiTray.exe [2005-06-08 217088]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2005-05-22 98304]
«Tet-a-Tet»=C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE522H1PAQYTet-A-Tet[1].exe -m []
«avgnt»=C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe [2008-07-18 266497]
«WinampAgent»=C:Documents and SettingsOwnerMy DocumentsMy MusicWinampwinampa.exe []
«DLBTCATS»=rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16 []
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-09-16 185896]
«Google Desktop Search»=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-09-16 29744]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-09-04 935288]
«kqcxlvcb»=C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe [2009-11-03 258048]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360]
«MsnMsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe [2009-07-26 3883856]
«LDM»=C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe [2005-12-05 20480]
«LogitechSoftwareUpdate»=C:Program FilesLogitechVideoManifestEngine.exe [2005-06-08 196608]
«kqcxlvcb»=C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe [2009-11-03 258048]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAGRSMMSG]
C:WINDOWSAGRSMMSG.exe [2004-08-24 88363]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregApoint]
C:Program FilesApoint2KApoint.exe [2005-02-08 159744]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeabconfg.cpl]
C:Program FilesHPQQuick Launch ButtonsEabServr.exe [2004-12-03 290816]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeTrust PestPatrol Active Protection]
none []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHotKeysCmds]
C:WINDOWSsystem32hkcmd.exe [2004-12-13 126976]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHpHP Software UpdateHPWuSchd2.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreghpWirelessAssistant]
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe [2005-04-11 794624]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIgfxTray]
C:WINDOWSsystem32igfxtray.exe [2004-12-13 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2004-10-13 278528]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLSBWatcher]
c:hpdrivershplsbwatcherlsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre1.5.0_02binjusched.exe [2005-03-04 36975]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk — C:Program FilesHpDigital Imagingbinhpqtra08.exe
Logitech Desktop Messenger.lnk — C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

C:Documents and SettingsOwnerStart MenuProgramsStartup
Инструмент проверки носителя PMB.lnk — C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxsrvc.dll [2004-12-13 348160]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesEarthLink TotalAccessTaskPanl.exe»=»C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesYahoo!MessengerYPager.exe»=»C:Program FilesYahoo!MessengerYPager.exe:*:Enabled:Yahoo! Messenger»
«C:Program FilesYahoo!MessengerYServer.exe»=»C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesLogitechDesktop Messenger8876480ProgrambackWeb-8876480.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgrambackWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:WINDOWSsystem32dlbtcoms.exe»=»C:WINDOWSsystem32dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server»
«C:Documents and SettingsOwnerApplication DataVusionWARPVideoStreamer.exe»=»C:Documents and SettingsOwnerApplication DataVusionWARPVideoStreamer.exe:*:Enabled:WARP Video Streamer»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesRealRealPlayerrealplay.exe»=»C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»

======List of files/folders created in the last 1 months======

2009-11-04 19:48:36 —-A—- C:WINDOWSsystem32iehelper.dll
2009-11-04 19:46:58 —-A—- C:avenger.txt
2009-11-04 19:02:38 —-D—- C:Program Filestrend micro
2009-11-04 19:02:37 —-D—- C:rsit
2009-11-04 18:57:25 —-A—- C:avexport.bat
2009-11-04 16:58:04 —-D—- C:Documents and SettingsOwnerApplication DataMalwarebytes
2009-11-04 16:57:32 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-11-04 16:57:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-11-04 16:55:46 —-D—- C:Avenger
2009-11-04 10:58:36 —-A—- C:WINDOWSntbtlog.txt
2009-11-03 20:10:11 —-D—- C:WINDOWSBDOSCAN8
2009-11-03 19:46:30 —-D—- C:Program FilesPanda Security
2009-11-03 07:14:11 —-D—- C:Program FilesCommon FilesAdobe
2009-11-03 07:12:39 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-11-03 07:12:26 —-D—- C:Program FilesCommon FilesAdobe AIR
2009-11-03 07:09:16 —-D—- C:Documents and SettingsAll UsersApplication DataNOS
2009-10-23 16:21:51 —-D—- C:Program FilesHobbyWare
2009-10-23 16:21:51 —-D—- C:Documents and SettingsAll UsersApplication DataPattern Maker for cross stitch
2009-10-21 16:09:50 —-D—- C:Documents and SettingsOwnerApplication DataTemplate
2009-10-19 05:14:03 —-D—- C:MI
2009-10-18 17:39:11 —-D—- C:Program FilesQIP Infium
2009-10-15 22:01:23 —-HDC—- C:WINDOWS$NtUninstallKB958869$
2009-10-15 21:58:55 —-HDC—- C:WINDOWS$NtUninstallKB969059$
2009-10-15 21:58:40 —-HDC—- C:WINDOWS$NtUninstallKB954155_WM9$
2009-10-15 21:58:21 —-HDC—- C:WINDOWS$NtUninstallKB974112$
2009-10-15 21:57:55 —-HDC—- C:WINDOWS$NtUninstallKB975025$
2009-10-15 21:57:30 —-HDC—- C:WINDOWS$NtUninstallKB974571$
2009-10-15 21:55:41 —-HDC—- C:WINDOWS$NtUninstallKB971486$
2009-10-15 21:55:20 —-HDC—- C:WINDOWS$NtUninstallKB973525$
2009-10-15 21:55:00 —-HDC—- C:WINDOWS$NtUninstallKB975467$
2009-10-12 15:14:59 —-HDC—- C:WINDOWS$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-11-04 19:49:02 —-D—- C:WINDOWSTemp
2009-11-04 19:48:38 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-04 19:48:36 —-D—- C:WINDOWSsystem32
2009-11-04 19:48:03 —-SD—- C:WINDOWSTasks
2009-11-04 19:46:59 —-D—- C:WINDOWSsystem32drivers
2009-11-04 19:46:32 —-A—- C:WINDOWSSchedLgU.Txt
2009-11-04 19:04:27 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-11-04 19:02:40 —-D—- C:WINDOWSPrefetch
2009-11-04 19:02:38 —-RD—- C:Program Files
2009-11-04 18:59:07 —-D—- C:WINDOWS
2009-11-04 18:31:14 —-SHD—- C:WINDOWSInstaller
2009-11-04 18:25:55 —-HD—- C:Config.Msi
2009-11-04 18:24:16 —-HD—- C:WINDOWSinf
2009-11-04 16:03:19 —-D—- C:Documents and Settings
2009-11-04 15:43:23 —-D—- C:Documents and SettingsOwnerApplication DataSkype
2009-11-04 14:59:50 —-D—- C:Documents and SettingsOwnerApplication DataskypePM
2009-11-04 09:41:37 —-RSHD—- C:WINDOWSsystem32dllcache
2009-11-04 09:40:08 —-HD—- C:WINDOWS$hf_mig$
2009-11-03 20:10:19 —-SD—- C:WINDOWSDownloaded Program Files
2009-11-03 15:45:27 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-11-03 07:19:31 —-D—- C:Documents and SettingsOwnerApplication DataAdobe
2009-11-03 07:19:15 —-D—- C:Program FilesAdobe
2009-11-03 07:14:11 —-D—- C:Program FilesCommon Files
2009-10-29 05:13:43 —-D—- C:WINDOWSHelp
2009-10-29 05:08:42 —-D—- C:Program Filesdl_Cats
2009-10-24 16:33:24 —-D—- C:Program FilesSymantec
2009-10-24 16:33:24 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-10-24 16:29:51 —-D—- C:Program FilesNorton AntiVirus
2009-10-24 16:27:21 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-10-23 16:21:53 —-RSD—- C:WINDOWSFonts
2009-10-23 16:21:23 —-D—- C:WINDOWSDownloaded Installations
2009-10-22 03:19:04 —-A—- C:WINDOWSsystem32mshtml.dll
2009-10-16 07:01:37 —-D—- C:WINDOWSMicrosoft.NET
2009-10-16 07:01:14 —-RSD—- C:WINDOWSassembly
2009-10-15 22:05:07 —-D—- C:WINDOWSWinSxS
2009-10-15 22:02:13 —-A—- C:WINDOWSimsins.BAK
2009-10-15 22:02:01 —-D—- C:Program FilesInternet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-05-28 75096]
R1 eabfiltr;EABFiltr; ??C:WINDOWSsystem32driversEABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]
R2 fssfltr;FssFltr; C:WINDOWSsystem32DRIVERSfssfltr_tdi.sys [2009-08-05 54752]
R3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2004-08-24 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:WINDOWSsystem32DRIVERSApfiltr.sys [2005-01-31 109319]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys [2004-09-14 13872]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2004-12-13 776157]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driverslvusbsta.sys [2005-05-27 22016]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:WINDOWSsystem32DRIVERSNuidFltr.sys [2009-05-09 14736]
R3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2005-05-27 7136]
R3 PID_08A0;QuickCam IM(PID_08A0); C:WINDOWSsystem32DRIVERSLV302AV.SYS [2005-05-27 913280]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 senfilt;senfilt; C:WINDOWSsystem32driverssenfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2004-09-01 259648]
R3 tifm21;tifm21; C:WINDOWSsystem32driverstifm21.sys [2005-03-16 159488]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:WINDOWSsystem32DRIVERSw29n51.sys [2004-11-22 3222784]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:WINDOWSsystem32DRIVERSbcmwl5.sys [2005-03-10 371712]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-01-18 55320]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; ??C:WINDOWSsystem32driverseabusb.sys []
S3 MidiSyn;MidiSyn; C:WINDOWSsystem32driversMidiSyn.sys [2002-09-20 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Casio Digital Camera; C:WINDOWSsystem32DRIVERSqv2kux.sys [2001-08-17 3328]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 sffdisk;SFF Storage Class Driver; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe [2008-10-24 151297]
R2 dlbt_device;dlbt_device; C:WINDOWSsystem32dlbtcoms.exe [2007-06-07 538096]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2005-02-22 38912]
R2 SeaPort;SeaPort; C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe [2009-05-19 240512]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:Program FilesAnalog DevicesSoundMAXSMAgent.exe [2002-09-20 45056]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2009-08-05 704864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-09-16 29744]
S3 hpqwmi;HP WMI Interface; C:Program FilesHPQSHAREDHPQWMI.exe [2005-03-04 98304]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 iPodService;iPod Service; C:Program FilesiPodbiniPodService.exe [2004-10-13 327680]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

---

EOF

---

[madpain]

info.txt logfile of random’s system information tool 1.06 2009-11-04 19:02:49

======Uninstall list======

—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
—>C:Program FilesInstallShield Installation Information{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}setup.exe -runfromtemp -l0x0019 -removeonly
—>C:Program FilesInstallShield Installation Information{B2C4A8C4-AA20-425D-9FEE-C78039238C81}setup.exe -runfromtemp -l0x0019 -removeonly
—>C:Program FilesInstallShield Installation Information{D2A98502-8929-420F-AD48-086B1FD5CDEA}setup.exe -runfromtemp -l0x0019 -removeonly
—>C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Acrobat.com—>msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com—>MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR—>c:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 9.2—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Agere Systems AC’97 Modem—>agrsmdel
ALPS Touch Pad Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}setup.exe» UNINSTALL
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir PersonalEdition ClassicSETUP.EXE /REMOVE
Google Desktop—>C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_9DE96A29E721D90A.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater—>»C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe» -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Hotfix for Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix for Windows XP (KB954708)—>»C:WINDOWS$NtUninstallKB954708$spuninstspuninst.exe»
Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Hotfix for Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
HP Help and Support—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}setup.exe» -l0x9 -removeonly
HP Image Zone 4.8.5—>C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.5—>C:Program FilesHPDigital Imaging{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}setuphpzscr01.exe -datfile hpdscr01.dat
HP Pavillion dv4000 User Guides—>C:PROGRA~1HPQUNWISE.EXE C:PROGRA~1HPQINSTALL.LOG
HP Wireless Assistant 1.01 A3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}setup.exe» -l0x9 hpquninst
HPIZplus450—>MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver for Mobile—>RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx2ID PCIVEN_8086&DEV_2792 PCIVEN_8086&DEV_2592
iTunes—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 2—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Junk Mail filter update—>MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 2.71 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}Setup.exe» -l0x9 UNINSTALL
Logitech Print Service—>C:PROGRA~1LogitechPRINTS~1UNWISE.EXE C:PROGRA~1LogitechPRINTS~1INSTALL.LOG
Logitech QuickCam Software—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C43048A9-742C-4DAD-90D2-E3B53C9DB825}setup.exe» -l0x9
Logitech® Camera Driver—>»C:Program FilesCommon FilesLogitechQCDRVBINSETUP.EXE» UNINSTALL REMOVEPROMPT
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1 Security Update (KB953297)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM953297M953297Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard—>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office 2000 Disc 2—>MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional—>MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Search Enhancement Pack—>MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight—>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]—>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)—>MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)—>MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Works—>MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music Transfer—>C:Program FilesInstallShield Installation Information{CE2121C6-C94D-4A73-8EA4-6943F33EE335}setup.exe -runfromtemp -l0x0019 -removeonly
muvee autoProducer 4.0 — SE—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{534AA552-E1F1-4965-B2AA-FBDEB0730D60}setup.exe» -l0x9
Panda ActiveScan 2.0—>C:Program FilesPanda SecurityActiveScan 2.0as2uninst.exe
Pattern Maker Viewer — v4—>MsiExec.exe /I{DE5D78ED-145E-4FA3-9D75-C92A09E1FEB1}
Photo Story 3 for Windows—>MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2—>»C:Program FilesPicasa2Uninstall.exe»
Quick Launch Buttons 5.10 A2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CEB326EC-8F40-47B2-BA22-BB092565D66F}setup.exe» -l0x9 -uninst
QuickTime—>C:WINDOWSunvise32qt.exe C:WINDOWSsystem32QuickTimeUninstall.log
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)—>»C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe»
Security Update for Step By Step Interactive Training (KB923723)—>»C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB928090)—>»C:WINDOWSie7updatesKB928090-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB931768)—>»C:WINDOWSie7updatesKB931768-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB933566)—>»C:WINDOWSie7updatesKB933566-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB937143)—>»C:WINDOWSie7updatesKB937143-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB939653)—>»C:WINDOWSie7updatesKB939653-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB942615)—>»C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB950759)—>»C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB963027)—>»C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB969897)—>»C:WINDOWSie8updatesKB969897-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB971961)—>»C:WINDOWSie8updatesKB971961-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB972260)—>»C:WINDOWSie8updatesKB972260-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB974455)—>»C:WINDOWSie8updatesKB974455-IE8spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB954155)—>»C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB911565)—>»C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Security Update for Windows XP (KB958869)—>»C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Security Update for Windows XP (KB961371)—>»C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe»
Security Update for Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Security Update for Windows XP (KB969059)—>»C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe»
Security Update for Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Security Update for Windows XP (KB971486)—>»C:WINDOWS$NtUninstallKB971486$spuninstspuninst.exe»
Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Security Update for Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Security Update for Windows XP (KB973525)—>»C:WINDOWS$NtUninstallKB973525$spuninstspuninst.exe»
Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Security Update for Windows XP (KB974112)—>»C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe»
Security Update for Windows XP (KB974571)—>»C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe»
Security Update for Windows XP (KB975025)—>»C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe»
Security Update for Windows XP (KB975467)—>»C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe»
Segoe UI—>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic Audio Module—>MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module—>MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module—>MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler—>MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus—>MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager—>MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility—>C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe -runfromtemp -l0x0019 uninstall -removeonly
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x9 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Windows Internet Explorer 8 (KB971180)—>»C:WINDOWSie8updatesKB971180-IE8spuninstspuninst.exe»
Update for Windows Internet Explorer 8 (KB976749)—>»C:WINDOWSie8updatesKB976749-IE8spuninstspuninst.exe»
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB961503)—>»C:WINDOWS$NtUninstallKB961503$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
UserGuides—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{02E22217-0E96-4C3F-B831-83AA942B7715}setup.exe» -l0x9
Winamp Toolbar for Firefox—>»C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesdnhmkek1.defaultextensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}uninstall.exe»
Windows Genuine Advantage v1.3.0254.0—>MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Live Call—>MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform—>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials—>C:Program FilesWindows LiveInstallerwlarp.exe
Windows Live Essentials—>MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety—>MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Mail—>MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger—>MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery—>MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant—>MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync—>MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar—>MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool—>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer—>MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 13 Stepping 8, GenuineIntel
«PROCESSOR_REVISION»=0d08
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«SonicCentral»=C:Program FilesCommon FilesSonic SharedSonic Central

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Запустите HijackThis, для этого кликните Пуск, Выполнить, введите

C:Program Filestrend microOwner.exe

и нажмите Enter.
Если программа не будет запускаться, то зайдите в папку C:Program Filestrend micro, найдите файл Owner.exe или Owner и переименуйте его в explorer.exe или explorer, соответственно.
Запустите это файл.
Откроется главное меню программы HijackThis.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com

O1 - Hosts: 91.212.127.226 winguard-2009.com

O1 - Hosts: 91.212.127.226 http://www.winguard-2009.com

O4 - HKLM..Run: [kqcxlvcb] C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe

O4 - HKCU..Run: [kqcxlvcb] C:Documents and SettingsOwnerLocal SettingsApplication Dataecgcujahnvsysguard.exe

Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.

Запустите Malwarebytes Anti-malware и выполните полное сканирование. Удалите найденные заражённые объекты.
В конце работы программы будет показан лог, его содержимое вставьте в ваш ответ и ещё приложите свежий RSIT лог (только log.txt).

[Автор]

Сообщения