Помогите избавиться от Антивирус Про 2010!

[Georgina]

Добрый день!
Эта популярная зараза проникла и на мой комп! Помогите, пожалуйста.
Вот результаты сканирования RSIT:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Sergey at 2009-09-30 19:50:46
Microsoft Windows XP Professional Service Pack 2
System drive E: has 39 MB (0%) free of 20 GB
Total RAM: 1022 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:00, on 30.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:Program FilesInternet Exploreriexplore.exe
E:WINDOWSATKKBService.exe
E:WINDOWSsystem32CTsvcCDA.EXE
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSExplorer.exe
E:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe
E:PROGRA~1TWINTO~1MouseElf.EXE
E:Program FilesDAEMON Toolsdaemon.exe
E:Program FilesQuickTimeqttask.exe
E:Program FilesPanasonicUSB GEARDECTWinApp.exe
E:Program FilesWinampwinampa.exe
E:Program FilesHPHP Software UpdateHPWuSchd2.exe
E:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe
E:WINDOWSTempwpv821254042811.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesCreativeMediaSourceDetectorCTDetect.exe
C:Program FilesASUSSmartDoctorSmartDoctor.exe
E:Program FilesMessengermsmsgs.exe
E:Program FilesMicrosoft ActiveSyncwcescomm.exe
E:Program FilesuTorrentuTorrent.exe
E:Program FilesSkypePhoneSkype.exe
E:Documents and SettingsSergeyApplication Dataseres.exe
E:Documents and SettingsSergeyApplication Datasvcst.exe
E:WINDOWSsystem32cftmons.exe
E:Program FilesTwinTouch LuxeMateEMouse.exe
E:Program FilesHPDigital Imagingbinhpqtra08.exe
E:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
E:PROGRA~1MICROS~3rapimgr.exe
E:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
E:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
E:Program FilesHPDigital ImagingbinhpqSTE08.exe
E:Program FilesSkypePlugin ManagerskypePM.exe
E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
E:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe
E:DOCUME~1SergeyLOCALS~1TempAdobelm_Cleanup.0001
E:DOCUME~1SergeyLOCALS~1TempAdobelm_Cleanup.0001
E:WINDOWSsystem32svchost.exe
E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE
E:Program FilesInternet Exploreriexplore.exe
E:Program FilesHPSmart Web Printinghpswp_clipbook.exe
E:Documents and SettingsSergeyDesktopRSIT.exe
E:Program Filestrend microSergey.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — E:PROGRA~1ICQTOO~1toolbaru.dll
F2 — REG:system.ini: Shell=Explorer.exe work.exe
O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — E:Program FilesHPSmart Web Printinghpswp_printenhancer.dll
O2 — BHO: HP Print Clips — {053F9267-DC04-4294-A72C-58F732D338C0} — E:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — E:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: (no name) — {36DBC179-A19F-48F2-B16A-6A3E19B42A87} — E:WINDOWSsystem32ipv6monl.dll
O2 — BHO: ConnectionServices module — {6D7B211A-88EA-490c-BAB9-3600D8D7C503} — E:Program FilesConnectionServicesConnectionServices.dll
O2 — BHO: RuPass module — {954A0637-9147-4b5e-964E-9F20E58FC29D} — E:Program FilesRuPassRuPass.dll
O2 — BHO: MyCentria Internet Mate v2.3 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — E:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — E:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: Pochta.ru — {413F641E-1E05-49A1-B066-70692CE31165} — E:Program FilesPochtaRuPochtaBarpochtabar.dll
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — E:Program FilesCanonEasy-WebPrintToolband.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — E:PROGRA~1ICQTOO~1toolbaru.dll
O4 — HKLM..Run: [CTSysVol] E:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [mouseElf] E:PROGRA~1TWINTO~1MouseElf.EXE
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [QuickTime Task] «E:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [DECTWinApp] «E:Program FilesPanasonicUSB GEARDECTWinApp.exe» /S
O4 — HKLM..Run: [WinampAgent] E:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [HP Software Update] E:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [NexusServer] «E:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe» -SelfLaunch
O4 — HKLM..Run: [sysgif32] E:WINDOWSTempwpv821254042811.exe
O4 — HKLM..Run: [restorer32_a] E:WINDOWSsystem32restorer32_a.exe
O4 — HKLM..Run: [Regedit32] E:WINDOWSsystem32regedit.exe
O4 — HKLM..Run: [Antivirus Pro 2010] «E:Program FilesAntivirusPro_2010AntivirusPro_2010.exe» /hide
O4 — HKCU..Run: [CTFMON.EXE] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Creative Detector] E:Program FilesCreativeMediaSourceDetectorCTDetect.exe /R
O4 — HKCU..Run: [ASUS SmartDoctor] C:Program FilesASUSSmartDoctorSmartDoctor.exe /start
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [updateMgr] E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_5
O4 — HKCU..Run: [mswindws] mssql.exe
O4 — HKCU..Run: [H/PC Connection Agent] «E:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [uTorrent] «E:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [Skype] «E:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [restorer32_a] E:Documents and SettingsSergeyrestorer32_a.exe
O4 — HKCU..Run: [mserv] E:Documents and SettingsSergeyApplication Dataseres.exe
O4 — HKCU..Run: [svchost] E:Documents and SettingsSergeyApplication Datasvcst.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: ikowin32.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: Bluetooth Manager.lnk = ?
O4 — Global Startup: HP Digital Imaging Monitor.lnk = E:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Найти с помощью Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — E:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — E:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — E:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra button: Альбом клипов HP — {58ECB495-38F0-49cb-A538-10282ABF65E7} — E:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 — Extra button: Расширенный выбор HP — {700259D7-1666-479a-93B1-3250410481E8} — E:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — E:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O16 — DPF: {33331111-1111-1111-1111-611111193423} —
O16 — DPF: {33331111-1111-1111-1111-611111193429} — http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 — DPF: {33331111-1111-1111-1111-615111193427} —
O16 — DPF: {33331111-1131-1111-1111-611111193428} —
O16 — DPF: {33331111-1234-1111-1111-615111193427} — http://www.www2.p0rt2.com/files/epl165bd.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — E:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: arm32reg — E:Documents and SettingsAll UsersDocumentsSettingsarm32.dll
O21 — SSODL: SystemCheck2 — {54645654-2225-4455-44A1-9F4543D34546} — E:WINDOWSsystem32vbsys2.dll (file missing)
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — E:WINDOWSATKKBService.exe
O23 — Service: Creative Service for CDROM Access — Creative Technology Ltd — E:WINDOWSsystem32CTsvcCDA.EXE
O23 — Service: NBService — Nero AG — E:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: SpIDer Guard for Windows NT (spidernt) — Doctor Web, Ltd. — E:PROGRA~1DrWebSpiderNT.exe
O23 — Service: stllssvr — MicroVision Development, Inc. — E:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 — Service: ZZZsvc_lich — Unknown owner — E:lich.exe
O24 — Desktop Component 0: (no name) — http://www.onvelo.ru/img/dot.gif

—
End of file — 11454 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — E:Program FilesHPSmart Web Printinghpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips — E:Program FilesHPSmart Web Printinghpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — E:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
E:WINDOWSsystem32ipv6monl.dll [2007-12-12 64216]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
ConnectionServices Class — E:Program FilesConnectionServicesConnectionServices.dll [2007-11-03 399872]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{954A0637-9147-4b5e-964E-9F20E58FC29D}]
RuPass Class — E:Program FilesRuPassRuPass.dll [2007-05-30 45056]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.3 — E:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL [2008-12-22 690688]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — E:Program FilesRambler AssistantramblertoolbarU0.dll [2007-08-01 800240]
{413F641E-1E05-49A1-B066-70692CE31165} — Pochta.ru — E:Program FilesPochtaRuPochtaBarpochtabar.dll [2007-07-28 132867]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — E:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — E:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«CTSysVol»=E:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe [2005-02-15 57344]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2006-02-13 7557120]
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2006-02-13 86016]
«mouseElf»=E:PROGRA~1TWINTO~1MouseElf.EXE [2004-08-26 192512]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe [2005-12-10 133016]
«QuickTime Task»=E:Program FilesQuickTimeqttask.exe [2006-08-11 77824]
«DECTWinApp»=E:Program FilesPanasonicUSB GEARDECTWinApp.exe [2005-07-26 3211264]
«WinampAgent»=E:Program FilesWinampwinampa.exe [2003-12-13 33792]
«HP Software Update»=E:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«NexusServer»=E:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe [2007-03-26 389120]
«sysgif32″=E:WINDOWSTempwpv821254042811.exe [2009-09-29 36352]
«restorer32_a»=E:WINDOWSsystem32restorer32_a.exe [2009-09-29 43520]
«Regedit32″=E:WINDOWSsystem32regedit.exe []
«Antivirus Pro 2010″=E:Program FilesAntivirusPro_2010AntivirusPro_2010.exe /hide []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=E:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«Creative Detector»=E:Program FilesCreativeMediaSourceDetectorCTDetect.exe [2004-12-02 102400]
«ASUS SmartDoctor»=C:Program FilesASUSSmartDoctorSmartDoctor.exe [2006-02-21 1073152]
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]
«updateMgr»=E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_5 []
«mswindws»=E:WINDOWSsystem32mssql.exe [2008-04-05 49152]
«H/PC Connection Agent»=E:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]
«uTorrent»=E:Program FilesuTorrentuTorrent.exe [2009-07-14 288048]
«Skype»=E:Program FilesSkypePhoneSkype.exe [2009-07-16 25604904]
«restorer32_a»=E:Documents and SettingsSergeyrestorer32_a.exe [2009-09-29 43520]
«mserv»=E:Documents and SettingsSergeyApplication Dataseres.exe [2009-09-30 13312]
«svchost»=E:Documents and SettingsSergeyApplication Datasvcst.exe [2009-09-29 13312]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDrWebScheduler]
E:Program FilesDrWebDRWEBSCD.EXE [2007-02-28 124416]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
E:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
E:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregP17Helper]
Rundll32 P17.dll,P17Helper []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerMail]
E:Program FilesDrWebspiderml.exe [2007-02-28 163832]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerNT]
E:PROGRA~1DrWebspidernt.exe [2006-05-02 118784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdReg]
E:WINDOWSUpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderE:^Documents and Settings^Sergey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
E:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2005-03-16 113664]

E:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk — E:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
Bluetooth Manager.lnk — E:Program FilesToshibaBluetooth Toshiba StackTosBtMng1.exe
HP Digital Imaging Monitor.lnk — E:Program FilesHPDigital Imagingbinhpqtra08.exe

E:Documents and SettingsSergeyStart MenuProgramsStartup
ikowin32.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyarm32reg]
E:Documents and SettingsAll UsersDocumentsSettingsarm32.dll [2007-09-26 15192]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
SystemCheck2 — {54645654-2225-4455-44A1-9F4543D34546} — E:WINDOWSsystem32vbsys2.dll []

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«ForceClassicControlPanel»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer»
«E:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»E:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«E:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»E:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«E:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»E:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«E:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»E:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«E:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»E:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«E:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»E:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2869fd2b-ac2c-11dd-8146-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{52b88782-c0aa-11dd-8176-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6105c68a-ee75-11dc-8045-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7847d594-9b99-11de-8289-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c0c8713b-bd27-11dd-816b-0016768e85e2}]
shellAutocommand — K:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f0e8fb50-c247-11dd-817b-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f1c1757a-7066-11de-8249-0016768e85e2}]
shellAutocommand — L:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

======File associations======

.scr — open — «%1» /S «%3»

======List of files/folders created in the last 1 months======

2009-09-30 19:50:47 —-D—- E:Program Filestrend micro
2009-09-30 19:50:46 —-D—- E:rsit
2009-09-30 10:01:50 —-A—- E:Documents and SettingsSergeyApplication Dataixijys.vbs
2009-09-30 10:01:50 —-A—- E:Documents and SettingsAll UsersApplication Dataaxicipiw.com
2009-09-29 21:46:19 —-A—- E:WINDOWSsystem32tuzijoj.dll
2009-09-29 21:46:19 —-A—- E:WINDOWSmosuzyf.exe
2009-09-29 21:46:19 —-A—- E:Program FilesCommon Filesbawu.exe
2009-09-29 21:46:19 —-A—- E:Documents and SettingsAll UsersApplication Datazyranohu.bat
2009-09-29 21:46:19 —-A—- E:Documents and SettingsAll UsersApplication Dataydivupero.vbs
2009-09-29 21:46:19 —-A—- E:Documents and SettingsAll UsersApplication Datafaxyh.bat
2009-09-29 20:31:01 —-D—- E:VKLife
2009-09-29 20:25:37 —-A—- E:Documents and SettingsSergeyApplication Datalizkavd.exe
2009-09-29 20:25:34 —-A—- E:Documents and SettingsSergeyApplication Datasvcst.exe
2009-09-29 20:25:34 —-A—- E:Documents and SettingsSergeyApplication Dataseres.exe
2009-09-29 20:25:29 —-A—- E:WINDOWSsystem32restorer32_a.exe

======List of files/folders modified in the last 1 months======

2009-09-30 19:50:47 —-RD—- E:Program Files
2009-09-30 19:47:56 —-D—- E:WINDOWSsystem32
2009-09-30 19:47:26 —-D—- E:Documents and SettingsSergeyApplication DatauTorrent
2009-09-30 19:45:05 —-D—- E:Documents and SettingsSergeyApplication DataSkype
2009-09-30 19:39:13 —-D—- E:WINDOWSTemp
2009-09-30 19:16:52 —-HD—- E:WINDOWSinf
2009-09-30 19:16:19 —-D—- E:WINDOWSsystem32CatRoot2
2009-09-30 19:15:21 —-A—- E:WINDOWSSchedLgU.Txt
2009-09-30 18:12:34 —-D—- E:WINDOWSPrefetch
2009-09-30 16:03:46 —-D—- E:Documents and SettingsSergeyApplication DataskypePM
2009-09-30 12:15:35 —-D—- E:Program FilesApollo Versatile Burner
2009-09-30 11:23:57 —-A—- E:WINDOWSwinamp.ini
2009-09-30 10:01:50 —-D—- E:WINDOWS
2009-09-30 10:01:50 —-D—- E:Program FilesCommon Files
2009-09-29 23:33:00 —-SD—- E:WINDOWSTasks
2009-09-29 22:08:06 —-D—- E:Program FilesDrWeb
2009-09-29 20:34:28 —-SHD—- E:WINDOWSInstaller
2009-09-29 20:34:28 —-HD—- E:Config.Msi
2009-09-29 20:02:28 —-D—- E:Program FilesICQToolbar
2009-09-29 19:58:50 —-A—- E:WINDOWSNeroDigital.ini
2009-09-28 23:37:15 —-D—- E:Documents and SettingsSergeyApplication DataAdobe
2009-09-19 10:37:53 —-A—- E:WINDOWSwin.ini
2009-09-06 10:52:11 —-SD—- E:Documents and SettingsSergeyApplication DataMicrosoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; E:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT; E:WINDOWSsystem32driversdrwebnet.sys [2005-10-17 5856]
R1 intelppm;Intel Processor Driver; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; E:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-04 14848]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; E:WINDOWSsystem32DRIVERStcpip6.sys [2004-08-04 223616]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; E:WINDOWSSystem32Driverstosrfcom.sys [2004-10-04 62799]
R2 cnmpar21;C; ??E:Documents and SettingsAll UsersApplication DataCanonBJIJPrinterCNMWINDOWSCanon iP5200 InstallerInst2cnmpar21.sys []
R2 EIO;EIO; ??E:WINDOWSsystem32driversEIO.sys []
R2 Hardlock;Hardlock; ??E:WINDOWSsystem32drivershardlock.sys []
R3 Arp1394;1394 ARP Client Protocol; E:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-04 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; E:WINDOWSsystem32DRIVERSctsfm2k.sys [2005-01-10 138752]
R3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2006-07-22 223128]
R3 E100B;Intel(R) PRO Network Connection Driver; E:WINDOWSsystem32DRIVERSe100b325.sys [2005-03-05 157696]
R3 genmcmnUSB;USB Scroll Mouse Driver; E:WINDOWSsystem32DRIVERSgflmouhid.sys [2004-04-19 6656]
R3 hidusb;Microsoft HID Class Driver; E:WINDOWSsystem32DRIVERShidusb.sys [2004-08-04 9600]
R3 MODEMCSA;Unimodem Streaming Filter Device; E:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; E:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; E:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-04 61824]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-02-13 3642784]
R3 ossrv;Creative OS Services Driver; E:WINDOWSsystem32DRIVERSctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; E:WINDOWSsystem32driversP17.sys [2005-07-07 1389056]
R3 pfc;Padus ASPI Shell; E:WINDOWSsystem32driverspfc.sys [2005-11-02 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2004-08-04 5888]
R3 tosporte;Bluetooth Port Driver from Toshiba; E:WINDOWSsystem32DRIVERStosporte.sys [2005-03-14 47230]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:WINDOWSsystem32DRIVERStunmp.sys [2004-08-04 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; E:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 ZZZdrv_lich;ZZZdrv_lich; ??E:lich.sys []
S2 SPIDER;SpIDer FS Monitor for Windows NT; ??E:PROGRA~1DrWebspider.sys []
S3 61883;61883 Unit Device; E:WINDOWSsystem32DRIVERS61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; E:WINDOWSsystem32DRIVERSavc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 genmcmn;Scroll Mouse Driver; E:WINDOWSsystem32DRIVERSgmfiltr.sys [2004-05-12 8064]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:WINDOWSsystem32DRIVERSHPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:WINDOWSsystem32DRIVERSHPZius12.sys [2007-03-08 21568]
S3 MSDV;Microsoft DV Camera and VCR; E:WINDOWSsystem32DRIVERSmsdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 PanasonicDECT-USBGEAR;Panasonic USB GEAR Driver; E:WINDOWSSystem32Driverspccusbdd.sys [2005-05-27 47712]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; E:WINDOWSsystem32driversToshidpt.sys [2002-10-16 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; E:WINDOWSSystem32Driverstosrfbd.sys [2005-03-08 98560]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; E:WINDOWSSystem32Driverstosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; E:WINDOWSsystem32DRIVERSTosrfhid.sys [2004-11-15 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; E:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; E:WINDOWSsystem32driversTosRfSnd.sys [2004-12-15 50048]
S3 Tosrfusb;Bluetooth USB Controller; E:WINDOWSSystem32Driverstosrfusb.sys [2004-12-21 34816]
S3 usb_rndisx;USB RNDIS Adapter; E:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 usbprint;Microsoft USB PRINTER Class; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; E:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; E:WINDOWSsystem32DRIVERSsr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; E:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 ATKKeyboardService;ATK Keyboard Service; E:WINDOWSATKKBService.exe [2005-10-18 241152]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; E:WINDOWSsystem32CTsvcCDA.EXE [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; E:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; E:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2006-02-13 143426]
R2 Pml Driver HPZ12;Pml Driver HPZ12; E:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; E:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-07-22 72704]
R3 hpqcxs08;hpqcxs08; E:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S2 spidernt;SpIDer Guard for Windows NT; E:PROGRA~1DrWebSpiderNT.exe [2006-05-02 118784]
S2 ZZZsvc_lich;ZZZsvc_lich; E:lich.exe []
S3 NBService;NBService; E:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-06-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; E:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 stllssvr;stllssvr; E:Program FilesCommon FilesSureThing Sharedstllssvr.exe [2007-05-03 74656]

---

EOF

---

info.txt logfile of random’s system information tool 1.06 2009-09-30 19:51:02

======Uninstall list======

—>»E:Program FilesCreativeSBAudigyProgramSetup.exe» /S /U /W
—>E:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>E:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{0B095086-7205-4D48-90DF-DCD16613C6D4}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{0B095086-7205-4D48-90DF-DCD16613C6D4}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{103BCDA0-E063-46AC-8028-64E78722ABA7}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{103BCDA0-E063-46AC-8028-64E78722ABA7}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{32B4B536-4443-42F0-9676-98373BE9114F}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{32B4B536-4443-42F0-9676-98373BE9114F}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{34EBD418-B8E6-4E86-89C4-33B72CF5663F}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{34EBD418-B8E6-4E86-89C4-33B72CF5663F}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{52338F65-A1C3-4CDC-B733-50051682B297}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{52338F65-A1C3-4CDC-B733-50051682B297}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{5B17E626-7885-4FC3-A66A-73548A4F01FD}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{5B17E626-7885-4FC3-A66A-73548A4F01FD}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{700932B3-A964-4878-82A2-96054622A1F7}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{700932B3-A964-4878-82A2-96054622A1F7}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{73919E2B-725C-4FAA-8473-45E063A3575F}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{73919E2B-725C-4FAA-8473-45E063A3575F}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{84F573D3-0F71-4768-978A-D35310E3FBA6}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{84F573D3-0F71-4768-978A-D35310E3FBA6}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{9194237B-7B58-40B4-A739-184AD59531A2}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{9194237B-7B58-40B4-A739-184AD59531A2}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{CB99E420-8071-48F9-9567-4A53BE7569C4}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{CB99E420-8071-48F9-9567-4A53BE7569C4}setup.exe» -l0x9 /remove
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}setup.exe» -l0x9
—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}setup.exe» -l0x9 /remove
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:WINDOWSINFPCHealth.inf
32 Bit HP CIO Components Installer—>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABC 95 Font Manager—>C:Program FilesABC95ABC95APP.EXE /UNINSTALL
Adobe After Effects 7.0—>msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe AIR—>E:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Audition 2.0—>msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0—>MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Encore DVD 2.0—>msiexec /I {2ECE7ECE-D15B-4999-8B8D-01C998F489D5}
Adobe ExtendScript Toolkit 1.0—>MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe Flash Player 10 ActiveX—>E:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>E:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Help Center 2.0—>MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Media Player—>MsiExec.exe /X{C7888C3F-0506-555F-7907-CDD3F81719A5}
Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 2.0—>msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A80000000000}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Application Suite—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{42E0C719-DD8F-46B5-AE4C-E46126824341}Setup.exe» -l0x9
Application Suite—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{6C4139B4-2FE4-45AE-94C1-FB1B3DA9A696}Setup.exe» -l0x9
Application Suite—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{EF5FBDD8-B9A5-4EAB-816C-B0724926B791}Setup.exe» -l0x19
arniWORX awxDTools — Daemon-Tools ShellExtension — 1.0.6.0—>»E:Program FilesDAEMON Toolsunins000.exe»
ASUS Enhanced Display Driver—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}setup.exe» -l0x19 -removeonly
ASUS nVIDIA Driver—>E:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1049
ASUS SmartDoctor—>E:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1049
ASUS Utilities—>E:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1049
AV Bros. Page Curl Pro 2.1 (Remove Only)—>E:Program FilesAdobeAdobe Photoshop CS2Plug-InsAV Bros Page Curl Pro 2.1AVUninstall2.exe
AviSynth 2.5—>»E:Program FilesAviSynth 2.5Uninstall.exe»
BackupDVD Pro—>E:PROGRA~1BACKUP~1UNWISE.EXE E:PROGRA~1BACKUP~1INSTALL.LOG
Bluetooth Stack for Windows by Toshiba—>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Boris RED—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{2DB53782-1B4B-4E76-A30B-232BEDB8FE7B}setup.exe» -l0x9
Canon iP5200—>E:WINDOWSsystem32CNMCP79.exe «-PRINTERNAMECanon iP5200» «-HELPERDLLE:Documents and SettingsAll UsersApplication DataCanonBJIJPrinterCNMWINDOWSCanon iP5200 InstallerInst2cnmis.dll» «-RCDLLcnmi0419.dll»
Canon Setup Utility 2.0—>»E:Program FilesCanonCanon Setup Utility 2.0Maint.exe» /Uninstall E:Program FilesCanonCanon Setup Utility 2.0uninst.ini
Canon Utilities Easy-PhotoPrint—>E:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
Canopus Codec Option—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{772E9146-D676-4869-A298-047FF2A2B92D}setup.exe» -l0x9
Canopus DV Capture—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{B215987D-5BF7-4921-A992-EF6C77D06B83}setup.exe»
Canopus DV Codec—>E:WINDOWSIsUninst.exe -f»E:Program FilesCanopusDV CodecUninst.isu»
Canopus DV File Converter—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{595B0821-BEDB-4C5C-A9A9-87B8377A70FD}Setup.exe»
Card 2006 from INVITATION.RU—>E:Program Filesinvitation.ruCard 2006Uninstall.exe
CD-LabelPrint—>»E:Program FilesCanonCD-LabelPrintUninstal.exe» Canon.CDLabelPrint.Application
Cheetah DVD Burner—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{563E2BC8-A0CA-4A81-9DD2-897BB326C679}Setup.exe»
ConnectionServices—>»E:Program FilesConnectionServicesUninstall.exe»
Creative MediaSource—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}SETUP.EXE» -l0x9 /remove
Dr.Web—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}setup.exe» -l0x19 -removeonly
Easy-WebPrint—>E:WINDOWSIsUninst.exe -f»E:Program FilesCanonEasy-WebPrintUninst.isu»
Gordian Knot Rip Pack 0.35.0—>E:Program FilesGordianKnotuninst.exe
HijackThis 2.0.2—>»E:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows XP (KB909394)—>»E:WINDOWS$NtUninstallKB909394$spuninstspuninst.exe»
HP Customer Participation Program 9.0—>E:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0—>E:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0—>E:Program FilesHPDigital ImagingOCRhpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0—>E:Program FilesHPDigital Imaging{D64BC2CF-0F12-47d7-B412-B4F3FD684253}setuphpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01—>E:Program FilesHPDigital ImagingPhotoSmartEssentialhpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing—>MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0—>E:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
HP Update—>MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply—>MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Huffyuv AVI lossless video codec (Remove Only)—>rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 E:WINDOWSINFHUFFYUV.INF
ICQ Toolbar—>regsvr32 /u /s «E:PROGRA~1ICQTOO~1toolbaru.dll»
ICQ6—>E:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe -runfromtemp -l0x0009 -removeonly
Indeo® software—>E:WINDOWSIsUninst.exe -f»E:Program FilesIntelIndeoUninst.isu»
Intel(R) PRO Network Connections Drivers—>Prounstl.exe
Light Alloy 4.4 (build 794)—>E:Program FilesLight Alloyuninst.exe
MainConcept H.264 Encoder v2—>E:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{D288C16B-8995-4F5E-9EE8-37B5A62E7F35} /l1033
Mashed—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{2EC1A4D5-4217-4ABF-A783-3706EE405716}setup.exe» -l0x9
Microsoft ActiveSync—>MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook 2007—>»E:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007—>MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Silverlight—>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
MPEGcapture for Storm—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{B8B81705-D960-4133-8F09-27E481264762}Setup.exe» -l0x9 UNINSTALL
MPEGcraftLE—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{3FBE4D3E-E7CD-43BB-8D1F-6A7CB491C529}setup.exe» -l0x9
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Ultra Edition—>MsiExec.exe /I{06051216-B116-443E-AE37-2A5B10E61049}
NVIDIA Drivers—>E:WINDOWSsystem32nvudisp.exe UninstallGUI
NVIDIA WDM Drivers—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{B023185F-F1EF-4F97-B0BD-AE6D802226D1}Setup.exe»
ORT Clock—>»E:Program FilesORT ClockORT Clock.scr» /S /Uninstall
Pochta.ru toolbar—>»E:Program FilesPochtaRuPochtaBaruninstall.exe»
ProCoder 3—>E:Program FilesInstallShield Installation Information{07D97136-A219-41FE-9FF9-E18C8A312A7E}Setup.exe -runfromtemp -l0x0009 -removeonly
QIP 2005 Uninstall—>»G:QIPunqip.exe»
QuickTime—>E:WINDOWSunvise32qt.exe E:WINDOWSsystem32QuickTimeUninstall.log
Rambler-Ассистент—>»E:Program FilesRambler Assistantuninstall.exe»
Roxio Express Labeler 3—>MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
RuPass—>»E:Program FilesRuPassUninstall.exe»
Sid Meier’s Civilization 4—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}setup.exe» -l0x19 -removeonly
Skype web features—>MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smart Map—>E:Program FilesMicrosoft ActiveSyncSmart MapUninstall.exe Smart Map
Sound Blaster Audigy—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}SETUP.EXE» -l0x9 /remove
StrongDC 2.02—>»E:Program FilesStrongDCunins000.exe»
Surround MP4 Tool 3.0.5—>E:Program FilesMP4Tooluninst.exe
Sven Bomwollen—>E:PROGRA~1SVENBO~1UNWISE.EXE E:PROGRA~1SVENBO~1INSTALL.LOG
TopPlan Ленинградская Область 2006 — Удаление—>E:Program FilesTopPlanLO 2006uninst.exe
TopPlan Санкт-Петербург 2006 — Удаление—>E:Program FilesTopPlanSPb 2006uninst.exe
TwinTouch LuxeMate—>E:Program FilesTwinTouch LuxeMateSetup.exe /Uninstall
USB GEAR—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{0F722060-3B0C-4FF8-8FD6-72F4D847DD8C}Setup.exe» -l0x19 -removeonly
VKLife 1.9—>»E:VKLifeunins000.exe»
Winamp (remove only)—>»E:Program FilesWinampUninstWA.exe»
Windows Media Format Runtime—>»E:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player 10 Hotfix — KB894476—>»E:WINDOWS$NtUninstallKB894476$spuninstspuninst.exe»
Windows Media Player 10—>»E:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
WinZip Self-Extractor—>E:Program FilesWinZip Self-Extractorwinzipse.exe -uninstall
XviD 1.2.-127 +SMP Alpha uninstall—>»E:Program FilesXviDunins000.exe»
Интернет помощник MyCentria—>E:Program FilesMyCentriaMyCentriaUninstall.exe
Ресурсы Windows Mobile—>E:Program FilesWindows Mobile Device HandbookWindows Mobile Device HandbookBinDHUninstall.exe

======Security center information======

AV: Doctor Web Anti-Virus (outdated)

======System event log======

Computer Name: MEGACOMP
Event Code: 7
Message: The device, DeviceHarddisk3D, has a bad block.

Record Number: 45954
Source Name: Disk
Time Written: 20090830224516.000000+240
Event Type: error
User:

Computer Name: MEGACOMP
Event Code: 7
Message: The device, DeviceHarddisk3D, has a bad block.

Record Number: 45953
Source Name: Disk
Time Written: 20090830224512.000000+240
Event Type: error
User:

Computer Name: MEGACOMP
Event Code: 7
Message: The device, DeviceHarddisk3D, has a bad block.

Record Number: 45952
Source Name: Disk
Time Written: 20090830224508.000000+240
Event Type: error
User:

Computer Name: MEGACOMP
Event Code: 7
Message: The device, DeviceHarddisk3D, has a bad block.

Record Number: 45951
Source Name: Disk
Time Written: 20090830224504.000000+240
Event Type: error
User:

Computer Name: MEGACOMP
Event Code: 7
Message: The device, DeviceHarddisk3D, has a bad block.

Record Number: 45950
Source Name: Disk
Time Written: 20090830224500.000000+240
Event Type: error
User:

=====Application event log=====

Computer Name: MEGACOMP
Event Code: 1517
Message: Windows saved user MEGACOMPSergey registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2073
Source Name: Userenv
Time Written: 20081025131023.000000+240
Event Type: warning
User: NT AUTHORITYSYSTEM

Computer Name: MEGACOMP
Event Code: 1000
Message: Faulting application mouseelf.exe, version 2.0.0.1, faulting module mouseelf.exe, version 2.0.0.1, fault address 0x0000007a.

Record Number: 2072
Source Name: Application Error
Time Written: 20081025104022.000000+240
Event Type: error
User:

Computer Name: MEGACOMP
Event Code: 1517
Message: Windows saved user MEGACOMPSergey registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2064
Source Name: Userenv
Time Written: 20081025102506.000000+240
Event Type: warning
User: NT AUTHORITYSYSTEM

Computer Name: MEGACOMP
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.2180, faulting module mlang.dll, version 6.0.2900.2180, fault address 0x000194a1.

Record Number: 2061
Source Name: Application Error
Time Written: 20081025102337.000000+240
Event Type: error
User:

Computer Name: MEGACOMP
Event Code: 1517
Message: Windows saved user MEGACOMPSergey registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2057
Source Name: Userenv
Time Written: 20081022102507.000000+240
Event Type: warning
User: NT AUTHORITYSYSTEM

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;E:Program FilesCommon FilesAdobeAGL
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 6 Stepping 2, GenuineIntel
«PROCESSOR_REVISION»=0602
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.
Вставьте его в ваше следующее сообщение и приложите свежий RSIT лог.

[Georgina]

Здравствуйте.
Спасибо за отклик!
Вот лог после сканикования Malwarebytes Anti-malware:
Malwarebytes’ Anti-Malware 1.41
Версия базы данных: 2945
Windows 5.1.2600 Service Pack 2

12.10.2009 19:24:25
mbam-log-2009-10-12 (19-24-25).txt

Тип проверки: Полная (C:|D:|E:|F:|G:|M:|)
Проверено объектов: 127943
Прошло времени: 11 minute(s), 10 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 19
Заражено значений реестра: 8
Заражено параметров реестра: 4
Заражено папок: 1
Заражено файлов: 16

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
HKEY_CLASSES_ROOTconnectionservices.connectionservices (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTconnectionservices.connectionservices.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppID{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{54645654-2225-4455-44a1-9f4543d34546} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{33331111-1131-1111-1111-611111193428} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREConnectionServices (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrundll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetEnumRootLEGACY_ZZZdrv_lich (Rootkit.Agent) -> Quarantined and deleted successfully.

Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadsystemcheck2 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl Paneldon’t loadscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl Paneldon’t loadwscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunsvchost (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunRegedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunAntivirus Pro 2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunmserv (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Заражено параметров реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell (Hijack.Shell) -> Bad: (Explorer.exe work.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Заражено папок:
E:Program FilesConnectionServices (Trojan.BHO) -> Quarantined and deleted successfully.

Заражено файлов:
E:Program FilesConnectionServicesConnectionServices.dll (Trojan.BHO) -> Quarantined and deleted successfully.
E:Program FilesConnectionServicesUninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
E:WINDOWSufdata2000.log (Malware.Trace) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyApplication Datawiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
E:Program FilesInternet Explorersetupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
E:WINDOWSsystem322.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
E:WINDOWSsystem32form.txt (Malware.Trace) -> Quarantined and deleted successfully.
E:WINDOWSsystem32lich.dat (Stolen.data) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyLocal SettingsTemptmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyLocal SettingsTemptmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyLocal SettingsTemptmpwr4 (Rogue.Installer) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyLocal SettingsTemptmpwr5 (Rogue.Installer) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyLocal SettingsTemptmpwr6 (Rogue.Installer) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyLocal SettingsTemptmpwr7 (Rogue.Installer) -> Quarantined and deleted successfully.
E:WINDOWSTempwpv321253926400.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:Documents and SettingsSergeyoashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

[Georgina]

И добавляю новый лог RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Sergey at 2009-10-12 19:34:00
Microsoft Windows XP Professional Service Pack 2
System drive E: has 2 GB (9%) free of 20 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:04, on 12.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSATKKBService.exe
E:WINDOWSsystem32CTsvcCDA.EXE
E:Program FilesESETESET NOD32 Antivirusekrn.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32rundll32.exe
E:WINDOWSsystem32msiexec.exe
E:WINDOWSsystem32wuauclt.exe
E:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:PROGRA~1TWINTO~1MouseElf.EXE
E:Program FilesDAEMON Toolsdaemon.exe
E:Program FilesQuickTimeqttask.exe
E:Program FilesPanasonicUSB GEARDECTWinApp.exe
E:Program FilesHPHP Software UpdateHPWuSchd2.exe
E:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe
E:Program FilesESETESET NOD32 Antivirusegui.exe
E:Program FilesWinampwinampa.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesCreativeMediaSourceDetectorCTDetect.exe
C:Program FilesASUSSmartDoctorSmartDoctor.exe
E:Program FilesMessengermsmsgs.exe
E:Program FilesMicrosoft ActiveSyncwcescomm.exe
E:Program FilesuTorrentuTorrent.exe
E:Program FilesTwinTouch LuxeMateEMouse.exe
E:Program FilesAdobeReader 8.0Readerreader_sl.exe
E:Program FilesHPDigital Imagingbinhpqtra08.exe
E:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
E:PROGRA~1MICROS~3rapimgr.exe
E:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
E:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
E:Program FilesHPDigital ImagingbinhpqSTE08.exe
E:WINDOWSPCHealthHelpCtrBinariesHelpCtr.exe
E:Documents and SettingsSergeyDesktopRSIT.exe
E:WINDOWSPCHealthHelpCtrBinariesHelpSvc.exe
E:Program Filestrend microSergey.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — E:Program FilesHPSmart Web Printinghpswp_printenhancer.dll
O2 — BHO: HP Print Clips — {053F9267-DC04-4294-A72C-58F732D338C0} — E:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RuPass module — {954A0637-9147-4b5e-964E-9F20E58FC29D} — E:Program FilesRuPassRuPass.dll
O2 — BHO: MyCentria Internet Mate v2.3 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — E:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL (file missing)
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — E:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: Pochta.ru — {413F641E-1E05-49A1-B066-70692CE31165} — E:Program FilesPochtaRuPochtaBarpochtabar.dll
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — E:Program FilesCanonEasy-WebPrintToolband.dll
O4 — HKLM..Run: [CTSysVol] E:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [mouseElf] E:PROGRA~1TWINTO~1MouseElf.EXE
O4 — HKLM..Run: [DAEMON Tools] «E:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [QuickTime Task] «E:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [DECTWinApp] «E:Program FilesPanasonicUSB GEARDECTWinApp.exe» /S
O4 — HKLM..Run: [HP Software Update] E:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [NexusServer] «E:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe» -SelfLaunch
O4 — HKLM..Run: [egui] «E:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [WinampAgent] «E:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «E:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [CTFMON.EXE] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Creative Detector] E:Program FilesCreativeMediaSourceDetectorCTDetect.exe /R
O4 — HKCU..Run: [ASUS SmartDoctor] C:Program FilesASUSSmartDoctorSmartDoctor.exe /start
O4 — HKCU..Run: [MSMSGS] «E:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [updateMgr] E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_5
O4 — HKCU..Run: [H/PC Connection Agent] «E:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [uTorrent] «E:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [mswindws] mssql.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: Bluetooth Manager.lnk = ?
O4 — Global Startup: HP Digital Imaging Monitor.lnk = E:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://E:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Найти с помощью Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — E:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — E:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — E:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra button: (no name) — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Альбом клипов HP — {58ECB495-38F0-49cb-A538-10282ABF65E7} — E:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 — Extra button: Расширенный выбор HP — {700259D7-1666-479a-93B1-3250410481E8} — E:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — E:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O16 — DPF: {33331111-1234-1111-1111-615111193427} — http://www.www2.p0rt2.com/files/epl165bd.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — E:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: arm32reg — E:Documents and SettingsAll UsersDocumentsSettingsarm32.dll (file missing)
O23 — Service: Adobe LM Service — Adobe Systems — E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: ATK Keyboard Service (ATKKeyboardService) — ASUSTeK COMPUTER INC. — E:WINDOWSATKKBService.exe
O23 — Service: Creative Service for CDROM Access — Creative Technology Ltd — E:WINDOWSsystem32CTsvcCDA.EXE
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — E:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — E:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: NBService — Nero AG — E:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: SpIDer Guard for Windows NT (spidernt) — Doctor Web, Ltd. — E:PROGRA~1DrWebSpiderNT.exe
O23 — Service: stllssvr — MicroVision Development, Inc. — E:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O24 — Desktop Component 0: (no name) — http://www.onvelo.ru/img/dot.gif

—
End of file — 10648 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — E:Program FilesHPSmart Web Printinghpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips — E:Program FilesHPSmart Web Printinghpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{954A0637-9147-4b5e-964E-9F20E58FC29D}]
RuPass Class — E:Program FilesRuPassRuPass.dll [2007-05-30 45056]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.3 — E:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — E:Program FilesRambler AssistantramblertoolbarU0.dll [2007-08-01 800240]
{413F641E-1E05-49A1-B066-70692CE31165} — Pochta.ru — E:Program FilesPochtaRuPochtaBarpochtabar.dll [2007-07-28 132867]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — E:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«CTSysVol»=E:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe [2005-02-15 57344]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2006-02-13 7557120]
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2006-02-13 86016]
«mouseElf»=E:PROGRA~1TWINTO~1MouseElf.EXE [2004-08-26 192512]
«DAEMON Tools»=E:Program FilesDAEMON Toolsdaemon.exe [2005-12-10 133016]
«QuickTime Task»=E:Program FilesQuickTimeqttask.exe [2006-08-11 77824]
«DECTWinApp»=E:Program FilesPanasonicUSB GEARDECTWinApp.exe [2005-07-26 3211264]
«HP Software Update»=E:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«NexusServer»=E:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe [2007-03-26 389120]
«egui»=E:Program FilesESETESET NOD32 Antivirusegui.exe [2009-05-14 2029640]
«WinampAgent»=E:Program FilesWinampwinampa.exe [2009-07-01 37888]
«UserFaultCheck»=E:WINDOWSsystem32dumprep 0 -u []
«Malwarebytes Anti-Malware (reboot)»=E:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=E:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«Creative Detector»=E:Program FilesCreativeMediaSourceDetectorCTDetect.exe [2004-12-02 102400]
«ASUS SmartDoctor»=C:Program FilesASUSSmartDoctorSmartDoctor.exe [2006-02-21 1073152]
«MSMSGS»=E:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]
«updateMgr»=E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_5 []
«H/PC Connection Agent»=E:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]
«uTorrent»=E:Program FilesuTorrentuTorrent.exe [2009-07-14 288048]
«mswindws»=mssql.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDrWebScheduler]
E:Program FilesDrWebDRWEBSCD.EXE [2007-02-28 124416]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
E:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
E:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregP17Helper]
Rundll32 P17.dll,P17Helper []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerMail]
E:Program FilesDrWebspiderml.exe [2007-02-28 163832]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerNT]
E:PROGRA~1DrWebspidernt.exe [2006-05-02 118784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdReg]
E:WINDOWSUpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderE:^Documents and Settings^Sergey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
E:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2005-03-16 113664]

E:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk — E:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
Bluetooth Manager.lnk — E:Program FilesToshibaBluetooth Toshiba StackTosBtMng1.exe
HP Digital Imaging Monitor.lnk — E:Program FilesHPDigital Imagingbinhpqtra08.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyarm32reg]
E:Documents and SettingsAll UsersDocumentsSettingsarm32.dll []

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer»
«E:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»E:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«E:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»E:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«E:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»E:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«E:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»E:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«E:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»E:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«E:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»E:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2869fd2b-ac2c-11dd-8146-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6105c68a-ee75-11dc-8045-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7847d594-9b99-11de-8289-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c0c8713b-bd27-11dd-816b-0016768e85e2}]
shellAutocommand — K:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f0e8fb50-c247-11dd-817b-0016768e85e2}]
shellAutocommand — I:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f1c1757a-7066-11de-8249-0016768e85e2}]
shellAutocommand — L:printer.exe
shellAutoRuncommand — E:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

======File associations======

.scr — open — «%1» /S «%3»

======List of files/folders created in the last 1 months======

2009-10-12 19:33:25 —-D—- E:WINDOWSLastGood
2009-10-12 19:08:56 —-D—- E:Documents and SettingsSergeyApplication DataMalwarebytes
2009-10-12 19:08:50 —-D—- E:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-10-12 19:08:49 —-D—- E:Program FilesMalwarebytes’ Anti-Malware
2009-10-08 22:49:05 —-A—- E:WINDOWSmauninst.exe
2009-10-08 22:48:59 —-D—- E:Program FilesMedia Art
2009-10-07 21:48:18 —-A—- E:WINDOWSsystem32rmoc3260.dll
2009-10-07 21:48:17 —-A—- E:WINDOWSsystem32pndx5032.dll
2009-10-07 21:48:17 —-A—- E:WINDOWSsystem32pndx5016.dll
2009-10-07 21:47:18 —-A—- E:WINDOWSsystem32unrar.dll
2009-10-07 21:47:16 —-A—- E:WINDOWSavisplitter.ini
2009-10-07 21:46:58 —-A—- E:WINDOWSsystem32yv12vfw.dll
2009-10-07 21:46:57 —-A—- E:WINDOWSsystem32xvidvfw.dll
2009-10-07 21:46:57 —-A—- E:WINDOWSsystem32xvidcore.dll
2009-10-07 21:46:56 —-A—- E:WINDOWSsystem32qt-dx331.dll
2009-10-07 21:46:56 —-A—- E:WINDOWSsystem32dpl100.dll
2009-10-07 21:46:38 —-A—- E:WINDOWSsystem32divx.dll
2009-10-07 21:46:33 —-A—- E:WINDOWSsystem32ff_vfw.dll.manifest
2009-10-07 21:46:33 —-A—- E:WINDOWSsystem32ff_vfw.dll
2009-10-07 21:46:28 —-D—- E:Program FilesK-Lite Codec Pack
2009-10-07 21:46:28 —-D—- E:Documents and SettingsSergeyApplication DataReal
2009-10-07 21:46:28 —-D—- E:Documents and SettingsAll UsersApplication DataReal
2009-10-07 15:19:06 —-N—- E:WINDOWSsystem32pxsfs.dll
2009-10-07 15:19:06 —-N—- E:WINDOWSsystem32pxafs.dll
2009-10-02 22:14:17 —-D—- E:Documents and SettingsSergeyApplication DataMedia Player Classic
2009-09-30 20:35:52 —-D—- E:Documents and SettingsAll UsersApplication DataESET
2009-09-30 19:50:47 —-D—- E:Program Filestrend micro
2009-09-30 19:50:46 —-D—- E:rsit
2009-09-30 10:01:50 —-A—- E:Documents and SettingsSergeyApplication Dataixijys.vbs
2009-09-30 10:01:50 —-A—- E:Documents and SettingsAll UsersApplication Dataaxicipiw.com
2009-09-29 21:46:19 —-A—- E:WINDOWSsystem32tuzijoj.dll
2009-09-29 21:46:19 —-A—- E:WINDOWSmosuzyf.exe
2009-09-29 21:46:19 —-A—- E:Program FilesCommon Filesbawu.exe
2009-09-29 21:46:19 —-A—- E:Documents and SettingsAll UsersApplication Datazyranohu.bat
2009-09-29 21:46:19 —-A—- E:Documents and SettingsAll UsersApplication Dataydivupero.vbs
2009-09-29 21:46:19 —-A—- E:Documents and SettingsAll UsersApplication Datafaxyh.bat
2009-09-29 20:31:01 —-D—- E:VKLife

======List of files/folders modified in the last 1 months======

2009-10-12 19:33:43 —-D—- E:Documents and SettingsSergeyApplication DatauTorrent
2009-10-12 19:33:36 —-RSHD—- E:WINDOWSsystem32dllcache
2009-10-12 19:33:31 —-D—- E:WINDOWSsystem32
2009-10-12 19:33:28 —-D—- E:WINDOWSsystem32drivers
2009-10-12 19:33:25 —-D—- E:WINDOWS
2009-10-12 19:32:11 —-D—- E:WINDOWSTemp
2009-10-12 19:32:07 —-HD—- E:WINDOWSinf
2009-10-12 19:32:00 —-SHD—- E:WINDOWSInstaller
2009-10-12 19:32:00 —-HD—- E:Config.Msi
2009-10-12 19:31:10 —-D—- E:WINDOWSsystem32CatRoot2
2009-10-12 19:29:49 —-A—- E:WINDOWSSchedLgU.Txt
2009-10-12 19:24:25 —-D—- E:Program FilesInternet Explorer
2009-10-12 19:24:25 —-D—- E:Program Files
2009-10-12 19:08:56 —-D—- E:WINDOWSPrefetch
2009-10-12 15:12:11 —-A—- E:WINDOWSNeroDigital.ini
2009-10-11 14:42:34 —-D—- E:Program FilesDrWeb
2009-10-08 07:50:59 —-D—- E:Program FilesICQToolbar
2009-10-07 21:45:06 —-D—- E:Program FilesXviD
2009-10-07 15:20:50 —-D—- E:Program FilesWinamp
2009-10-07 15:17:20 —-A—- E:WINDOWSBorisRED3.0.ini
2009-10-07 15:16:05 —-A—- E:WINDOWSwinamp.ini
2009-09-30 21:33:16 —-D—- E:Documents and SettingsSergeyApplication DataSkype
2009-09-30 20:55:52 —-D—- E:Program FilesMyCentria
2009-09-30 20:35:52 —-D—- E:Program FilesESET
2009-09-30 16:03:46 —-D—- E:Documents and SettingsSergeyApplication DataskypePM
2009-09-30 12:15:35 —-D—- E:Program FilesApollo Versatile Burner
2009-09-30 10:01:50 —-D—- E:Program FilesCommon Files
2009-09-29 23:33:00 —-SD—- E:WINDOWSTasks
2009-09-28 23:37:15 —-D—- E:Documents and SettingsSergeyApplication DataAdobe
2009-09-19 10:37:53 —-A—- E:WINDOWSwin.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; E:WINDOWSsystem32driversatkkbnt.sys [2005-10-18 11008]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT; E:WINDOWSsystem32driversdrwebnet.sys [2005-10-17 5856]
R1 ehdrv;ehdrv; E:WINDOWSsystem32DRIVERSehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; E:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-05-14 94360]
R1 intelppm;Intel Processor Driver; E:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; E:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-04 14848]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; E:WINDOWSsystem32DRIVERStcpip6.sys [2004-08-04 223616]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; E:WINDOWSSystem32Driverstosrfcom.sys [2004-10-04 62799]
R2 cnmpar21;C; ??E:Documents and SettingsAll UsersApplication DataCanonBJIJPrinterCNMWINDOWSCanon iP5200 InstallerInst2cnmpar21.sys []
R2 eamon;eamon; E:WINDOWSsystem32DRIVERSeamon.sys [2009-05-14 114472]
R2 EIO;EIO; ??E:WINDOWSsystem32driversEIO.sys []
R2 Hardlock;Hardlock; ??E:WINDOWSsystem32drivershardlock.sys []
R3 Arp1394;1394 ARP Client Protocol; E:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-04 60800]
R3 CCDECODE;Closed Caption Decoder; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
R3 ctsfm2k;Creative SoundFont Management Device Driver; E:WINDOWSsystem32DRIVERSctsfm2k.sys [2005-01-10 138752]
R3 dtscsi;dtscsi; E:WINDOWSSystem32Driversdtscsi.sys [2006-07-22 223128]
R3 E100B;Intel(R) PRO Network Connection Driver; E:WINDOWSsystem32DRIVERSe100b325.sys [2005-03-05 157696]
R3 genmcmnUSB;USB Scroll Mouse Driver; E:WINDOWSsystem32DRIVERSgflmouhid.sys [2004-04-19 6656]
R3 hidusb;Microsoft HID Class Driver; E:WINDOWSsystem32DRIVERShidusb.sys [2004-08-04 9600]
R3 MODEMCSA;Unimodem Streaming Filter Device; E:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; E:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-04 12160]
R3 NABTSFEC;NABTS/FEC VBI Codec; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
R3 NdisIP;Microsoft TV/Video Connection; E:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
R3 NIC1394;1394 Net Driver; E:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-04 61824]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-02-13 3642784]
R3 ossrv;Creative OS Services Driver; E:WINDOWSsystem32DRIVERSctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; E:WINDOWSsystem32driversP17.sys [2005-07-07 1389056]
R3 pfc;Padus ASPI Shell; E:WINDOWSsystem32driverspfc.sys [2005-11-02 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:WINDOWSSystem32DriversRootMdm.sys [2004-08-04 5888]
R3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
R3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
R3 tosporte;Bluetooth Port Driver from Toshiba; E:WINDOWSsystem32DRIVERStosporte.sys [2005-03-14 47230]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:WINDOWSsystem32DRIVERStunmp.sys [2004-08-04 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; E:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; E:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WSTCODEC;World Standard Teletext Codec; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S2 nvcap;nVidia WDM Video Capture (universal); E:WINDOWSsystem32DRIVERSnvcap.sys [2005-01-31 141246]
S2 SPIDER;SpIDer FS Monitor for Windows NT; ??E:PROGRA~1DrWebspider.sys []
S3 61883;61883 Unit Device; E:WINDOWSsystem32DRIVERS61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; E:WINDOWSsystem32DRIVERSavc.sys [2004-08-03 38912]
S3 genmcmn;Scroll Mouse Driver; E:WINDOWSsystem32DRIVERSgmfiltr.sys [2004-05-12 8064]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:WINDOWSsystem32DRIVERSHPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:WINDOWSsystem32DRIVERSHPZius12.sys [2007-03-08 21568]
S3 MSDV;Microsoft DV Camera and VCR; E:WINDOWSsystem32DRIVERSmsdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 PanasonicDECT-USBGEAR;Panasonic USB GEAR Driver; E:WINDOWSSystem32Driverspccusbdd.sys [2005-05-27 47712]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; E:WINDOWSsystem32driversToshidpt.sys [2002-10-16 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; E:WINDOWSSystem32Driverstosrfbd.sys [2005-03-08 98560]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; E:WINDOWSSystem32Driverstosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; E:WINDOWSsystem32DRIVERSTosrfhid.sys [2004-11-15 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; E:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; E:WINDOWSsystem32driversTosRfSnd.sys [2004-12-15 50048]
S3 Tosrfusb;Bluetooth USB Controller; E:WINDOWSSystem32Driverstosrfusb.sys [2004-12-21 34816]
S3 usb_rndisx;USB RNDIS Adapter; E:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 usbprint;Microsoft USB PRINTER Class; E:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; E:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; E:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; E:WINDOWSsystem32DRIVERSsr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; E:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 ATKKeyboardService;ATK Keyboard Service; E:WINDOWSATKKBService.exe [2005-10-18 241152]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; E:WINDOWSsystem32CTsvcCDA.EXE [1999-12-13 44032]
R2 ekrn;ESET Service; E:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-05-14 731840]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; E:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; E:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2006-02-13 143426]
R2 Pml Driver HPZ12;Pml Driver HPZ12; E:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; E:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 hpqcxs08;hpqcxs08; E:WINDOWSsystem32svchost.exe [2004-08-04 14336]
S2 spidernt;SpIDer Guard for Windows NT; E:PROGRA~1DrWebSpiderNT.exe [2006-05-02 118784]
S3 Adobe LM Service;Adobe LM Service; E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2006-07-22 72704]
S3 EhttpSrv;ESET HTTP Server; E:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-05-14 20680]
S3 NBService;NBService; E:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-06-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; E:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; E:Program FilesCommon FilesSureThing Sharedstllssvr.exe [2007-05-03 74656]

---

EOF

---

[Admin]

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[Georgina]

Добрый день!
Вот лог:
ComboFix 09-10-13.04 — Sergey 14.10.2009 22:48.1.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1022.436 [GMT 4:00]
Running from: D:ComboFix.exe
Command switches used :: D:WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Outdated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:documents and settingsAll Users.documentssettings
e:documents and settingsAll Users.documentssettingsdesktop.ini
e:documents and settingsAll Users.documentssettingsDesktop_.ini
e:documents and settingsAll UsersApplication Dataatus.lib
e:documents and settingsAll UsersApplication Dataaxicipiw.com
e:documents and settingsAll UsersApplication Dataebujyjidu._sy
e:documents and settingsAll UsersApplication Dataeqojozy.scr
e:documents and settingsAll UsersApplication Datafaxyh.bat
e:documents and settingsAll UsersApplication Datavebot._sy
e:documents and settingsAll UsersApplication Dataydivupero.vbs
e:documents and settingsAll UsersApplication Datazusidop._sy
e:documents and settingsAll UsersApplication Datazyranohu.bat
e:documents and settingsAll UsersDocumentsAdobe PDFDesktop_.ini
e:documents and settingsAll UsersDocumentsAdobe PDFExtrasDesktop_.ini
e:documents and settingsAll UsersDocumentsAdobe PDFSettingsDesktop_.ini
e:documents and settingsAll UsersDocumentsbyzejytyqu._dl
e:documents and settingsAll UsersDocumentshaxa._sy
e:documents and settingsAll UsersDocumentsMy MusicДискDesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicDesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicMy PlaylistsDesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicSample MusicDesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicSample Playlists00DA27ADesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicSample PlaylistsDesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicSync Playlists008436ADesktop_.ini
e:documents and settingsAll UsersDocumentsMy MusicSync PlaylistsDesktop_.ini
e:documents and settingsAll UsersDocumentsMy PicturesDesktop_.ini
e:documents and settingsAll UsersDocumentsMy PicturesSample PicturesDesktop_.ini
e:documents and settingsAll UsersDocumentsMy VideosDesktop_.ini
e:documents and settingsAll UsersDocumentsqyracuq.vbs
e:documents and settingsAll UsersDocumentsSettingsDesktop_.ini
e:documents and settingsSergeyApplication Dataamydy.lib
e:documents and settingsSergeyApplication Dataixijys.vbs
e:documents and settingsSergeyApplication Datawiaserva.log
e:documents and settingsSergeyCookiesnubamerulo.inf
e:documents and settingsSergeyCookiesvuhupi.dll
e:documents and settingsSergeyCookiesycefeb.ban
e:documents and settingsSergeyLocal SettingsApplication Dataajijyt._dl
e:documents and settingsSergeyLocal SettingsApplication Dataecuva.com
e:documents and settingsSergeyLocal SettingsApplication Datahadace.bin
e:documents and settingsSergeyLocal SettingsApplication Datakidajo._dl
e:documents and settingsSergeyLocal SettingsApplication Dataonolyje.dll
e:documents and settingsSergeyLocal SettingsApplication Dataqusuci.sys
e:documents and settingsSergeyLocal SettingsApplication Dataycyl.dl
e:documents and settingsSergeyLocal SettingsApplication Datayjyqa._sy
e:documents and settingsSergeyLocal SettingsTemporary Internet Filesabicel.reg
e:documents and settingsSergeyLocal SettingsTemporary Internet Filesdufinah.sys
e:documents and settingsSergeyLocal SettingsTemporary Internet Filesduko.sys
e:documents and settingsSergeyLocal SettingsTemporary Internet Filesmyqer.ban
e:documents and settingsSergeyLocal SettingsTemporary Internet Filesosare.bat
e:documents and settingsSergeyLocal SettingsTemporary Internet Filespyzy.lib
e:documents and settingsSergeyLocal SettingsTemporary Internet Filessarygu.dat
e:documents and settingsSergeyLocal SettingsTemporary Internet Filesvycy.bat
e:documents and settingsSergeyStart MenuProgramsStartupikowin32.exe
e:program filesCommon Filesbawu.exe
e:program filesCommon Filestekonix.dl
e:program filesCommon Fileswajyduga._sy
e:program filesMyCentria
e:program filesRuPassRuPAss.dll
e:windowsanapo._sy
e:windowscewugubej.ban
e:windowselykuka.inf
e:windowsfosywo.ban
e:windowsfygiwul._dl
e:windowsimulyqetor.bin
e:windowsluvusugeh.dl
e:windowsmosuzyf.exe
e:windowssystem32AutoRun.inf
e:windowssystem32cowugu.ban
e:windowssystem32Data
e:windowssystem32hyjanukuk.reg
e:windowssystem32oqizivylaj.dl
e:windowssystem32pyvuwohiwy.bin
e:windowssystem32tuzijoj.dll
e:windowssystem32weqyzy.bin
e:windowssystem32wylyv.dl
e:windowsucizodetod.pif

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 10:43 . 2009-10-14 10:43

---

d

---

w- e:windowsLastGood
2009-10-12 15:08 . 2009-10-12 15:08

---

d

---

w- e:documents and settingsSergeyApplication DataMalwarebytes
2009-10-12 15:08 . 2009-09-10 10:54 38224 —-a-w- e:windowssystem32driversmbamswissarmy.sys
2009-10-12 15:08 . 2009-10-12 15:08

---

d

---

w- e:documents and settingsAll UsersApplication DataMalwarebytes
2009-10-12 15:08 . 2009-09-10 10:53 19160 —-a-w- e:windowssystem32driversmbam.sys
2009-10-12 15:08 . 2009-10-12 15:08

---

d

---

w- e:program filesMalwarebytes’ Anti-Malware
2009-10-08 18:49 . 2002-06-05 16:41 313856 —-a-w- e:windowsmauninst.exe
2009-10-08 18:48 . 2009-10-08 18:48

---

d

---

w- e:program filesMedia Art
2009-10-07 17:47 . 2007-09-04 16:56 164352 —-a-w- e:windowssystem32unrar.dll
2009-10-07 17:46 . 2004-01-25 16:18 217088 —-a-w- e:windowssystem32yv12vfw.dll
2009-10-07 17:46 . 2008-01-10 12:16 159839 —-a-w- e:windowssystem32xvidvfw.dll
2009-10-07 17:46 . 2008-01-10 12:15 755027 —-a-w- e:windowssystem32xvidcore.dll
2009-10-07 17:46 . 2008-07-25 08:34 81920 —-a-w- e:windowssystem32dpl100.dll
2009-10-07 17:46 . 2008-07-23 16:50 3596288 —-a-w- e:windowssystem32qt-dx331.dll
2009-10-07 17:46 . 2008-07-25 08:34 683520 —-a-w- e:windowssystem32divx.dll
2009-10-07 17:46 . 2008-06-12 18:36 7680 —-a-w- e:windowssystem32ff_vfw.dll
2009-10-07 17:46 . 2009-10-07 17:46

---

d

---

w- e:program filesK-Lite Codec Pack
2009-10-07 17:46 . 2009-10-07 17:46

---

d

---

w- e:documents and settingsSergeyLocal SettingsApplication DataReal
2009-10-07 11:19 . 2009-04-28 20:20 9200

---

w- e:windowssystem32driverscdralw2k.sys
2009-10-07 11:19 . 2009-04-28 20:20 9072

---

w- e:windowssystem32driverscdr4_xp.sys
2009-10-07 11:19 . 2009-04-28 20:20 129520

---

w- e:windowssystem32pxafs.dll
2009-10-02 18:14 . 2009-10-02 18:15

---

d

---

w- e:documents and settingsSergeyApplication DataMedia Player Classic
2009-09-30 17:40 . 2009-09-30 17:40

---

d

---

w- e:documents and settingsLocalServiceLocal SettingsApplication DataESET
2009-09-30 16:37 . 2009-09-30 16:37

---

d

---

w- e:documents and settingsSergeyLocal SettingsApplication DataESET
2009-09-30 16:35 . 2009-09-30 16:35

---

d

---

w- e:documents and settingsAll UsersApplication DataESET
2009-09-30 15:50 . 2009-10-12 15:34

---

d

---

w- e:program filestrend micro
2009-09-30 15:50 . 2009-09-30 15:51

---

d

---

w- E:rsit
2009-09-30 06:01 . 2009-09-30 06:01 19956 —-a-w- e:windowskalujor.dat
2009-09-30 06:01 . 2009-09-30 06:01 19763 —-a-w- e:windowssystem32mufe.dat
2009-09-29 16:31 . 2009-09-29 16:34

---

d

---

w- E:VKLife

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 18:53 . 2007-06-03 15:52

---

d

---

w- e:program filesRuPass
2009-10-14 18:48 . 2009-07-01 12:10

---

d

---

w- e:documents and settingsSergeyApplication DatauTorrent
2009-10-11 10:42 . 2007-05-01 08:38

---

d

---

w- e:program filesDrWeb
2009-10-08 03:50 . 2008-10-27 20:53

---

d

---

w- e:program filesICQToolbar
2009-10-07 17:45 . 2006-07-22 17:18

---

d

---

w- e:program filesXviD
2009-10-07 11:20 . 2007-10-13 14:22

---

d

---

w- e:program filesWinamp
2009-09-30 17:33 . 2009-08-10 15:18

---

d

---

w- e:documents and settingsSergeyApplication DataSkype
2009-09-30 16:35 . 2007-05-29 12:51

---

d

---

w- e:program filesESET
2009-09-30 12:03 . 2009-08-10 15:23

---

d

---

w- e:documents and settingsSergeyApplication DataskypePM
2009-09-30 08:15 . 2006-07-28 04:00

---

d

---

w- e:program filesApollo Versatile Burner
2009-09-30 06:01 . 2009-09-30 06:01 15799 —-a-w- e:program filesCommon Filesibil.db
2009-09-29 17:46 . 2009-09-29 17:46 16338 —-a-w- e:documents and settingsSergeyApplication Datavecu.dat
2009-09-19 06:41 . 2008-03-08 11:46 155444 —-a-w- e:windowshpoins21.dat
2009-08-10 15:23 . 2009-08-10 15:23 56 —ha-w- e:windowssystem32ezsidmv.dat
2007-08-31 19:52 . 2007-08-31 19:28 80 —sh—r- e:windowssystem32791A2E0CD2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{413F641E-1E05-49A1-B066-70692CE31165}»= «e:program filesPochtaRuPochtaBarpochtabar.dll» [2007-07-28 132867]

[HKEY_CLASSES_ROOTclsid{413f641e-1e05-49a1-b066-70692ce31165}]
[HKEY_CLASSES_ROOTPochtaBar.PochtaToolBar.1]
[HKEY_CLASSES_ROOTTypeLib{25736CC3-F79A-4216-9BBC-005F5F8D24B4}]
[HKEY_CLASSES_ROOTPochtaBar.PochtaToolBar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{413F641E-1E05-49A1-B066-70692CE31165}»= «e:program filesPochtaRuPochtaBarpochtabar.dll» [2007-07-28 132867]

[HKEY_CLASSES_ROOTclsid{413f641e-1e05-49a1-b066-70692ce31165}]
[HKEY_CLASSES_ROOTPochtaBar.PochtaToolBar.1]
[HKEY_CLASSES_ROOTTypeLib{25736CC3-F79A-4216-9BBC-005F5F8D24B4}]
[HKEY_CLASSES_ROOTPochtaBar.PochtaToolBar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Creative Detector»=»e:program filesCreativeMediaSourceDetectorCTDetect.exe» [2004-12-02 102400]
«ASUS SmartDoctor»=»c:program filesASUSSmartDoctorSmartDoctor.exe» [2006-02-21 1073152]
«MSMSGS»=»e:program filesMessengermsmsgs.exe» [2004-08-03 1667584]
«H/PC Connection Agent»=»e:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000]
«uTorrent»=»e:program filesuTorrentuTorrent.exe» [2009-07-14 288048]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»e:windowssystem32dumprep 0 -u» [X]
«CTSysVol»=»e:program filesCreativeSBAudigySurround MixerCTSysVol.exe» [2005-02-15 57344]
«NvCplDaemon»=»e:windowssystem32NvCpl.dll» [2006-02-13 7557120]
«NvMediaCenter»=»e:windowssystem32NvMcTray.dll» [2006-02-13 86016]
«mouseElf»=»e:progra~1TWINTO~1MouseElf.EXE» [2004-08-25 192512]
«DAEMON Tools»=»e:program filesDAEMON Toolsdaemon.exe» [2005-12-10 133016]
«QuickTime Task»=»e:program filesQuickTimeqttask.exe» [2006-08-11 77824]
«DECTWinApp»=»e:program filesPanasonicUSB GEARDECTWinApp.exe» [2005-07-26 3211264]
«HP Software Update»=»e:program filesHPHP Software UpdateHPWuSchd2.exe» [2007-03-11 49152]
«NexusServer»=»e:program filesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe» [2007-03-26 389120]
«egui»=»e:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640]
«WinampAgent»=»e:program filesWinampwinampa.exe» [2009-07-01 37888]
«Malwarebytes Anti-Malware (reboot)»=»e:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»e:windowssystem32CTFMON.EXE» [2004-08-04 15360]

e:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk — e:program filesAdobeReader 8.0Readerreader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk — e:program filesAdobeReader 8.0ReaderAdobeCollabSync.exe [2006-10-23 734872]
Bluetooth Manager.lnk — e:program filesToshibaBluetooth Toshiba StackTosBtMng1.exe [2004-12-21 45056]
HP Digital Imaging Monitor.lnk — e:program filesHPDigital Imagingbinhpqtra08.exe [2007-3-11 210520]

[HKLM~startupfolderE:^Documents and Settings^Sergey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=e:documents and settingsSergeyStart MenuProgramsStartupAdobe Gamma.lnk
backup=e:windowspssAdobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«e:program filesMicrosoft ActiveSyncrapimgr.exe»= e:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«e:program filesMicrosoft ActiveSyncwcescomm.exe»= e:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«e:program filesMicrosoft ActiveSyncWCESMgr.exe»= e:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;e:windowssystem32driversdrwebnet.sys [01.05.2007 12:38 5856]
R1 ehdrv;ehdrv;e:windowssystem32driversehdrv.sys [14.05.2009 15:47 107256]
R1 epfwtdir;epfwtdir;e:windowssystem32driversepfwtdir.sys [14.05.2009 15:49 94360]
R2 ekrn;ESET Service;e:program filesESETESET NOD32 Antivirusekrn.exe [14.05.2009 15:47 731840]
R3 genmcmnUSB;USB Scroll Mouse Driver;e:windowssystem32driversgflmouhid.sys [22.07.2006 20:54 6656]
S2 SPIDER;SpIDer FS Monitor for Windows NT;e:progra~1DrWebspider.sys [01.05.2007 12:38 310992]
S2 spidernt;SpIDer Guard for Windows NT;e:progra~1DrWebSpiderNT.exe [01.05.2007 12:38 118784]
S3 PanasonicDECT-USBGEAR;Panasonic USB GEAR Driver;e:windowssystem32driverspccusbdd.sys [25.12.2006 23:40 47712]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/
IE: &Экспорт в Microsoft Excel — e:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — e:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — e:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — e:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — e:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Найти с помощью Рамблера — e:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Опубликовать в Дневнике — e:program filesRambler AssistantramblertoolbarU0.dll/planet.htm
IE: Перевести с помощью словарей Рамблера — e:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
LSP: %SystemRoot%system32DRWEBSP.DLL
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-updateMgr — e:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe
AddRemove-MyCentria — e:program filesMyCentriaMyCentriaUninstall.exe
AddRemove-QIP2005 — g:qipunqip.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 22:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{BEB3C0C7-B648-4257-96D9-B5D024816E27}Version*Version]
«Version»=hex:d1,32,fe,13,63,f9,de,a3,c1,4d,5a,ee,3d,e8,3f,f4,c4,1e,5e,a0,ce,
36,bc,17,64,b0,f6,e9,5e,9c,f3,bc,74,47,27,6b,8b,89,a0,db,f1,ec,20,af,83,bb,

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker3″

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»

[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionInstallerUserDataLocalSystemComponentsђ•Ђ|яяяя»•Ђ|ю»Фw*]
«5E7CEC10DF0760D4F8DAFB12FDC06CCD»=»02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered»

[HKEY_LOCAL_MACHINEsoftwareMinnetonka Audio SoftwareSurCode Dolby Digital PremiereVersion*Version]
«Version»=hex:d1,32,fe,13,63,f9,de,a3,c1,4d,5a,ee,3d,e8,3f,f4,c4,1e,5e,a0,ce,
36,bc,17,64,b0,f6,e9,5e,9c,f3,bc,74,47,27,6b,8b,89,a0,db,f1,ec,20,af,83,bb,
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘lsass.exe'(916)
e:windowssystem32DRWEBSP.DLL
.
Completion time: 2009-10-14 22:56
ComboFix-quarantined-files.txt 2009-10-14 18:56

Pre-Run: 1 846 444 032 bytes free
Post-Run: 7 889 059 840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Professional» /noexecute=optin /fastdetect

266

[Admin]

Судя по логу у вас два антивируса. Вам необходимо удалить один.

Combofix подчистил компьютер. Лог выглядит нормально. Как сейчас работает компьютер ?

[Georgina]

Да, теперь все в порядке! Все сервисы в панеле управления открываются. Спасибо!!!
Но при попытке удалить антивирус доктор ВЭБ — комп выдает какое-то предупреждение (принт скрин вставила во вложение).
Нужно ли удалить те программы, которые были скачены для очистки и сканирования компьютера?

[Admin]

Но при попытке удалить антивирус доктор ВЭБ — комп выдает какое-то предупреждение (принт скрин вставила во вложение).

Не видно ничего 🙂 Попробуйте вставить скриншот ещё раз.

Удалите все программы, которые вы использовали в процессе лечения[/b], в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.

Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.

Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.

[Автор]

Сообщения