Помогите избавиться от ИНФОРМЕРА!

[Filin89]

Подскажите пожалуйста, что делать? Вот что выдал HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesVisualTaskTipsVisualTaskTips.exe
C:Program FilesDNAbtdna.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesMail.RuAgentmagent.exe
C:PROGRA~1AIMP2AIMP2.exe
C:WINDOWSexplorer.exe
C:Program FilesOperaopera.exe
C:Program Filestrend microHijackThisHijackThis.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: (no name) — {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} — C:WINDOWSsystem32awturRhG.dll (file missing)
O2 — BHO: (no name) — {125F9EE3-2C3E-48F9-8165-0C176796488F} — C:WINDOWSsystem32awtrPjgh.dll (file missing)
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: BP Data Feeder — {F3BA2A51-BB4F-4e22-AD0E-DFF956D5B672} — (no file)
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKCU..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — Startup: Авангард.lnk = ?
O4 — Startup: Интернет.lnk = ?
O4 — Global Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{C13D036B-737A-4D74-A2FF-41C314E8F012}: NameServer = 217.168.64.2 212.48.193.36
O17 — HKLMSystemCCSServicesTcpip..{FCFD7364-A537-414E-AFBA-6EE208C52082}: NameServer = 217.168.64.2
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 7140 bytes

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:

O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:WINDOWSsystem32awturRhG.dll (file missing)

O2 - BHO: (no name) - {125F9EE3-2C3E-48F9-8165-0C176796488F} - C:WINDOWSsystem32awtrPjgh.dll (file missing)

O2 - BHO: BP Data Feeder - {F3BA2A51-BB4F-4e22-AD0E-DFF956D5B672} - (no file)

Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.

Для дополнительной проверки скачайте сканер RSIT кликнув по этой ссылке.

Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).

Вставьте оба RSIT лога в ваш ответ.

[Filin89]

Информер всёравно остался(
Вот результаты сканирования RSIT:
info.txt logfile of random’s system information tool 1.04 2008-12-11 17:53:38

======Uninstall list======

—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
3D Инструктор. Учебный автосимулятор—>»C:Program Files3D Инструкторunins000.exe»
ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 10 Photo Manager—>MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop 7.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesAdobePhotoshop 7.0Uninst.isu» -c»C:Program FilesAdobePhotoshop 7.0Uninst.dll»
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AIMP2—>C:Program FilesAIMP2UnInstall.exe
AP Guitar Tuner 1.02—>C:WINDOWSuninst.exe -f»C:Program FilesAudio Phonics, Inc.AP Guitar Tuner 1.02DeIsL1.isu» -c»C:Program FilesAudio Phonics, Inc.AP Guitar Tuner 1.02_ISREG32.DLL»
AusLogics BoostSpeed—>»C:Program FilesAuslogicsAuslogics BoostSpeedunins000.exe»
AutoWorld 3D Garage 2.24—>»C:Program FilesStatusSoftAutoWorld 3D Garageunins000.exe»
Borland Delphi 7—>MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Canon i250—>C:WINDOWSsystem32CNMCP50.exe «-PRINTERNAMECanon i250» «-HELPERDLLC:BJPrinterCNMWINDOWSCanon i250 InstallerInst2cnmis.dll» «-RCDLLC:BJPrinterCNMWINDOWSCanon i250 InstallerInst2cnmi0419.dll»
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
CheMax Rus 7.0—>»C:Program FilesCheMaxRusunins000.exe»
CorelDRAW Graphics Suite X3—>MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DBF Viewer 2000 v1.89—>c:Program FilesUninstal.exe
Download Master version 5.5.6.1139—>»C:Program FilesDownload Masterunins000.exe»
ESET Smart Security—>MsiExec.exe /I{373EDBBD-6399-4B26-B403-D704814245ED}
Flatout 2—>»C:Program FilesBukaFlatout 2unins000.exe»
FontNav—>MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
GameSpy Arcade—>C:PROGRA~1GAMESP~1UNWISE.EXE C:PROGRA~1GAMESP~1INSTALL.LOG
GTAIII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D95063F0-94F5-446C-B000-01B91B89037C}Setup.exe» -l0x9
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
Kaspersky Anti-Hacker—>»C:Program FilesKaspersky LabKaspersky Anti-Hackeruninstall.exe»
K-Lite Codec Pack 3.6.5 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Агент 5.2 (сборка 2349, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.9—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (Russian)—>MsiExec.exe /X{95120000-00AF-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual J# 2.0 Redistributable Package—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft Visual J# 2.0 Redistributable Packageinstall.exe
Mustek 1200 UB Plus v2.0—>C:PROGRA~1MUSTEK~1DriverUNINST.EXE
Nero 7 Demo—>MsiExec.exe /I{C21EE5A0-B52E-5C0D-C94D-18BCB6EA1049}
NevoSoft Christmasville (remove only)—>»C:Program FilesИгрыChristmasvilleuninstall.exe»
NevoSoft Super Cow (remove only)—>»C:Program FilesИгрыSuper Cowuninstall.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite—>MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Opera 9.62—>MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
PC Connectivity Solution—>MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Peggle Deluxe 1.0—>C:Program FilesPopCap GamesPeggle DeluxePopUninstall.exe «C:Program FilesPopCap GamesPeggle DeluxeInstall.log»
Photoshop Russian Update—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{16EF687F-D2C3-4B17-9DBD-31113E833426}Setup.exe»
Picasa 2—>»C:Program FilesPicasa2Uninstall.exe»
Plugins for Opera—>»C:Program FilesDUHALABPluginunins000.exe»
Punto Switcher 2.96—>C:Program FilesPunto Switcheruninstall.exe
Punto Switcher 3.0—>C:Program FilesPunto Switcheruninstall.exe
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
Red Alert 3 1.00—>C:Program FilesElectronic ArtsRed Alert 3Uninstall.exe
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
Serious Sam 2—>C:GamesSERIOU~1UNWISE.EXE C:GamesSERIOU~1INSTALL.LOG
Shasoft eBook 4.0.3—>C:Program FilesShasoft eBook 4.xuninstall.exe
Unlocker 1.8.5—>C:Program FilesUnlockeruninst.exe
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Video Convert Master 8.0.10.25—>»C:Program FilesVideo Convert Masterunins000.exe»
Visual Task Tips 3.2—>C:Program FilesVisualTaskTipsuninst.exe
Windows Driver Package — Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8pccswpddriver.inf
Windows Driver Package — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Жёлтые страницы. Россия 2007—>C:Program FilesЖёлтые страницы. Россия. 2007uninst.exe
Пакет исправлений для Windows XP — KB884020—>C:WINDOWS$NtUninstallKB884020$spuninstspuninst.exe
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Птички на проводе—>C:Program FilesFishki.NetПтички на проводеuninstal.exe

======Security center information======

AV: ESET Smart Security 3.0
FW: Персональный файервол ESET
FW: Kaspersky Anti-Hacker

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesBorlandDelphi7Bin;C:Program FilesBorlandDelphi7ProjectsBpl;C:Program FilesPC Connectivity Solution
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 9, GenuineIntel
«PROCESSOR_REVISION»=0209
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Home at 2008-12-11 18:51:24
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (14%) free of 76 GB
Total RAM: 767 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesVisualTaskTipsVisualTaskTips.exe
C:Program FilesDNAbtdna.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesOperaOpera.exe
C:WINDOWSsystem32wuauclt.exe
C:PROGRA~1AIMP2AIMP2.exe
C:Documents and SettingsHomeРабочий столRSIT.exe
C:Program Filestrend microHijackThisHome.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKCU..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — Startup: Авангард.lnk = ?
O4 — Startup: Интернет.lnk = ?
O4 — Global Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{C13D036B-737A-4D74-A2FF-41C314E8F012}: NameServer = 217.168.64.2 212.48.193.36
O17 — HKLMSystemCCSServicesTcpip..{FCFD7364-A537-414E-AFBA-6EE208C52082}: NameServer = 217.168.64.2
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 6924 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-09-17 664264]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-09-17 664264]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-09-17 4412920]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2006-09-07 15872]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-06-10 1447168]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VisualTaskTips»=C:Program FilesVisualTaskTipsVisualTaskTips.exe [2008-03-09 61440]
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-11-15 342336]
«Rainlendar2″=C:Program FilesRainlendar2Rainlendar2.exe []
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-07 734504]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Kaspersky Anti-Hacker.lnk — C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe

C:Documents and SettingsHomeГлавное менюПрограммыАвтозагрузка
Авангард.lnk —
Интернет.lnk —

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE}»= []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDrives»=0
«NoDriveAutoRun»=67108863

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fbf269c0-55c1-11dd-9a51-00e04ccb7b3b}]
shellAutocommand — setup.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

======List of files/folders created in the last 1 months======

2008-12-11 17:52:59 —-D—- C:Program Filestrend micro
2008-12-11 17:52:58 —-D—- C:rsit
2008-12-11 17:41:00 —-D—- C:ComboFix
2008-12-11 17:35:50 —-D—- C:WINDOWStemp
2008-12-11 17:20:24 —-A—- C:WINDOWSsystem32CF1053.exe
2008-12-11 17:17:47 —-D—- C:WINDOWSERDNT
2008-12-09 16:30:31 —-D—- C:WINDOWSuscripts
2008-11-29 00:32:01 —-D—- C:Program FilesCommon FilesBorland Shared
2008-11-29 00:32:00 —-D—- C:Program FilesBorland
2008-11-16 16:04:16 —-D—- C:Program FilesElectronic Arts
2008-11-14 19:07:56 —-A—- C:WINDOWSsystem328b999a17-.txt
2008-11-14 17:53:30 —-D—- C:Program FilesESET
2008-11-14 17:16:02 —-D—- C:doc
2008-11-14 17:11:42 —-D—- C:Documents and SettingsHomeApplication DataESET

======List of files/folders modified in the last 1 months======

2008-12-11 18:50:21 —-D—- C:Program FilesAIMP2
2008-12-11 18:48:45 —-SHD—- C:System Volume Information
2008-12-11 18:48:45 —-D—- C:WINDOWSsystem32Restore
2008-12-11 18:48:44 —-D—- C:Program FilesDNA
2008-12-11 18:48:44 —-D—- C:Documents and SettingsHomeApplication DataDNA
2008-12-11 17:52:59 —-RD—- C:Program Files
2008-12-11 17:41:17 —-D—- C:WINDOWS
2008-12-11 17:41:12 —-D—- C:WINDOWSsystem32
2008-12-11 17:39:00 —-A—- C:WINDOWSsystem.ini
2008-12-11 17:38:24 —-D—- C:WINDOWSsystem32drivers
2008-12-11 17:36:33 —-D—- C:WINDOWSsystem32config
2008-12-11 17:34:33 —-HD—- C:Program FilesCommon Files
2008-12-11 17:34:33 —-D—- C:WINDOWSAppPatch
2008-12-11 17:34:07 —-SD—- C:WINDOWSTasks
2008-12-11 17:32:45 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-11 17:31:55 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-11 15:24:58 —-A—- C:WINDOWSNeroDigital.ini
2008-12-09 16:30:31 —-D—- C:WINDOWSPrefetch
2008-12-04 23:49:48 —-SD—- C:Documents and SettingsHomeApplication DataMicrosoft
2008-11-29 00:33:19 —-SHD—- C:WINDOWSInstaller
2008-11-29 00:32:46 —-SHD—- C:Config.Msi
2008-11-24 17:21:02 —-D—- C:Documents and SettingsHomeApplication DataVKLife
2008-11-14 17:54:44 —-HD—- C:WINDOWSinf
2008-11-14 16:58:30 —-D—- C:Program FilesWebMoney Advisor
2008-11-14 16:51:56 —-SHD—- C:RECYCLER
2008-11-14 13:58:09 —-D—- C:Program FilesDrWeb
2008-11-14 13:50:47 —-HD—- C:Program FilesInstallShield Installation Information
2008-11-13 18:53:49 —-D—- C:Documents and SettingsHomeApplication DataMra

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-06-10 53256]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-06-10 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2006-03-02 14848]
R1 Klif;Klif; C:WINDOWSSystem32driversklif.sys [2006-05-11 139024]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-06-10 71688]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-11-13 391680]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-11-13 481596]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-06-10 30728]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2006-03-02 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-03-02 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-03-03 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2006-03-02 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2006-03-02 31616]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2006-03-02 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-03-02 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-08-23 29440]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-18 17504]
S3 Intels51;Intel(R) 536EP Modem; C:WINDOWSsystem32DRIVERSIntels51.sys [2003-05-22 670203]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-10-10 12800]
S3 siusbmod;siusbmod; C:WINDOWSsystem32DRIVERSsiusbmod.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys [2002-10-24 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys [2002-10-31 10240]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-06-10 468224]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2006-03-02 14336]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-06-10 19200]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-01-04 136120]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]

---

EOF

---

[Admin]

Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.

Жду от ваc
— MBAM лог
— свежий RSIT лог
— есле после работы MBAM информер останется, то сообщите в каком браузере он появляется (проверяли ли вы в других)

[Filin89]

Вот как посоветовали удалить ИНФОРМЕР в опере… В итоге он удалился 😀
Знаю что не тот способ, но всё таки… Правильно ли это?
Открыть opera: Инструменты — Настройки — вкладка Дополнительно — раздел Содержимое — кнопка Настроить JavaScrypt… в строке «Папка пользовательских файлов JavaScrypt.. Удалить строку полностью. Желательно, также удалить из папки, указанной в строке «Папка пользовательских файлов JavaScrypt:» файлы с расширением js, или всю папку целиком.

MBAM лог
Malwarebytes’ Anti-Malware 1.31
Версия базы данных: 1489
Windows 5.1.2600 Service Pack 2

2008-12-11 22:51:15
mbam-log-2008-12-11 (19-55-30).txt

Тип проверки: Полная (C:|D:|E:|F:|)
Проверено объектов: 209715
Прошло времени: 2 hour(s), 46 minute(s), 57 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 10
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 1

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
HKEY_CLASSES_ROOTxvideoplugin.jetmimefiltr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetmimefiltr.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetvideoplugin (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxvideoplugin.jetvideoplugin.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{047d87fd-bfc5-4ac3-9ad3-acecc7b49016} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{8e569e70-9e91-4cf9-820c-99ddc3a05a0c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{8e569e70-9e91-4cf9-820c-99ddc3a05a0c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{befc54ba-36eb-4cfc-ba55-587361577a26} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{3a596471-ecbe-4aee-b543-79ae8c8ff7a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppID{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> Quarantined and deleted successfully.

Заражено значений реестра:
(Вредоносные программы не обнаружены)

Заражено параметров реестра:
(Вредоносные программы не обнаружены)

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
D:ПрогиОбои-АвтосменаToolSBTimeSync.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

— свежий RSIT лог
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Home at 2008-12-11 22:53:59
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (14%) free of 76 GB
Total RAM: 767 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesVisualTaskTipsVisualTaskTips.exe
C:Program FilesDNAbtdna.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesOperaOpera.exe
C:Program FilesAIMP2AIMP2.exe
C:Program Filestrend microHijackThisHijackThis.exe
C:WINDOWSsystem32notepad.exe
C:Documents and SettingsHomeРабочий столRSIT.exe
C:Program Filestrend microHijackThisHome.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKCU..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — Startup: Авангард.lnk = ?
O4 — Startup: Интернет.lnk = ?
O4 — Global Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{C13D036B-737A-4D74-A2FF-41C314E8F012}: NameServer = 217.168.64.2 212.48.193.36
O17 — HKLMSystemCCSServicesTcpip..{FCFD7364-A537-414E-AFBA-6EE208C52082}: NameServer = 217.168.64.2
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 6985 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-09-17 664264]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-09-17 664264]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-09-17 4412920]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2006-09-07 15872]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-06-10 1447168]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VisualTaskTips»=C:Program FilesVisualTaskTipsVisualTaskTips.exe [2008-03-09 61440]
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-11-15 342336]
«Rainlendar2″=C:Program FilesRainlendar2Rainlendar2.exe []
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-07 734504]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Kaspersky Anti-Hacker.lnk — C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe

C:Documents and SettingsHomeГлавное менюПрограммыАвтозагрузка
Авангард.lnk —
Интернет.lnk —

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE}»= []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fbf269c0-55c1-11dd-9a51-00e04ccb7b3b}]
shellAutocommand — setup.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

======List of files/folders created in the last 1 months======

2008-12-11 22:53:59 —-D—- C:rsit
2008-12-11 19:14:45 —-D—- C:Documents and SettingsHomeApplication DataMalwarebytes
2008-12-11 19:14:39 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-12-11 19:14:38 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-12-11 17:52:59 —-D—- C:Program Filestrend micro
2008-12-11 17:35:50 —-D—- C:WINDOWStemp
2008-12-11 17:20:24 —-A—- C:WINDOWSsystem32CF1053.exe
2008-12-11 17:17:47 —-D—- C:WINDOWSERDNT
2008-11-29 00:32:01 —-D—- C:Program FilesCommon FilesBorland Shared
2008-11-29 00:32:00 —-D—- C:Program FilesBorland
2008-11-16 16:04:16 —-D—- C:Program FilesElectronic Arts
2008-11-14 19:07:56 —-A—- C:WINDOWSsystem328b999a17-.txt
2008-11-14 17:53:30 —-D—- C:Program FilesESET
2008-11-14 17:16:02 —-D—- C:doc
2008-11-14 17:11:42 —-D—- C:Documents and SettingsHomeApplication DataESET

======List of files/folders modified in the last 1 months======

2008-12-11 22:48:56 —-D—- C:Documents and SettingsHomeApplication DataDNA
2008-12-11 22:08:58 —-A—- C:WINDOWSNeroDigital.ini
2008-12-11 19:53:05 —-D—- C:Program FilesAIMP2
2008-12-11 19:49:40 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-11 19:48:38 —-D—- C:Program FilesDNA
2008-12-11 19:14:43 —-D—- C:WINDOWSsystem32drivers
2008-12-11 19:14:38 —-RD—- C:Program Files
2008-12-11 19:09:05 —-D—- C:WINDOWS
2008-12-11 18:48:45 —-SHD—- C:System Volume Information
2008-12-11 18:48:45 —-D—- C:WINDOWSsystem32Restore
2008-12-11 17:41:12 —-D—- C:WINDOWSsystem32
2008-12-11 17:39:00 —-A—- C:WINDOWSsystem.ini
2008-12-11 17:36:33 —-D—- C:WINDOWSsystem32config
2008-12-11 17:34:33 —-HD—- C:Program FilesCommon Files
2008-12-11 17:34:33 —-D—- C:WINDOWSAppPatch
2008-12-11 17:34:07 —-SD—- C:WINDOWSTasks
2008-12-11 17:31:55 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-09 16:30:31 —-D—- C:WINDOWSPrefetch
2008-12-04 23:49:48 —-SD—- C:Documents and SettingsHomeApplication DataMicrosoft
2008-11-29 00:33:19 —-SHD—- C:WINDOWSInstaller
2008-11-29 00:32:46 —-SHD—- C:Config.Msi
2008-11-24 17:21:02 —-D—- C:Documents and SettingsHomeApplication DataVKLife
2008-11-14 17:54:44 —-HD—- C:WINDOWSinf
2008-11-14 16:58:30 —-D—- C:Program FilesWebMoney Advisor
2008-11-14 16:51:56 —-SHD—- C:RECYCLER
2008-11-14 13:58:09 —-D—- C:Program FilesDrWeb
2008-11-14 13:50:47 —-HD—- C:Program FilesInstallShield Installation Information
2008-11-13 18:53:49 —-D—- C:Documents and SettingsHomeApplication DataMra

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-06-10 53256]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-06-10 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2006-03-02 14848]
R1 Klif;Klif; C:WINDOWSSystem32driversklif.sys [2006-05-11 139024]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-06-10 71688]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-11-13 391680]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-11-13 481596]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-06-10 30728]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2006-03-02 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-03-02 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-03-03 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2006-03-02 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2006-03-02 31616]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2006-03-02 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-03-02 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-08-23 29440]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-18 17504]
S3 Intels51;Intel(R) 536EP Modem; C:WINDOWSsystem32DRIVERSIntels51.sys [2003-05-22 670203]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-10-10 12800]
S3 siusbmod;siusbmod; C:WINDOWSsystem32DRIVERSsiusbmod.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys [2002-10-24 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys [2002-10-31 10240]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-06-10 468224]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2006-03-02 14336]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-06-10 19200]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-01-04 136120]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]

---

EOF

---

info.txt logfile of random’s system information tool 1.04 2008-12-11 22:54:08

======Uninstall list======

—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
3D Инструктор. Учебный автосимулятор—>»C:Program Files3D Инструкторunins000.exe»
ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 10 Photo Manager—>MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop 7.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesAdobePhotoshop 7.0Uninst.isu» -c»C:Program FilesAdobePhotoshop 7.0Uninst.dll»
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AIMP2—>C:Program FilesAIMP2UnInstall.exe
AP Guitar Tuner 1.02—>C:WINDOWSuninst.exe -f»C:Program FilesAudio Phonics, Inc.AP Guitar Tuner 1.02DeIsL1.isu» -c»C:Program FilesAudio Phonics, Inc.AP Guitar Tuner 1.02_ISREG32.DLL»
AusLogics BoostSpeed—>»C:Program FilesAuslogicsAuslogics BoostSpeedunins000.exe»
AutoWorld 3D Garage 2.24—>»C:Program FilesStatusSoftAutoWorld 3D Garageunins000.exe»
Borland Delphi 7—>MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Canon i250—>C:WINDOWSsystem32CNMCP50.exe «-PRINTERNAMECanon i250» «-HELPERDLLC:BJPrinterCNMWINDOWSCanon i250 InstallerInst2cnmis.dll» «-RCDLLC:BJPrinterCNMWINDOWSCanon i250 InstallerInst2cnmi0419.dll»
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
CheMax Rus 7.0—>»C:Program FilesCheMaxRusunins000.exe»
CorelDRAW Graphics Suite X3—>MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DBF Viewer 2000 v1.89—>c:Program FilesUninstal.exe
Download Master version 5.5.6.1139—>»C:Program FilesDownload Masterunins000.exe»
ESET Smart Security—>MsiExec.exe /I{373EDBBD-6399-4B26-B403-D704814245ED}
Flatout 2—>»C:Program FilesBukaFlatout 2unins000.exe»
FontNav—>MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
GameSpy Arcade—>C:PROGRA~1GAMESP~1UNWISE.EXE C:PROGRA~1GAMESP~1INSTALL.LOG
GTAIII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D95063F0-94F5-446C-B000-01B91B89037C}Setup.exe» -l0x9
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
Kaspersky Anti-Hacker—>»C:Program FilesKaspersky LabKaspersky Anti-Hackeruninstall.exe»
K-Lite Codec Pack 3.6.5 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Агент 5.2 (сборка 2349, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.9—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (Russian)—>MsiExec.exe /X{95120000-00AF-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual J# 2.0 Redistributable Package—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft Visual J# 2.0 Redistributable Packageinstall.exe
Mustek 1200 UB Plus v2.0—>C:PROGRA~1MUSTEK~1DriverUNINST.EXE
Nero 7 Demo—>MsiExec.exe /I{C21EE5A0-B52E-5C0D-C94D-18BCB6EA1049}
NevoSoft Christmasville (remove only)—>»C:Program FilesИгрыChristmasvilleuninstall.exe»
NevoSoft Super Cow (remove only)—>»C:Program FilesИгрыSuper Cowuninstall.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite—>MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Opera 9.62—>MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
PC Connectivity Solution—>MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Peggle Deluxe 1.0—>C:Program FilesPopCap GamesPeggle DeluxePopUninstall.exe «C:Program FilesPopCap GamesPeggle DeluxeInstall.log»
Photoshop Russian Update—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{16EF687F-D2C3-4B17-9DBD-31113E833426}Setup.exe»
Picasa 2—>»C:Program FilesPicasa2Uninstall.exe»
Plugins for Opera—>»C:Program FilesDUHALABPluginunins000.exe»
Punto Switcher 2.96—>C:Program FilesPunto Switcheruninstall.exe
Punto Switcher 3.0—>C:Program FilesPunto Switcheruninstall.exe
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
Red Alert 3 1.00—>C:Program FilesElectronic ArtsRed Alert 3Uninstall.exe
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
Serious Sam 2—>C:GamesSERIOU~1UNWISE.EXE C:GamesSERIOU~1INSTALL.LOG
Shasoft eBook 4.0.3—>C:Program FilesShasoft eBook 4.xuninstall.exe
Unlocker 1.8.5—>C:Program FilesUnlockeruninst.exe
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Video Convert Master 8.0.10.25—>»C:Program FilesVideo Convert Masterunins000.exe»
Visual Task Tips 3.2—>C:Program FilesVisualTaskTipsuninst.exe
Windows Driver Package — Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8pccswpddriver.inf
Windows Driver Package — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Жёлтые страницы. Россия 2007—>C:Program FilesЖёлтые страницы. Россия. 2007uninst.exe
Пакет исправлений для Windows XP — KB884020—>C:WINDOWS$NtUninstallKB884020$spuninstspuninst.exe
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Птички на проводе—>C:Program FilesFishki.NetПтички на проводеuninstal.exe

=====HijackThis Backups=====

O2 — BHO: BP Data Feeder — {F3BA2A51-BB4F-4e22-AD0E-DFF956D5B672} — (no file)
O2 — BHO: (no name) — {125F9EE3-2C3E-48F9-8165-0C176796488F} — C:WINDOWSsystem32awtrPjgh.dll (file missing)
O2 — BHO: (no name) — {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} — C:WINDOWSsystem32awturRhG.dll (file missing)

======Security center information======

AV: ESET Smart Security 3.0
FW: Персональный файервол ESET
FW: Kaspersky Anti-Hacker

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesBorlandDelphi7Bin;C:Program FilesBorlandDelphi7ProjectsBpl;C:Program FilesPC Connectivity Solution
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 9, GenuineIntel
«PROCESSOR_REVISION»=0209
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

[Admin]

Правильно ли это?
Открыть opera: Инструменты — Настройки — вкладка Дополнительно — раздел Содержимое — кнопка Настроить JavaScrypt… в строке «Папка пользовательских файлов JavaScrypt.. Удалить строку полностью. Желательно, также удалить из папки, указанной в строке «Папка пользовательских файлов JavaScrypt:» файлы с расширением js, или всю папку целиком.

Да это одна из потенциальных уязвимостей Оперы, использование дополнительных Java Script файлов.
По RSIT логу, всё чисто, но нужно удалить один ключ из реестра.

Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.

:Processes

explorer.exe



:reg

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]

"{0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE}"=-



:Commands

[emptytemp]

[start explorer]

[Reboot]

Кликните по кнопке MoveIt! Программа перезагрузит компьютер. Когда компьютер загрузиться должен будет показан лог, вставьте его в ваш ответ.

Жду от вас OTMoveIt лог и свежий RSIT лог.

[Filin89]

OTMoveIt лог
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks\{0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1HomeLOCALS~1TempBCG4.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1HomeLOCALS~1Temp~DFEEE0.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.7.2 log created on 12132008_145136

Files moved on Reboot…
File C:DOCUME~1HomeLOCALS~1TempBCG4.tmp not found!
C:DOCUME~1HomeLOCALS~1Temp~DFEEE0.tmp moved successfully.
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps007wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps006wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps005wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps004wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
C:Documents and SettingsHomeLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.

свежий RSIT лог
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Home at 2008-12-13 14:56:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (13%) free of 76 GB
Total RAM: 767 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56, on 2008-12-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32csrcs.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesVisualTaskTipsVisualTaskTips.exe
C:Program FilesDNAbtdna.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
C:Program FilesOperaOpera.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsHomeРабочий столRSIT.exe
C:Program Filestrend microHome.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
F2 — REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKCU..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O4 — Startup: Авангард.lnk = ?
O4 — Startup: Интернет.lnk = ?
O4 — Global Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{C13D036B-737A-4D74-A2FF-41C314E8F012}: NameServer = 217.168.64.2 212.48.193.36
O17 — HKLMSystemCCSServicesTcpip..{FCFD7364-A537-414E-AFBA-6EE208C52082}: NameServer = 217.168.64.2
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 6966 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-09-17 664264]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-09-17 664264]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-09-17 4412920]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2006-09-07 15872]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-06-10 1447168]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VisualTaskTips»=C:Program FilesVisualTaskTipsVisualTaskTips.exe [2008-03-09 61440]
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-11-15 342336]
«Rainlendar2″=C:Program FilesRainlendar2Rainlendar2.exe []
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-07 734504]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Kaspersky Anti-Hacker.lnk — C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe

C:Documents and SettingsHomeГлавное менюПрограммыАвтозагрузка
Авангард.lnk —
Интернет.lnk —

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8aea003e-c859-11dd-9c52-00e04ccb7b3b}]
shellAutoRuncommand — F:dnizjy.exe
shellexplorecommand — F:dnizjy.exe
shellopencommand — F:dnizjy.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fbf269c0-55c1-11dd-9a51-00e04ccb7b3b}]
shellAutocommand — setup.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

======List of files/folders created in the last 1 months======

2008-12-13 14:50:30 —-D—- C:_OTMoveIt
2008-12-12 16:41:37 —-RASH—- C:WINDOWSlsass.exe
2008-12-11 22:53:59 —-D—- C:rsit
2008-12-11 19:14:45 —-D—- C:Documents and SettingsHomeApplication DataMalwarebytes
2008-12-11 19:14:39 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-12-11 19:14:38 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-12-11 17:52:59 —-D—- C:Program Filestrend micro
2008-12-11 17:35:50 —-D—- C:WINDOWStemp
2008-12-11 17:20:24 —-A—- C:WINDOWSsystem32CF1053.exe
2008-12-11 17:17:47 —-D—- C:WINDOWSERDNT
2008-11-29 00:32:01 —-D—- C:Program FilesCommon FilesBorland Shared
2008-11-29 00:32:00 —-D—- C:Program FilesBorland
2008-11-16 16:04:16 —-D—- C:Program FilesElectronic Arts
2008-11-14 19:07:56 —-A—- C:WINDOWSsystem328b999a17-.txt
2008-11-14 17:53:30 —-D—- C:Program FilesESET
2008-11-14 17:16:02 —-D—- C:doc
2008-11-14 17:11:42 —-D—- C:Documents and SettingsHomeApplication DataESET

======List of files/folders modified in the last 1 months======

2008-12-13 14:54:12 —-D—- C:Program FilesDNA
2008-12-13 14:54:12 —-D—- C:Documents and SettingsHomeApplication DataDNA
2008-12-13 14:52:52 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-13 14:04:51 —-D—- C:Program FilesAIMP2
2008-12-13 14:01:33 —-A—- C:WINDOWSNeroDigital.ini
2008-12-12 16:41:43 —-D—- C:WINDOWSsystem32
2008-12-12 16:41:37 —-D—- C:WINDOWS
2008-12-12 16:31:16 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-11 19:14:43 —-D—- C:WINDOWSsystem32drivers
2008-12-11 19:14:38 —-RD—- C:Program Files
2008-12-11 18:48:45 —-SHD—- C:System Volume Information
2008-12-11 18:48:45 —-D—- C:WINDOWSsystem32Restore
2008-12-11 17:39:00 —-A—- C:WINDOWSsystem.ini
2008-12-11 17:36:33 —-D—- C:WINDOWSsystem32config
2008-12-11 17:34:33 —-HD—- C:Program FilesCommon Files
2008-12-11 17:34:33 —-D—- C:WINDOWSAppPatch
2008-12-11 17:34:07 —-SD—- C:WINDOWSTasks
2008-12-09 16:30:31 —-D—- C:WINDOWSPrefetch
2008-12-04 23:49:48 —-SD—- C:Documents and SettingsHomeApplication DataMicrosoft
2008-11-29 00:33:19 —-SHD—- C:WINDOWSInstaller
2008-11-29 00:32:46 —-SHD—- C:Config.Msi
2008-11-24 17:21:02 —-D—- C:Documents and SettingsHomeApplication DataVKLife
2008-11-14 17:54:44 —-HD—- C:WINDOWSinf
2008-11-14 16:58:30 —-D—- C:Program FilesWebMoney Advisor
2008-11-14 16:51:56 —-SHD—- C:RECYCLER
2008-11-14 13:58:09 —-D—- C:Program FilesDrWeb
2008-11-14 13:50:47 —-HD—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-06-10 53256]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-06-10 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2006-03-02 14848]
R1 Klif;Klif; C:WINDOWSSystem32driversklif.sys [2006-05-11 139024]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-06-10 71688]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-11-13 391680]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-11-13 481596]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-06-10 30728]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2006-03-02 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-03-02 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2008-03-03 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2006-03-02 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2006-03-02 31616]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2006-03-02 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-03-02 20480]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-08-23 29440]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-18 17504]
S3 Intels51;Intel(R) 536EP Modem; C:WINDOWSsystem32DRIVERSIntels51.sys [2003-05-22 670203]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-10-10 12800]
S3 siusbmod;siusbmod; C:WINDOWSsystem32DRIVERSsiusbmod.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:WINDOWSSystem32Driversvulfnth.sys [2002-10-24 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:WINDOWSSystem32Driversvulfntr.sys [2002-10-31 10240]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-06-10 468224]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2006-03-02 14336]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-06-10 19200]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-01-04 136120]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]

---

EOF

---

[Admin]

Судя по RSIT логу, с момента предыдущего запуска RSIT ваш компьютер заразился autorun.inf вирусом. Возможно подхватили с заражённой флэшки (Диск F).
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.

Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующую строку:

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.

Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.

:reg

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8aea003e-c859-11dd-9c52-00e04ccb7b3b}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fbf269c0-55c1-11dd-9a51-00e04ccb7b3b}]

Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.

Жду от вас OTMoveIt лог и свежий RSIT лог.

[Автор]

Сообщения