Порно на рабочем столе

[olga_p]

Помогите !!!

вот LOG
Logfile of random’s system information tool 1.06 (written by random/random)
Run by olga at 2009-12-01 19:26:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (41%) free of 20 GB
Total RAM: 511 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:20, on 01.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWinampwinampa.exe
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
D:gamedaemon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
D:gameDAEMON Tools Litedaemon.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32tlntsvr.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
D:PrograminstalRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
D:Programinstalolga.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =

http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) =

http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} —

C:Documents and SettingsolgaApplication DataMicrosoftInternet

Explorerqipsearchbar.dll
R3 — URLSearchHook: Winamp Search Class —

{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp

Toolbarwinamptb.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} —

C:Program FilesICQ6ToolbarICQToolBar.dll
F2 — REG:system.ini:

UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe,
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} —

C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} —

C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and

SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} —

C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} —

C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} —

C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program

FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program

FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 10

Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «C:Program FilesABBYY Lingvo 10

Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon

FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero

BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop

Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [DAEMON Tools-1033] «D:gamedaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication]

C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

«C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat

7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_7 -reboot 1
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon

FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe

/NoDialog
O4 — HKCU..Run: [DAEMON Tools Lite] «D:gameDAEMON Tools Litedaemon.exe»

-autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe»

-silent
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon

FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon

FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program

FilesAdobeAcrobat 7.0Readerreader_sl.exe
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem,

DisableRegedit=1
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll

UsersApplication DataWinamp

ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel —

res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program

FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: Справочные материалы —

{92780B25-18CC-41C8-B9BE-3C9C571A8263} —

C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program

FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} —

C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} —

C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger —

{FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O20 — AppInit_DLLs: C:WINDOWSsystem32UsicD.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon

FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт —

C:WINDOWSsystem32services.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ

Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) —

Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация

Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program

FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon

FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт —

C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола

(RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт —

C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon

FilesPCSuiteServicesServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) —

Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт —

C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт —

C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация

Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8345 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser

Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat

7.0ActiveXAcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser

Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll

[2008-03-20 1267040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser

Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsolgaApplication

DataMicrosoftInternet Explorerqipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser

Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30

245760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program

FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program

FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program

FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program

FilesYandexYandexBarIEyndbar.dll [2009-04-08 3700000]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2007-10-10 36352]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 10 Multilingual

DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=C:Program FilesABBYY Lingvo 10 Multilingual

DictionaryTutor.exe [2004-10-09 1159168]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe

[2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe

[2007-09-20 1836328]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter

Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«DAEMON Tools-1033″=D:gamedaemon.exe [2004-08-22 81920]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15

229376]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-06-18 67584]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon

FilesNeroLibNMBgMonitor.exe [2007-10-23 202024]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe

[2005-10-24 307200]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe

[2008-10-20 479496]
«PcSync»=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe [2006-06-27

1449984]
«DAEMON Tools Lite»=D:gameDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe -silent []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe

Gamma Loader.exe
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat

7.0Readerreader_sl.exe

C:Documents and SettingsolgaМои документыГлавное

менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma

Loader.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32UsicD.dll»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTye05.sy

s]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTye05.sy

s]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer

]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparameters

firewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp

2res.dll,-22019″
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp

RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp

RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program

FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesPush-A-ButtonBounceParseODWS.exe»=»C:Program

FilesPush-A-ButtonBounceParseODWS.exe:*:Enabled:OnDemandWebServer»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet

Internet Pager»
«C:WINDOWSsystem32ftp.exe»=»C:WINDOWSsystem32ftp.exe:*:Enabled:transfer»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP

Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program

FilesICQ6.5ICQ.exe:*:Enabled:ICQ6″

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparameters

firewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp

2res.dll,-22019″

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{441d35c8-9035-11de-a715-001109609ceb}]
shellAutoRuncommand —

J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe
shellopencommand —

J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{4b3df0c6-c600-11de-a785-001109609ceb}]
shellAutoRuncommand —

J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe
shellopencommand —

J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{6db3d459-2c8a-11dd-aff5-afcbdee831ac}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE

Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{6db3d45a-2c8a-11dd-aff5-afcbdee831ac}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE

Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — H:a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{6db3d45b-2c8a-11dd-aff5-afcbdee831ac}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE

Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — F:a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{806737e1-2c1c-11dd-aff1-ab7c6a524fab}]
shellAutoRuncommand — Rundll32.exe .RECYCLERt.dll,Setup

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{8d1489ef-2c30-11dd-9066-806d6172696f}]
shellAutoRuncommand — G:Setup.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{8d1489f0-2c30-11dd-9066-806d6172696f}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE

Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoi

nts2{ae900c1a-4f93-11de-a67d-001109609ceb}]
shellAutoRuncommand —

K:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe
shellopencommand —

K:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe

======List of files/folders created in the last 1 months======

2009-12-01 19:26:16 —-D—- C:rsit
2009-11-28 17:43:04 —-RA—- C:WINDOWSsystem32RTLCPAPI.dll
2009-11-28 17:43:01 —-RA—- C:WINDOWSsystem32RTLCPL.EXE
2009-11-28 17:42:56 —-RA—- C:WINDOWSSOUNDMAN.EXE
2009-11-28 13:20:25 —-A—- C:WINDOWSntbtlog.txt
2009-11-28 12:44:26 —-D—- C:KAV
2009-11-28 12:39:24 —-D—- C:Documents and SettingsolgaApplication

DataAdobeUM
2009-11-26 13:07:56 —-A—- C:Program Filesqip8095.exe
2009-11-03 00:18:33 —-D—- C:Program FilesVKPaint_1.21
2009-11-02 23:07:37 —-A—- C:Program FilesOpera_1001_ru_Setup.exe

======List of files/folders modified in the last 1 months======

2009-12-01 19:25:49 —-D—- C:WINDOWSTemp
2009-12-01 19:24:27 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-01 19:24:02 —-D—- C:Temp
2009-12-01 10:25:47 —-D—- C:WINDOWSPrefetch
2009-11-29 17:28:56 —-D—- C:WINDOWS
2009-11-29 17:22:05 —-D—- C:WINDOWSsecurity
2009-11-29 14:53:33 —-D—- C:Program FilesBoxEasy JukeBox
2009-11-29 13:04:29 —-SD—- C:Documents and SettingsolgaApplication

DataMicrosoft
2009-11-29 12:17:36 —-D—- C:WINDOWSHelp
2009-11-28 17:43:05 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-28 17:43:04 —-D—- C:WINDOWSsystem32
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem32drivers
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem
2009-11-28 17:42:51 —-HD—- C:WINDOWSinf
2009-11-28 17:42:51 —-D—- C:WINDOWSsystem32CatRoot
2009-11-28 17:42:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-28 17:36:06 —-SHD—- C:WINDOWSCSC
2009-11-28 14:04:19 —-SHD—- C:WINDOWSInstaller
2009-11-28 12:45:28 —-RD—- C:Program Files
2009-11-26 20:27:04 —-HD—- C:Program FilesInstallShield Installation

Information
2009-11-26 12:27:25 —-SHD—- C:System Volume Information
2009-11-17 15:31:18 —-A—- C:WINDOWSNeroDigital.ini
2009-11-02 23:12:24 —-D—- C:Program FilesOpera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,

3=Demand, 4=Disabled)======

R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys

[2004-08-17 41728]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program

FilesUltraISOdriversISODrive.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver;

C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM);

C:WINDOWSsystem32driversALCXWDM.SYS [2004-06-21 626204]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver;

C:WINDOWSsystem32DRIVERSNVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator;

C:WINDOWSsystem32DRIVERSnvnetbus.sys [2004-05-17 12928]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера;

C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys

[2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера;

C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 asr1qt6v;asr1qt6v; C:WINDOWSsystem32driversasr1qt6v.sys []
S3 GMSIPCI;GMSIPCI; ??G:INSTALLGMSIPCI.SYS []
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys

[2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys

[2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;

C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys

[2006-05-29 13312]
S3 tcpsr;tcpsr; ??C:WINDOWSSystem32driverstcpsr.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys

[2004-08-03 15104]
S3 usbstor;Драйвер запоминающих устройств для USB;

C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы;

C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,

3=Demand, 4=Disabled)======

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program

FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe

[2005-01-28 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon

FilesNeroLibNMIndexingService.exe [2007-10-23 382248]
S2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe

[2008-06-10 222456]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe

Systems SharedServiceAdobelmsvc.exe [2008-05-30 72704]
S3 aspnet_state;ASP.NET State Service;

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23

29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service

v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

[2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft

SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesCommon

FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]

---

EOF

---

[olga_p]

А вот файл INFO

info.txt logfile of random’s system information tool 1.06 2009-12-01 19:26:21

======Uninstall list======

—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY Lingvo 10 Multilingual Dictionary—>MsiExec.exe /I{AA10000A-C75E-487C-88FC-37AA1AACFB60}
ACD FotoCanvas 3.0 Trial—>MsiExec.exe /I{D999C14B-9607-43A8-A734-E06B7667A8B5}
ActivePerl 5.10.0 Build 1001—>MsiExec.exe /I{E2BD3BFB-8D1D-410D-B2F1-3BE80B7FFF72}
Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe» -l0x9
Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0—>MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ask Toolbar—>rundll32 C:PROGRA~1AskTBarbar1.binAskTBar.dll,O
Canon Camera Support Core Library—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon MovieEdit Task for ZoomBrowser EX—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord—>MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{16976C6C-F8D5-4317-9DE8-1F6352B66725}
Canon RemoteCapture Task for ZoomBrowser EX—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{821DC151-4691-4E26-AE7E-522921D0FD54}
Canon Utilities PhotoStitch 3.1—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX—>MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CSI-3 Dimensions of Murder—>»D:gameCSI-3 Dimensions of Murderunins000.exe»
DAEMON Tools—>MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DietMP3 4.03.00—>»C:Program FilesDietMP3unins000.exe»
DV Network Software—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B} /l1033
eMusic — 50 Free MP3 offer—>»C:Program FilesWinampeMusicUninst-eMusic-promotion.exe»
FAR file manager—>C:Program FilesFarUninstall.exe
Fargus — Still Life—>D:gameStill Lifeunwise.exe
HijackThis 2.0.2—>»J:DokHijackThis.exe» /uninstall
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
K-Lite Codec Pack 5.0.5 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime—>MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Monkey’s Audio—>»C:Program FilesMonkey’s Audiounins000.exe»
MSN Font Color Editor 4.2—>»C:Program FilesMSN Font Color Editorunins000.exe»
Nero 8 Micro 8.1.1.3—>»C:Program FilesNerounins000.exe»
Nero 8—>MsiExec.exe /X{919635D1-5C0D-4B64-B724-BDDB31D11049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver—>MsiExec.exe /X{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}
Nokia Lifeblog 2.1—>MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver—>MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights—>MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia Nseries Skin for Microsoft Windows Media Player—>MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Connectivity Solution—>MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite—>MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia themes for your device—>MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
NVIDIA Drivers—>C:WINDOWSsystem32NVUNINST.EXE UninstallGUI
Opera 10.01—>MsiExec.exe /X{12F9942A-E85D-44A6-B054-0B3BC9009625}
Power CD to MP3 Maker 1.11—>E:Oksanamobunins001.exe
Power MP3 Cutter Joiner 1.11—>E:Oksanamobunins000.exe
QIP 2005 8082—>»C:Program FilesQIPunins000.exe»
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
QIP Infium 1.0.9015 RC3—>»C:Program FilesQIP Infiumunins000.exe»
Salon Styler Pro Demo—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreative ZoneSalon Styler Pro DemoUninst.isu»
Sim City 4 + Transportation Addon—>C:WINDOWSunvise32.exe d:gamesimcity4uninstal.log
SimCity 4 Rush Hour—>D:gameSIMCIT~1UNWISE.EXE D:gameSIMCIT~1INSTALL.LOG
Still Life 2—>»D:gamestilllife2Still Life 2unins000.exe»
Syberia 2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «D:gamecєбірь))Uninstallsetup.exe» -l0x19
The Sims™ 3—>»C:Program FilesInstallShield Installation Information{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}Sims3Setup.exe» -runfromtemp -l0x0019 -removeonly
Ulead Video ToolBox Basic—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}setup.exe» -l0x9
UltraISO Premium V9.33—>»C:Program FilesUltraISOunins000.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual MP3 Splitter & Joiner 6.0—>»C:Program FilesVisual MP3 Splitter & Joinerunins000.exe»
Winamp Toolbar for Internet Explorer—>»C:Program FilesWinamp Toolbaruninstall.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Driver Package — Nokia Modem (06/12/2006 6.81.0.21)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_62A340731F8930057B44B8864F236850B0D49D65nokbtmdm.inf
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
WinZip—>»C:Program FilesWinZipWINZIP32.EXE» /uninstall
Yougle—>MsiExec.exe /I{585F72FF-7F0D-47D3-9686-20B1159992E5}
Агент Вконтакте v1.16—>C:Program FilesAgent Vkontakteuninst.exe
Проигрыватель Windows Media 10—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Яндекс.Бар для Internet Explorer 4.1.0—>»C:Program FilesYandexYandexBarIEunins000.exe»

=====HijackThis Backups=====

F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe, [2009-11-29]
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe, [2009-11-29]
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe, [2009-11-29]
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe, [2009-11-29]

======Hosts File======

127.0.0.1 99.189.54
127.0.0.1 99.189.52
127.0.0.1 99.14.103
127.0.0.1 98.223.73
127.0.0.1 97.80.137
127.0.0.1 95.134.16
127.0.0.1 95.133.8.
127.0.0.1 95.133.23
127.0.0.1 95.133.23
127.0.0.1 95.133.14

======System event log======

Computer Name: BF0B8C7950E54D3
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check: Regs

Record Number: 28076
Source Name: Application Popup
Time Written: 20091030165750.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check:

Record Number: 28075
Source Name: Application Popup
Time Written: 20091030165750.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check: Regs

Record Number: 28074
Source Name: Application Popup
Time Written: 20091030165750.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check:

Record Number: 28073
Source Name: Application Popup
Time Written: 20091030165750.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check: Regs

Record Number: 28072
Source Name: Application Popup
Time Written: 20091030165750.000000+120
Event Type: информация
User:

=====Application event log=====

Computer Name: BF0B8C7950E54D3
Event Code: 1517
Message: Реестр пользователя BF0B8C7950E54D3olga был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.

Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 5
Source Name: Userenv
Time Written: 20091126131839.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEM

Computer Name: BF0B8C7950E54D3
Event Code: 0
Message:
Record Number: 4
Source Name: NMIndexingService
Time Written: 20091126130557.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20091126130555.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 1000
Message: Служба Telnet успешно запущена.

Record Number: 2
Source Name: TlntSvr
Time Written: 20091126130555.000000+120
Event Type: информация
User:

Computer Name: BF0B8C7950E54D3
Event Code: 0
Message:
Record Number: 1
Source Name: Nero BackItUp Scheduler 3
Time Written: 20091126130553.000000+120
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=1
«OS»=Windows_NT
«Path»=C:Perlsitebin;C:Perlbin;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesUlead SystemsMPEG;C:Program FilesCommon FilesAdobeAGL
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
«PROCESSOR_LEVEL»=6
«PROCESSOR_REVISION»=0801
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Просканируйте компьютер снова программой RSIT и получившийся лог вставьте в ваше следующее сообщение.
При этом убедитесь что не включен режим Перенос по словам (в блокноте, меню Формат, нет галочки в пункте Перенос по словам).

[olga_p]

LOG
=====
Logfile of random’s system information tool 1.06 (written by random/random)
Run by olga at 2009-12-05 14:57:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (40%) free of 20 GB
Total RAM: 511 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:26, on 05.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWinampwinampa.exe
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
D:gamedaemon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
D:gameDAEMON Tools Litedaemon.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32tlntsvr.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
D:PrograminstalRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
D:Programinstalolga.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe,
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [DAEMON Tools-1033] «D:gamedaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_7 -reboot 1
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [DAEMON Tools Lite] «D:gameDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O20 — AppInit_DLLs: C:WINDOWSsystem32UsicD.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8345 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-04-08 3700000]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2007-10-10 36352]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe [2004-10-09 1159168]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«DAEMON Tools-1033″=D:gamedaemon.exe [2004-08-22 81920]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15 229376]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-06-18 67584]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-10-23 202024]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2005-10-24 307200]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«PcSync»=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe [2006-06-27 1449984]
«DAEMON Tools Lite»=D:gameDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe -silent []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsolgaМои документыГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32UsicD.dll»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTye05.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTye05.sys]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesPush-A-ButtonBounceParseODWS.exe»=»C:Program FilesPush-A-ButtonBounceParseODWS.exe:*:Enabled:OnDemandWebServer»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:WINDOWSsystem32ftp.exe»=»C:WINDOWSsystem32ftp.exe:*:Enabled:transfer»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{441d35c8-9035-11de-a715-001109609ceb}]
shellAutoRuncommand — J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe
shellopencommand — J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4b3df0c6-c600-11de-a785-001109609ceb}]
shellAutoRuncommand — J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe
shellopencommand — J:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d459-2c8a-11dd-aff5-afcbdee831ac}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d45a-2c8a-11dd-aff5-afcbdee831ac}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — H:a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d45b-2c8a-11dd-aff5-afcbdee831ac}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — F:a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{806737e1-2c1c-11dd-aff1-ab7c6a524fab}]
shellAutoRuncommand — Rundll32.exe .RECYCLERt.dll,Setup

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d1489ef-2c30-11dd-9066-806d6172696f}]
shellAutoRuncommand — G:Setup.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d1489f0-2c30-11dd-9066-806d6172696f}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe
shelldefaultcommand — a.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ae900c1a-4f93-11de-a67d-001109609ceb}]
shellAutoRuncommand — K:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe
shellopencommand — K:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe

======List of files/folders created in the last 1 months======

2009-12-05 14:57:23 —-D—- C:rsit
2009-12-01 19:26:16 —-D—- C:rs
2009-11-28 17:43:04 —-RA—- C:WINDOWSsystem32RTLCPAPI.dll
2009-11-28 17:43:01 —-RA—- C:WINDOWSsystem32RTLCPL.EXE
2009-11-28 17:42:56 —-RA—- C:WINDOWSSOUNDMAN.EXE
2009-11-28 13:20:25 —-A—- C:WINDOWSntbtlog.txt
2009-11-28 12:44:26 —-D—- C:KAV
2009-11-28 12:39:24 —-D—- C:Documents and SettingsolgaApplication DataAdobeUM
2009-11-26 13:07:56 —-A—- C:Program Filesqip8095.exe

======List of files/folders modified in the last 1 months======

2009-12-05 14:56:56 —-D—- C:WINDOWSTemp
2009-12-05 14:55:14 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-05 14:54:31 —-D—- C:Temp
2009-12-05 11:13:02 —-D—- C:WINDOWSPrefetch
2009-11-29 17:28:56 —-D—- C:WINDOWS
2009-11-29 17:22:05 —-D—- C:WINDOWSsecurity
2009-11-29 14:53:33 —-D—- C:Program FilesBoxEasy JukeBox
2009-11-29 13:04:29 —-SD—- C:Documents and SettingsolgaApplication DataMicrosoft
2009-11-29 12:17:36 —-D—- C:WINDOWSHelp
2009-11-28 17:43:05 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-28 17:43:04 —-D—- C:WINDOWSsystem32
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem32drivers
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem
2009-11-28 17:42:51 —-HD—- C:WINDOWSinf
2009-11-28 17:42:51 —-D—- C:WINDOWSsystem32CatRoot
2009-11-28 17:42:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-28 17:36:06 —-SHD—- C:WINDOWSCSC
2009-11-28 14:04:19 —-SHD—- C:WINDOWSInstaller
2009-11-28 12:45:28 —-RD—- C:Program Files
2009-11-26 20:27:04 —-HD—- C:Program FilesInstallShield Installation Information
2009-11-26 12:27:25 —-SHD—- C:System Volume Information
2009-11-17 15:31:18 —-A—- C:WINDOWSNeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2004-08-17 41728]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-06-21 626204]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2004-05-17 12928]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 anfatqqc;anfatqqc; C:WINDOWSsystem32driversanfatqqc.sys []
S3 GMSIPCI;GMSIPCI; ??G:INSTALLGMSIPCI.SYS []
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 tcpsr;tcpsr; ??C:WINDOWSSystem32driverstcpsr.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-10-23 382248]
S2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-05-30 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]

---

EOF

---

[Admin]

Запустите HijackThis, для этого кликните Пуск, Выполнить, введите

D:Programinstalolga.exe

и нажмите Enter.
Откроется главное меню программы HijackThis.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:

F2 - REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe,

Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.

Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

:services

anfatqqc

tcpsr



:reg

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"AppInit_DLLS"=""



[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTye05.sys]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTye05.sys]



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]

"DisableTaskMgr"=0

"DisableRegistryTools"=0



[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{441d35c8-9035-11de-a715-001109609ceb}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4b3df0c6-c600-11de-a785-001109609ceb}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d459-2c8a-11dd-aff5-afcbdee831ac}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d45a-2c8a-11dd-aff5-afcbdee831ac}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d45b-2c8a-11dd-aff5-afcbdee831ac}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{806737e1-2c1c-11dd-aff1-ab7c6a524fab}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d1489ef-2c30-11dd-9066-806d6172696f}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d1489f0-2c30-11dd-9066-806d6172696f}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ae900c1a-4f93-11de-a67d-001109609ceb}]



:files

C:WINDOWSsystem32UsicD.dll



:Commands

[emptytemp]

[Reboot]

Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.

[olga_p]

Спасибо баннер ушел, все делала по ВАШЕМУ порядку.
НО!!!
Код: Выделить всё
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe,

Вот это не ушло!!! Как его убить????

Вот новый LOG
++++
Logfile of random’s system information tool 1.06 (written by random/random)
Run by olga at 2009-12-06 11:29:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (44%) free of 20 GB
Total RAM: 511 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:16, on 06.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWinampwinampa.exe
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe
D:gamedaemon.exe
C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesNokiaNokia PC Suite 6PcSync2.exe
D:gameDAEMON Tools Litedaemon.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32tlntsvr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32ntvdm.exe
D:PrograminstalRSIT.exe
D:Programinstalolga.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe,
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [DAEMON Tools-1033] «D:gamedaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_7 -reboot 1
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [DAEMON Tools Lite] «D:gameDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8399 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-04-08 3700000]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2007-10-10 36352]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe [2004-10-09 1159168]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«DAEMON Tools-1033″=D:gamedaemon.exe [2004-08-22 81920]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15 229376]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-06-18 67584]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-10-23 202024]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2005-10-24 307200]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«PcSync»=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe [2006-06-27 1449984]
«DAEMON Tools Lite»=D:gameDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe -silent []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsolgaМои документыГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesPush-A-ButtonBounceParseODWS.exe»=»C:Program FilesPush-A-ButtonBounceParseODWS.exe:*:Enabled:OnDemandWebServer»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:WINDOWSsystem32ftp.exe»=»C:WINDOWSsystem32ftp.exe:*:Enabled:transfer»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-12-06 11:29:15 —-D—- C:rsit
2009-12-06 11:22:54 —-RASHD—- C:autorun.inf
2009-12-05 14:57:23 —-D—- C:rs2
2009-12-01 19:26:16 —-D—- C:rs
2009-11-28 17:43:04 —-RA—- C:WINDOWSsystem32RTLCPAPI.dll
2009-11-28 17:43:01 —-RA—- C:WINDOWSsystem32RTLCPL.EXE
2009-11-28 17:42:56 —-RA—- C:WINDOWSSOUNDMAN.EXE
2009-11-28 13:20:25 —-A—- C:WINDOWSntbtlog.txt
2009-11-28 12:44:26 —-D—- C:KAV
2009-11-28 12:39:24 —-D—- C:Documents and SettingsolgaApplication DataAdobeUM
2009-11-26 13:07:56 —-A—- C:Program Filesqip8095.exe
2009-11-14 14:22:55 —-SHD—- C:WINDOWSsystem32lowsec

======List of files/folders modified in the last 1 months======

2009-12-06 11:28:40 —-A—- C:WINDOWSVCMURBAS.INI
2009-12-06 11:28:37 —-D—- C:WINDOWSTemp
2009-12-06 11:28:37 —-D—- C:Temp
2009-12-06 11:25:19 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-06 11:22:54 —-D—- C:WINDOWSsystem32
2009-12-06 11:22:42 —-D—- C:WINDOWSSoftwareDistribution
2009-12-06 11:22:25 —-SHD—- C:WINDOWSCSC
2009-12-06 11:20:18 —-D—- C:WINDOWS
2009-12-05 11:13:02 —-D—- C:WINDOWSPrefetch
2009-11-29 17:22:05 —-D—- C:WINDOWSsecurity
2009-11-29 14:53:33 —-D—- C:Program FilesBoxEasy JukeBox
2009-11-29 13:04:29 —-SD—- C:Documents and SettingsolgaApplication DataMicrosoft
2009-11-29 12:17:36 —-D—- C:WINDOWSHelp
2009-11-28 17:43:05 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem32drivers
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem
2009-11-28 17:42:51 —-HD—- C:WINDOWSinf
2009-11-28 17:42:51 —-D—- C:WINDOWSsystem32CatRoot
2009-11-28 17:42:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-28 14:04:19 —-SHD—- C:WINDOWSInstaller
2009-11-28 12:45:28 —-RD—- C:Program Files
2009-11-26 20:27:04 —-HD—- C:Program FilesInstallShield Installation Information
2009-11-26 12:27:25 —-SHD—- C:System Volume Information
2009-11-17 15:31:18 —-A—- C:WINDOWSNeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2004-08-17 41728]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-06-21 626204]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2004-05-17 12928]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 a6g27ful;a6g27ful; C:WINDOWSsystem32driversa6g27ful.sys []
S3 GMSIPCI;GMSIPCI; ??G:INSTALLGMSIPCI.SYS []
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 tcpsr;tcpsr; ??C:WINDOWSSystem32driverstcpsr.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-10-23 382248]
R3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-05-30 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]

---

EOF

---

[olga_p]

Запустился доктор веб.
Сообщил, что sdra64.exe заражен Trojan.PWS.bancos.969 — не смог удалить и переместил.
Кроме того нашел вирус в win32.exe
Надеюсь, что ВСЕ
СПАСИБО!!!

вот LOG

---

Logfile of random’s system information tool 1.06 (written by random/random)
Run by olga at 2009-12-06 12:03:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (44%) free of 20 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:30, on 06.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWinampwinampa.exe
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe
C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe
D:gamedaemon.exe
C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesNokiaNokia PC Suite 6PcSync2.exe
D:gameDAEMON Tools Litedaemon.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32tlntsvr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSsystem32wscntfy.exe
D:PrograminstalRSIT.exe
D:Programinstalolga.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [LingvoTraining] «C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe» /ND /NW /AS
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [DAEMON Tools-1033] «D:gamedaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_7 -reboot 1
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 — HKCU..Run: [DAEMON Tools Lite] «D:gameDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKUSS-1-5-18..Run: [userinit] C:WINDOWSsystem32sdra64.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [userinit] C:WINDOWSsystem32sdra64.exe (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 8480 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsolgaApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2008-05-30 245760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-04-08 3700000]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2007-10-10 36352]
«»= []
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]
«LingvoTraining»=C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe [2004-10-09 1159168]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-09-20 1836328]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«DAEMON Tools-1033″=D:gamedaemon.exe [2004-08-22 81920]
«PCSuiteTrayApplication»=C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE [2006-06-15 229376]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-06-18 67584]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-10-23 202024]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2005-10-24 307200]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«PcSync»=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe [2006-06-27 1449984]
«DAEMON Tools Lite»=D:gameDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe -silent []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsolgaМои документыГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesPush-A-ButtonBounceParseODWS.exe»=»C:Program FilesPush-A-ButtonBounceParseODWS.exe:*:Enabled:OnDemandWebServer»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:WINDOWSsystem32ftp.exe»=»C:WINDOWSsystem32ftp.exe:*:Enabled:transfer»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-12-06 12:03:28 —-D—- C:rsit
2009-12-06 11:29:15 —-D—- C:rs3
2009-12-06 11:22:54 —-RASHD—- C:autorun.inf
2009-12-05 14:57:23 —-D—- C:rs2
2009-12-01 19:26:16 —-D—- C:rs
2009-11-28 17:43:04 —-RA—- C:WINDOWSsystem32RTLCPAPI.dll
2009-11-28 17:43:01 —-RA—- C:WINDOWSsystem32RTLCPL.EXE
2009-11-28 17:42:56 —-RA—- C:WINDOWSSOUNDMAN.EXE
2009-11-28 13:20:25 —-A—- C:WINDOWSntbtlog.txt
2009-11-28 12:44:26 —-D—- C:KAV
2009-11-28 12:39:24 —-D—- C:Documents and SettingsolgaApplication DataAdobeUM
2009-11-26 13:07:56 —-A—- C:Program Filesqip8095.exe
2009-11-14 14:22:55 —-SHD—- C:WINDOWSsystem32lowsec

======List of files/folders modified in the last 1 months======

2009-12-06 12:02:49 —-D—- C:WINDOWSTemp
2009-12-06 12:02:48 —-D—- C:WINDOWS
2009-12-06 12:02:33 —-D—- C:WINDOWSsystem32drivers
2009-12-06 12:02:31 —-D—- C:Temp
2009-12-06 12:02:17 —-D—- C:WINDOWSsystem32
2009-12-06 12:01:35 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-06 11:40:41 —-D—- C:WINDOWSPrefetch
2009-12-06 11:28:40 —-A—- C:WINDOWSVCMURBAS.INI
2009-12-06 11:22:42 —-D—- C:WINDOWSSoftwareDistribution
2009-12-06 11:22:25 —-SHD—- C:WINDOWSCSC
2009-11-29 17:22:05 —-D—- C:WINDOWSsecurity
2009-11-29 14:53:33 —-D—- C:Program FilesBoxEasy JukeBox
2009-11-29 13:04:29 —-SD—- C:Documents and SettingsolgaApplication DataMicrosoft
2009-11-29 12:17:36 —-D—- C:WINDOWSHelp
2009-11-28 17:43:05 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-28 17:43:03 —-D—- C:WINDOWSsystem
2009-11-28 17:42:51 —-HD—- C:WINDOWSinf
2009-11-28 17:42:51 —-D—- C:WINDOWSsystem32CatRoot
2009-11-28 17:42:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-28 14:04:19 —-SHD—- C:WINDOWSInstaller
2009-11-28 12:45:28 —-RD—- C:Program Files
2009-11-26 20:27:04 —-HD—- C:Program FilesInstallShield Installation Information
2009-11-26 12:27:25 —-SHD—- C:System Volume Information
2009-11-17 15:31:18 —-A—- C:WINDOWSNeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2004-08-17 41728]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-06-21 626204]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2004-05-17 12928]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 a3bjq7xh;a3bjq7xh; C:WINDOWSsystem32driversa3bjq7xh.sys []
S3 GMSIPCI;GMSIPCI; ??G:INSTALLGMSIPCI.SYS []
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 tcpsr;tcpsr; ??C:WINDOWSSystem32driverstcpsr.sys []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-09-20 853288]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-10-23 382248]
R3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-05-30 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]

---

EOF

---

[olga_p]

ЗабылаOTM log
_____
All processes killed
========== SERVICES/DRIVERS ==========
No service named anfatqqc was found to stop!
No service named anfatqqc was found to delete!
No service named tcpsr was found to stop!
No service named tcpsr was found to delete!
========== REGISTRY ==========
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\»AppInit_DLLS»|»» /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTye05.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTye05.sys deleted successfully.
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableTaskMgr»|0 /E : value set successfully!
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem\»DisableRegistryTools»|0 /E : value set successfully!
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{441d35c8-9035-11de-a715-001109609ceb} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{441d35c8-9035-11de-a715-001109609ceb} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4b3df0c6-c600-11de-a785-001109609ceb} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{4b3df0c6-c600-11de-a785-001109609ceb} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d459-2c8a-11dd-aff5-afcbdee831ac} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{6db3d459-2c8a-11dd-aff5-afcbdee831ac} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d45a-2c8a-11dd-aff5-afcbdee831ac} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{6db3d45a-2c8a-11dd-aff5-afcbdee831ac} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6db3d45b-2c8a-11dd-aff5-afcbdee831ac} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{6db3d45b-2c8a-11dd-aff5-afcbdee831ac} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{806737e1-2c1c-11dd-aff1-ab7c6a524fab} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{806737e1-2c1c-11dd-aff1-ab7c6a524fab} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d1489ef-2c30-11dd-9066-806d6172696f} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8d1489ef-2c30-11dd-9066-806d6172696f} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d1489f0-2c30-11dd-9066-806d6172696f} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8d1489f0-2c30-11dd-9066-806d6172696f} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ae900c1a-4f93-11de-a67d-001109609ceb} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ae900c1a-4f93-11de-a67d-001109609ceb} not found.
========== FILES ==========
DllUnregisterServer procedure not found in C:WINDOWSsystem32UsicD.dll
C:WINDOWSsystem32UsicD.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: local_user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: olga
->Temp folder emptied: 16632022 bytes
->Temporary Internet Files folder emptied: 822404818 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2302710 bytes
%systemroot%System32 .tmp files removed: 5709 bytes
Windows Temp folder emptied: 2125582 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 59047656 bytes

Total Files Cleaned = 860,84 mb

OTM by OldTimer — Version 3.1.2.0 log created on 12062009_111721

Files moved on Reboot…

Registry entries deleted on Reboot…

[Автор]

Сообщения