Предотвращение выполнения данных — при ЗАКРЫТИИ ИЕ

[Sunny]

При закрытии Internet Explorer появляется окошко с сообщением «Предотвращение выполнеия данных», потом еще окно об ошибке, и браузер не закрывается.

Похоже, проблема появилась после скачивания анимированной заставки. Появился еще shreder (который я вроде бы удалила по Вашим советам в другой теме на этом форуме), PC Confidential.
Антивирус ничего не находит.

Помогите, пожалуйста!

Текст из блокнота:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by 11 at 2009-10-08 20:00:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (48%) free of 25 GB
Total RAM: 959 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:12, on 08.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:Program FilesFolderSizeFolderSizeSvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Documents and SettingsAll UsersApplication DataWeemiweemi121.exe
C:WINDOWSExplorer.EXE
C:Program FilesWeemiweemi.exe
C:Program FilesTaskSwitchXPTaskSwitchXP.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesESETCyberMania.exe
C:Program FilesESETESET Smart Securityegui.exe
D:Download Masterdmaster.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIEAR.EXE
D:NokiaNokia PC Suite 6PCSync2.exe
D:NokiaNokia PC Suite 6PCSuite.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesCommon FilesNokiaMPAPIMPAPI3s.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclIrSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:WINDOWSsystem32taskmgr.exe
D:QIPqip.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and Settings11Рабочий столкнигиRSIT.exe
C:Program Filestrend micro11.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=48084
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: IDM Helper — {0055C089-8582-441B-A0BF-17B458C2A3A8} — C:Program FilesInternet Download ManagerIDMIECC.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: PCCBHO.CPCCBHO — {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} — C:Program FilesWinfernoPC ConfidentialPCCBHO.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — D:DOWNLO~1dmiehlp.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: QT Breadcrumbs Address Bar — {af83e43c-dd2b-4787-826b-31b17dee52ed} — mscoree.dll (file missing)
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [TaskSwitchXP] C:Program FilesTaskSwitchXPTaskSwitchXP.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [CyberMania] C:Program FilesESETCyberMania.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [AdobeCS4ServiceManager] «C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» -launchedbylogin
O4 — HKLM..Run: [Download Master] D:Download Masterdmaster.exe -autorun
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [EPSON Stylus T26 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIEAR.EXE /FU «C:WINDOWSTEMPE_S4C.tmp» /EF «HKCU»
O4 — HKCU..Run: [EDLauncher] C:Program FilesPRMT8PRMTEDEDLauncher.exe
O4 — HKCU..Run: [Nokia.PCSync] «D:NokiaNokia PC Suite 6PCSync2.exe» /NoDialog
O4 — HKCU..Run: [PC Suite Tray] «D:NokiaNokia PC Suite 6PCSuite.exe» -onlytray
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O6 — HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Download using Download &Express — file://C:WINDOWSsystem32MetaProductsAdd_Url.htm
O8 — Extra context menu item: Закачать при помощи Download Master — D:Download Masterdmie.htm
O8 — Extra context menu item: Настроить параметры перевода — C:Program FilesPRMT8PRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — C:Program FilesPRMT8PRMTIEinfopanel.htm
O8 — Extra context menu item: Перевести — C:Program FilesPRMT8PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesPRMT8PRMTIEpage.htm
O8 — Extra context menu item: Поиск в Интернете — C:Program FilesPRMT8PRMTIEsearch.htm
O9 — Extra button: (no name) — {53F6FCCD-9E22-4d71-86EA-6E43136192AB} — C:Program FilesWinfernoPC ConfidentialPCConfidential.exe
O9 — Extra ‘Tools’ menuitem: PC Confidential — {53F6FCCD-9E22-4d71-86EA-6E43136192AB} — C:Program FilesWinfernoPC ConfidentialPCConfidential.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra ‘Tools’ menuitem: Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra button: Bonjour — {7F9DB11C-E358-4ca6-A83D-ACC663939424} — C:Program FilesBonjourExplorerPlugin.dll
O9 — Extra button: PC Confidential — {925DAB62-F9AC-4221-806A-057BFB1014AA} — C:Program FilesWinfernoPC ConfidentialPCConfidential.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{4B68C232-AE2B-438C-AF3F-A597F8D2E839}: NameServer = 195.5.46.12,192.168.1.1
O17 — HKLMSystemCS1ServicesTcpip..{4B68C232-AE2B-438C-AF3F-A597F8D2E839}: NameServer = 195.5.46.12,192.168.1.1
O17 — HKLMSystemCS2ServicesTcpip..{4B68C232-AE2B-438C-AF3F-A597F8D2E839}: NameServer = 195.5.46.12,192.168.1.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Folder Size (FolderSize) — Brio — C:Program FilesFolderSizeFolderSizeSvc.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Weemi Service — Unknown owner — C:Documents and SettingsAll UsersApplication DataWeemiweemi121.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 11866 bytes

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksPCConfidential.job
C:WINDOWStasksRegPowerClean.job
C:WINDOWStasksRPCReminder.job
C:WINDOWStasksUser_Feed_Synchronization-{51F17FAC-69F2-430E-8152-FB4B100E4B77}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class — C:Program FilesInternet Download ManagerIDMIECC.dll [2009-04-02 169392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-04-16 1088296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO — C:Program FilesWinfernoPC ConfidentialPCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — D:DOWNLO~1dmiehlp.dll [2002-10-03 143872]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} — QT Breadcrumbs Address Bar — C:WINDOWSsystem32mscoree.dll [2008-07-25 282112]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-25 3697952]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«TaskSwitchXP»=C:Program FilesTaskSwitchXPTaskSwitchXP.exe [2007-03-09 62976]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-05-03 13529088]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-05-03 86016]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«CyberMania»=C:Program FilesESETCyberMania.exe [2008-07-04 556175]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«AdobeCS4ServiceManager»=C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe [2008-08-14 611712]
«Download Master»=D:Download Masterdmaster.exe [2002-10-16 448473]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2006-01-11 577536]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-10-10 39792]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2009-01-11 132096]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«EPSON Stylus T26 Series»=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIEAR.EXE [2007-11-30 188928]
«EDLauncher»=C:Program FilesPRMT8PRMTEDEDLauncher.exe []
«Nokia.PCSync»=D:NokiaNokia PC Suite 6PCSync2.exe [2008-03-26 1232896]
«PC Suite Tray»=D:NokiaNokia PC Suite 6PCSuite.exe [2008-04-16 1079808]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]
«AdobeBridge»= []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«ForceClassicControlPanel»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe»=»C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:*:Enabled:Adobe CSI CS4»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«D:Download Masterdmaster.exe»=»D:Download Masterdmaster.exe:*:Enabled:Download Master»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-10-08 20:00:49 —-D—- C:rsit
2009-10-08 20:00:49 —-D—- C:Program Filestrend micro
2009-10-08 18:04:30 —-D—- C:WINDOWSpss
2009-10-08 17:12:09 —-D—- C:Program FilesYandex
2009-10-08 17:12:09 —-D—- C:Documents and Settings11Application DataYandex
2009-10-08 17:12:06 —-HD—- C:WINDOWSmsdownld.tmp
2009-10-08 17:11:28 —-HDC—- C:WINDOWSie8
2009-10-08 13:04:37 —-HDC—- C:WINDOWS$NtUninstallKB960859$
2009-10-08 13:04:32 —-HDC—- C:WINDOWS$NtUninstallKB968816_WM9$
2009-10-08 13:04:28 —-HDC—- C:WINDOWS$NtUninstallKB971657$
2009-10-08 13:04:22 —-HDC—- C:WINDOWS$NtUninstallKB971557$
2009-10-08 13:04:17 —-HDC—- C:WINDOWS$NtUninstallKB956744$
2009-10-08 13:04:11 —-HDC—- C:WINDOWS$NtUninstallKB973346$
2009-10-08 13:03:58 —-HDC—- C:WINDOWS$NtUninstallKB956844$
2009-10-08 13:03:53 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-10-08 13:03:48 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-10-08 13:03:41 —-HDC—- C:WINDOWS$NtUninstallKB973869$
2009-10-08 13:03:36 —-HDC—- C:WINDOWS$NtUninstallKB973507$
2009-10-08 13:03:31 —-HDC—- C:WINDOWS$NtUninstallKB973354$
2009-10-08 13:03:10 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9$
2009-10-08 13:02:34 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-10-08 13:02:29 —-HDC—- C:WINDOWS$NtUninstallKB973815$
2009-10-08 13:02:24 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-10-08 13:02:18 —-D—- C:WINDOWSie8updates
2009-10-08 13:02:04 —-HDC—- C:WINDOWS$NtUninstallKB970653-v3$
2009-10-08 11:58:00 —-D—- C:Documents and SettingsAll UsersApplication DataWinferno
2009-10-08 11:54:39 —-D—- C:Program FilesFreeze.com
2009-10-08 11:53:57 —-D—- C:Program FilesFree Offers from Freeze.com
2009-10-08 11:53:53 —-D—- C:Program FilesCommon FilesWinferno
2009-10-08 11:53:08 —-A—- C:WINDOWSsystem32WINUTIL5.DLL
2009-10-08 11:53:08 —-A—- C:WINDOWSsystem32WINLCTL5.DLL
2009-10-08 11:53:05 —-D—- C:Program FilesWinferno
2009-10-08 11:53:05 —-A—- C:WINDOWSsystem32CapiCom.dll
2009-10-08 11:52:25 —-D—- C:Program FilesWeemi
2009-10-08 11:52:25 —-D—- C:Documents and SettingsAll UsersApplication DataWeemi
2009-10-07 18:56:04 —-D—- C:Program FilesvanBasco’s Karaoke Player
2009-10-06 20:15:48 —-N—- C:WINDOWSsystem32nvuide.exe
2009-10-06 20:15:47 —-RA—- C:WINDOWSsystem32NVCOI.DLL
2009-10-06 20:15:47 —-RA—- C:WINDOWSsystem32idecoiins.dll
2009-10-06 20:15:47 —-RA—- C:WINDOWSsystem32idecoi.dll
2009-10-06 20:15:09 —-D—- C:WINDOWSNV18362316.TMP
2009-10-06 19:56:24 —-RA—- C:WINDOWSsystem32fdco_l2052.dll
2009-10-06 19:56:24 —-RA—- C:WINDOWSsystem32fdco_l1046.dll
2009-10-06 19:56:24 —-RA—- C:WINDOWSsystem32fdco_l1042.dll
2009-10-06 19:56:24 —-RA—- C:WINDOWSsystem32fdco_l1041.dll
2009-10-06 19:56:23 —-RA—- C:WINDOWSsystem32fdco_l1040.dll
2009-10-06 19:56:23 —-RA—- C:WINDOWSsystem32fdco_l1036.dll
2009-10-06 19:56:22 —-RA—- C:WINDOWSsystem32fdco1ins.dll
2009-10-06 19:56:22 —-RA—- C:WINDOWSsystem32fdco_l1034.dll
2009-10-06 19:56:22 —-RA—- C:WINDOWSsystem32fdco_l1031.dll
2009-10-06 19:56:22 —-RA—- C:WINDOWSsystem32fdco_l1028.dll
2009-10-06 19:56:22 —-A—- C:WINDOWSsystem32fdco1.dll
2009-10-06 19:56:19 —-A—- C:WINDOWSsystem32nvunrm.exe
2009-10-06 19:56:16 —-D—- C:WINDOWSNV40402440.TMP
2009-09-20 00:33:21 —-D—- C:WINDOWSsystem32LogFiles
2009-09-20 00:33:17 —-HDC—- C:WINDOWS$NtUninstallWudf01005$
2009-09-20 00:31:37 —-HDC—- C:WINDOWS$NtUninstallWdf01005$
2009-09-20 00:29:31 —-D—- C:Documents and Settings11Application DataPC Suite
2009-09-20 00:29:30 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-09-20 00:29:13 —-D—- C:Documents and Settings11Application DataNokia
2009-09-20 00:28:57 —-D—- C:Program FilesCommon FilesPCSuite
2009-09-20 00:28:57 —-D—- C:Program FilesCommon FilesNokia
2009-09-20 00:28:45 —-D—- C:Program FilesDIFX
2009-09-20 00:26:31 —-D—- C:Program FilesPC Connectivity Solution
2009-09-20 00:26:24 —-A—- C:WINDOWSsystem32wdfcoinstaller01005.dll
2009-09-20 00:26:24 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
2009-09-20 00:26:23 —-A—- C:WINDOWSsystem32nmwcdcls.dll
2009-09-20 00:23:58 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
2009-09-20 00:17:21 —-SHD—- C:WINDOWSftpcache

======List of files/folders modified in the last 1 months======

2009-10-08 20:00:50 —-D—- C:WINDOWSTemp
2009-10-08 20:00:49 —-RD—- C:Program Files
2009-10-08 18:39:04 —-A—- C:WINDOWSwin.ini
2009-10-08 18:06:15 —-RASH—- C:boot.ini
2009-10-08 18:06:15 —-A—- C:WINDOWSsystem.ini
2009-10-08 18:04:30 —-D—- C:WINDOWS
2009-10-08 17:17:59 —-D—- C:WINDOWSHelp
2009-10-08 17:16:23 —-SD—- C:WINDOWSTasks
2009-10-08 17:13:21 —-AD—- C:WINDOWSsystem32
2009-10-08 17:13:15 —-HD—- C:WINDOWSinf
2009-10-08 17:13:15 —-D—- C:WINDOWSsystem32ru-ru
2009-10-08 17:13:15 —-D—- C:WINDOWSMedia
2009-10-08 17:13:15 —-D—- C:Program FilesInternet Explorer
2009-10-08 17:12:20 —-A—- C:WINDOWSSchedLgU.Txt
2009-10-08 17:11:57 —-D—- C:WINDOWSWBEM
2009-10-08 17:11:48 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-10-08 17:11:23 —-D—- C:WINDOWSsystem32CatRoot2
2009-10-08 16:28:59 —-SHD—- C:WINDOWSInstaller
2009-10-08 16:28:48 —-D—- C:Program FilesCommon FilesAdobe
2009-10-08 16:28:47 —-D—- C:WINDOWSWinSxS
2009-10-08 16:28:46 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-10-08 16:28:41 —-D—- C:Program FilesAdobe
2009-10-08 13:07:22 —-D—- C:Program FilesMicrosoft Silverlight
2009-10-08 13:04:41 —-A—- C:WINDOWSimsins.BAK
2009-10-08 13:04:36 —-HD—- C:WINDOWS$hf_mig$
2009-10-08 13:04:07 —-D—- C:WINDOWSsystem32CatRoot
2009-10-08 13:03:33 —-D—- C:Program FilesOutlook Express
2009-10-08 13:02:58 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-10-08 13:02:42 —-D—- C:WINDOWSsystem32drivers
2009-10-08 11:53:53 —-D—- C:Program FilesCommon Files
2009-10-08 11:41:06 —-SD—- C:Documents and Settings11Application DataMicrosoft
2009-10-06 20:21:35 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-10-04 22:53:40 —-D—- C:WINDOWSPrefetch
2009-10-04 01:53:53 —-A—- C:WINDOWSModemLog_Rockwell 56000 External Modem PnP.txt
2009-10-01 23:17:45 —-D—- C:Documents and Settings11Application DataAdobe
2009-09-20 00:29:13 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-09-19 23:39:56 —-A—- C:WINDOWSNeroDigital.ini
2009-09-19 21:24:08 —-D—- C:Program FilesCommon FilesACD Systems

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R2 adfs;adfs; C:WINDOWSsystem32driversadfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 exFat;exFat; C:WINDOWSsystem32driversexFat.sys [2009-01-28 133632]
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-14 88192]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2006-02-17 3846848]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-02-17 13056]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S3 FXDrv32;FXDrv32; ??E:FXDrv32.sys []
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2007-11-29 8064]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 usbser;Nokia USB Serial Port; C:WINDOWSsystem32DRIVERSusbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2007-11-29 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 FolderSize;Folder Size; C:Program FilesFolderSizeFolderSizeSvc.exe [2007-11-14 131072]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-05-03 159812]
R2 Weemi Service;Weemi Service; C:Documents and SettingsAll UsersApplication DataWeemiweemi121.exe [2009-09-23 54624]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-04-07 430592]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-07-29 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

---

EOF

---

info.txt logfile of random’s system information tool 1.06 2009-10-08 20:01:15

======Uninstall list======

—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {FF24C24A-0D00-4F6B-9CC0-7B55FFF80B2E}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {DC154E48-5278-423A-80A1-B93247E38A1A}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {23653CA5-BFB5-4B52-B2DA-045D7ABEB874}
7-Zip 4.65—>»C:Program Files7-ZipUninstall.exe»
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4—>MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4—>MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4—>MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color — Photoshop Specific CS4—>MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4—>MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4—>MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4—>MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4—>MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4—>MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4—>MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4—>MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4—>MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4—>MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4—>MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4—>MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player—>msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player—>MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module—>MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4—>MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support—>MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4—>C:Program FilesCommon FilesAdobeInstallersfaf656ef605427ee2f42989c3ad31b8Setup.exe —uninstall=1
Adobe Photoshop CS4—>MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4—>MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Search for Help—>MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension—>MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup—>MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4—>MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4—>MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4—>MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK—>MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB—>MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour—>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Camera RAW Plug-In for EPSON Creativity Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{42EDF895-158C-484E-A7F2-42B90759F281}SETUP.EXE» -l0x19 UNINST
Connect—>MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertXtoDVD 3.5.3.139—>»C:Program FilesVSOConvertX3unins000.exe»
Download Master version 0.3.3.189—>»D:Download Masterunins000.exe»
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{46CBBDF8-55B5-40DB-B459-7B848394309C}Setup.exe» -l0x19 UNINST
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
EPSON Stylus S20_T10_T20 Руководство—>C:Program FilesEPSONTPMANUALESS20_T10_T20RUSUSE_GDOCUNINS.EXE
EPSON Stylus T26 Series Printer Uninstall—>C:WINDOWSSystem32spoolDRIVERSW32X863E_FINSEAR.EXE /R /APD /P:»EPSON Stylus T26 Series»
EPSON Web-To-Page—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE» -l0x19 -anything
FIFA 2009 — Russian Premier League—>»D:Program FilesFIFA 2009 — Russian Premier Leagueunins000.exe»
Folder Size for Windows—>MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
HashTab 2.1.1—>C:WINDOWSsystem32htdel32.bat
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Internet Download Manager—>C:Program FilesInternet Download ManagerUninstall.exe
K-Lite Mega Codec Pack 4.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
kuler—>MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
L&H TTS3000 Deutsch—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSGED.inf, Uninstall
L&H TTS3000 Espaсol—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSSPE.inf, Uninstall
L&H TTS3000 Franзais—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSFRF.inf, Uninstall
L&H TTS3000 Italiano—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSITI.inf, Uninstall
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
Light Alloy 4.4 (build 794)—>C:Program FilesLight Alloyuninst.exe
Living 3D Waterfalls Full Screen Saver—>»C:PROGRA~1Freeze.comLiving 3D Waterfalls FullUNINSTAL.EXE»
MetaProducts Download Express—>C:WINDOWSsystem32MetaProductsdep.exe /UnInstall
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 2005 Tools for Office Runtime—>MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP3 Parser—>MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nero 6 Ultra Edition—>C:Program FilesNeronerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{9C05FA75-0337-4523-AA57-9D3511018887}Nokia_PC_Suite_rel_6_86_9_3_EA.exe
Nokia PC Suite—>MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers—>C:WINDOWSsystem32nvuide.exe UninstallGUI
Opera—>C:PROGRA~1Opera7UnInstUNWISE.EXE C:PROGRA~1Opera7UnInstInstall.log
Paint.NET v 3.36—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
PC Confidential 2008—>»C:Program FilesWinfernoPC Confidentialunins000.exe»
PC Connectivity Solution—>MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Settings CS4—>MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw—>MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Realtek AC’97 Audio—>Alcrmv.exe -r -m
Safari—>MsiExec.exe /X{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for 2007 Microsoft Office System (KB969559)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Suite Shared Configuration CS4—>MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
UltraISO Premium V9.33—>»C:Program FilesUltraISOunins000.exe»
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Microsoft Office Outlook 2007 (KB969907)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb973514)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
vanBasco’s Karaoke Player—>C:Program FilesvanBasco’s Karaoke Playeruninst.exe
Vista Drive Icon 6in1—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Weemi 1.0 build 121—>C:Program FilesWeemiuninstall.exe
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Winferno Registry Power Cleaner—>»C:Program FilesWinfernoRegistryPowerCleanerunins000.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Дополнительные апплеты—>»C:WINDOWSsystem32CPLDAPUunins000.exe»
еда выполнения Visual Studio 2005 Tools for Office, второй выпуск—>C:Program FilesCommon FilesMicrosoft SharedVSTO8.0Microsoft Visual Studio 2005 Tools for Office Runtimeinstall.exe
Исправление для Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961371)—>»C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Обновление для Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
Пакет драйверов Windows — Nokia Modem (03/05/2008 3.7)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560nokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (03/13/2008 6.86.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186nokbtmdm.inf
Пакет драйверов Windows — Nokia pccsmcfd (10/12/2007 6.85.4.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175pccsmcfd.inf
Памятка меню «Выполнить» версия 4.1 для XP—>»C:WINDOWSunins000.exe»
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
Яндекс.Бар для Internet Explorer 4.1.0—>»C:Program FilesYandexYandexBarIEunins000.exe»

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: ESET Smart Security 4.0
FW: Персональный файервол ESET

======System event log======

Computer Name: F669D93102E942A
Event Code: 7035
Message: Служба «Служба шлюза уровня приложения» успешно отправила управляющий элемент «запустить».

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090914203546.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: F669D93102E942A
Event Code: 7035
Message: Служба «Служба сетевого расположения (NLA)» успешно отправила управляющий элемент «запустить».

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090914203546.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: F669D93102E942A
Event Code: 7036
Message: Служба «Служба сетевого расположения (NLA)» перешла в состояние Работает.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090914203546.000000+180
Event Type: информация
User:

Computer Name: F669D93102E942A
Event Code: 6005
Message: Запущена служба журнала событий.

Record Number: 2
Source Name: EventLog
Time Written: 20090914203542.000000+180
Event Type: информация
User:

Computer Name: F669D93102E942A
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090914203542.000000+180
Event Type: информация
User:

=====Application event log=====

Computer Name: F669D93102E942A
Event Code: 1
Message:
Record Number: 5
Source Name: Bonjour Service
Time Written: 20091003165714.000000+180
Event Type: информация
User:

Computer Name: F669D93102E942A
Event Code: 1517
Message: Реестр пользователя F669D93102E942A11 был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.

Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 4
Source Name: Userenv
Time Written: 20091003165614.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEM

Computer Name: F669D93102E942A
Event Code: 0
Message:
Record Number: 3
Source Name: ServiceLayer
Time Written: 20091003163533.000000+180
Event Type: информация
User:

Computer Name: F669D93102E942A
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20091003163519.000000+180
Event Type: информация
User:

Computer Name: F669D93102E942A
Event Code: 1
Message:
Record Number: 1
Source Name: Bonjour Service
Time Written: 20091003163517.000000+180
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=4b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[Sunny]

Здравствуйте, спасибо, что откликнулись 🙂
Вот лог

ComboFix 09-10-11.03 — 11 12.10.2009 17:16.1.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.959.669 [GMT 3:00]
Running from: c:documents and settings11Рабочий столComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Персональный файервол ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program files\setup.exe

---

BITS: Possible infected sites

---

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-10 19:48 . 2009-10-10 19:48

---

d

---

w- c:documents and settings11Local SettingsApplication DataAhead
2009-10-10 17:45 . 2009-10-12 13:59

---

d

---

w- c:documents and settings11Local SettingsApplication DataAskToolbar
2009-10-10 17:43 . 2009-10-10 17:43

---

d

---

w- c:program filesSopCast
2009-10-10 17:43 . 2009-10-10 17:43

---

d

---

w- c:program filesAsk.com
2009-10-10 08:23 . 2009-10-10 08:23

---

d

---

w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-10-09 22:19 . 2009-10-09 22:19

---

d

---

w- c:program filesMicrosoft CAPICOM 2.1.0.2
2009-10-08 17:00 . 2009-10-08 17:01

---

d

---

w- C:rsit
2009-10-08 17:00 . 2009-10-08 17:01

---

d

---

w- c:program filestrend micro
2009-10-08 14:12 . 2009-10-08 14:12

---

d

---

w- c:program filesYandex
2009-10-08 14:12 . 2009-10-08 14:12

---

d

---

w- c:documents and settings11Local SettingsApplication DataYandex
2009-10-08 14:12 . 2009-10-08 14:12

---

d

---

w- c:documents and settings11Application DataYandex
2009-10-08 14:12 . 2009-10-08 14:12

---

d—h—w- c:windowsmsdownld.tmp
2009-10-08 14:11 . 2009-10-08 14:11

---

dc-h—w- c:windowsie8
2009-10-08 10:02 . 2009-10-08 13:58

---

d

---

w- c:windowsie8updates
2009-10-08 09:54 . 2009-06-15 11:10 80896 -c—-w- c:windowssystem32dllcachetlntsess.exe
2009-10-08 09:54 . 2009-06-15 10:45 79872 -c—-w- c:windowssystem32dllcachetelnet.exe
2009-10-08 09:54 . 2009-06-10 06:17 134144 -c—-w- c:windowssystem32dllcachewkssvc.dll
2009-10-08 09:53 . 2009-06-10 14:14 85504 -c—-w- c:windowssystem32dllcacheavifil32.dll
2009-10-08 09:53 . 2009-07-17 19:03 58880 -c—-w- c:windowssystem32dllcacheatl.dll
2009-10-08 09:53 . 2009-08-05 09:01 204800 -c—-w- c:windowssystem32dllcachemswebdvd.dll
2009-10-08 09:50 . 2009-06-21 21:48 153088 -c—-w- c:windowssystem32dllcachetriedit.dll
2009-10-08 09:50 . 2009-07-10 13:28 1315328 -c—-w- c:windowssystem32dllcachemsoe.dll
2009-10-08 09:50 . 2009-07-03 17:00 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-10-08 09:50 . 2009-07-03 17:00 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-10-08 09:50 . 2009-07-03 17:00 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-10-08 09:50 . 2009-07-03 17:00 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-10-08 09:50 . 2009-07-03 17:00 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-10-08 09:45 . 2009-05-07 15:16 347136 -c—-w- c:windowssystem32dllcachelocalspl.dll
2009-10-08 09:45 . 2009-06-03 19:12 1292800 -c—-w- c:windowssystem32dllcachequartz.dll
2009-10-08 09:45 . 2008-06-20 17:45 247296 -c—-w- c:windowssystem32dllcachemswsock.dll
2009-10-08 09:45 . 2008-06-20 17:45 147968 -c—-w- c:windowssystem32dllcachednsapi.dll
2009-10-08 09:45 . 2008-06-20 11:59 361600 -c—-w- c:windowssystem32dllcachetcpip.sys
2009-10-08 09:45 . 2008-06-20 11:48 138496 -c—-w- c:windowssystem32dllcacheafd.sys
2009-10-08 09:45 . 2008-06-20 11:16 225856 -c—-w- c:windowssystem32dllcachetcpip6.sys
2009-10-08 08:58 . 2009-10-08 08:58

---

d

---

w- c:documents and settingsAll UsersApplication DataWinferno
2009-10-08 08:54 . 2005-07-13 15:09 679936 —-a-w- c:windowsLiving 3D Waterfalls Full.scr
2009-10-08 08:54 . 2009-10-08 08:54

---

d

---

w- c:program filesFreeze.com
2009-10-08 08:53 . 2009-10-08 08:53

---

d

---

w- c:program filesFree Offers from Freeze.com
2009-10-08 08:53 . 2009-10-08 08:53

---

d

---

w- c:program filesCommon FilesWinferno
2009-10-08 08:53 . 2006-10-09 10:06 495616 —-a-w- c:windowssystem32WINUTIL5.DLL
2009-10-08 08:53 . 2006-05-17 05:40 393216 —-a-w- c:windowssystem32WINLCTL5.DLL
2009-10-08 08:53 . 2009-10-08 08:53

---

d

---

w- c:program filesWinferno
2009-10-08 08:52 . 2009-10-08 17:32

---

d

---

w- c:program filesWeemi
2009-10-08 08:52 . 2009-10-08 17:31

---

d

---

w- c:documents and settingsAll UsersApplication DataWeemi
2009-10-07 15:56 . 2009-10-07 15:58

---

d

---

w- c:program filesvanBasco’s Karaoke Player
2009-10-06 17:15 . 2006-03-14 03:09 176128

---

w- c:windowssystem32nvuide.exe
2009-10-06 17:15 . 2006-03-16 10:51 290304 —-a-r- c:windowssystem32idecoiins.dll
2009-10-06 17:15 . 2006-03-16 10:51 290304 —-a-r- c:windowssystem32idecoi.dll
2009-10-06 17:15 . 2006-03-14 03:09 35840 —-a-r- c:windowssystem32NVCOI.DLL
2009-10-06 17:15 . 2006-03-16 10:51 99840 —-a-r- c:windowssystem32driversnvata.sys
2009-10-06 17:15 . 2009-10-06 17:15

---

d

---

w- c:windowsNV18362316.TMP
2009-10-06 16:55 . 2006-02-17 02:28 222592 —-a-r- c:windowssystem32driversnvsnpu.sys
2009-09-19 21:33 . 2009-09-19 21:33

---

d

---

w- c:windowssystem32LogFiles
2009-09-19 21:31 . 2008-04-13 21:15 26112 —-a-w- c:windowssystem32driversusbser.sys
2009-09-19 21:29 . 2009-09-19 21:33

---

d

---

w- c:documents and settings11Application DataPC Suite
2009-09-19 21:29 . 2009-09-19 21:32

---

d

---

w- c:documents and settingsAll UsersApplication DataPC Suite
2009-09-19 21:29 . 2009-09-19 21:32

---

d

---

w- c:documents and settings11Application DataNokia
2009-09-19 21:28 . 2009-09-19 21:28

---

d

---

w- c:program filesCommon FilesPCSuite
2009-09-19 21:28 . 2009-09-19 21:28

---

d

---

w- c:program filesCommon FilesNokia
2009-09-19 21:28 . 2009-09-19 21:28

---

d

---

w- c:program filesDIFX
2009-09-19 21:28 . 2007-09-17 12:53 21632 —-a-w- c:windowssystem32driverspccsmcfd.sys
2009-09-19 21:26 . 2009-09-19 21:26

---

d

---

w- c:program filesPC Connectivity Solution
2009-09-19 21:26 . 2007-11-29 07:39 8064 —-a-w- c:windowssystem32driversusbser_lowerfltj.sys
2009-09-19 21:26 . 2007-11-29 07:39 8064 —-a-w- c:windowssystem32driversusbser_lowerflt.sys
2009-09-19 21:26 . 2007-11-29 07:39 19328 —-a-w- c:windowssystem32driversccdcmbo.sys
2009-09-19 21:26 . 2007-11-29 07:39 95744 —-a-w- c:windowssystem32nmwcdcocls.dll
2009-09-19 21:26 . 2007-11-29 07:39 16896 —-a-w- c:windowssystem32driversccdcmb.sys
2009-09-19 21:26 . 2007-11-29 07:33 1419232 —-a-w- c:windowssystem32wdfcoinstaller01005.dll
2009-09-19 21:26 . 2007-11-29 07:32 48128 —-a-w- c:windowssystem32nmwcdcls.dll
2009-09-19 21:23 . 2009-09-19 21:24

---

d

---

w- c:documents and settingsAll UsersApplication DataInstallations
2009-09-19 21:17 . 2009-09-19 21:17

---

d-sh—w- c:windowsftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 14:25 . 2009-07-19 12:37

---

d

---

w- c:program filesCommon FilesAdobe
2009-10-08 10:07 . 2009-07-19 12:37

---

d

---

w- c:program filesMicrosoft Silverlight
2009-10-08 10:02 . 2009-07-19 15:20

---

d

---

w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-10-06 17:21 . 2008-04-15 12:00 84938 —-a-w- c:windowssystem32perfc019.dat
2009-10-06 17:21 . 2008-04-15 12:00 487442 —-a-w- c:windowssystem32perfh019.dat
2009-09-19 21:31 . 2009-09-19 21:31 0 —ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01005.Wdf
2009-09-19 21:31 . 2009-09-19 21:31 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-19 18:24 . 2009-07-19 14:02

---

d

---

w- c:program filesCommon FilesACD Systems
2009-09-08 08:49 . 2009-09-08 08:48

---

d

---

w- c:program filesOpera7
2009-08-17 21:20 . 2009-08-17 21:20 24100 —ha-w- c:windowssystem32mlfcache.dat
2009-08-14 21:07 . 2009-08-14 21:07

---

d

---

w- c:documents and settings11Application DataApple Computer
2009-08-14 21:07 . 2009-08-14 21:07

---

d

---

w- c:program filesSafari
2009-08-14 21:06 . 2009-08-14 21:06

---

d

---

w- c:program filesBonjour
2009-08-14 21:06 . 2009-08-14 21:06

---

d

---

w- c:program filesApple Software Update
2009-08-14 21:06 . 2009-08-14 21:06

---

d

---

w- c:documents and settingsAll UsersApplication DataApple
2009-08-14 18:13 . 2009-08-14 18:13

---

d

---

w- c:program filesdirectx
2009-08-14 18:09 . 2009-07-24 14:37

---

d—h—w- c:program filesInstallShield Installation Information
2009-08-14 18:01 . 2009-08-14 18:01

---

d

---

w- c:program filesAlternative Software Ltd
2009-08-14 17:56 . 2009-07-19 14:05

---

d

---

w- c:documents and settings11Application DataWinamp
2009-08-10 17:14 . 2009-08-10 17:14 125 —-a-w- c:documents and settings11Local SettingsApplication Datafusioncache.dat
2009-08-10 17:10 . 2009-07-19 12:48 31568 —-a-w- c:documents and settings11Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2008-04-15 12:00 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-07-31 18:46 . 2009-07-31 18:46 0 —-a-w- c:windowsnsreg.dat
2009-07-19 12:37 . 2009-07-19 12:37 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-07-19 12:37 . 2009-07-19 12:37 9509 —-a-w- c:windowsunins000.dat
2009-07-19 12:37 . 2009-07-19 12:37 713135 —-a-w- c:windowsunins000.exe
2009-07-19 12:30 . 2009-07-19 12:30 22564 —-a-w- c:windowssystem32emptyregdb.dat
2009-07-17 19:03 . 2008-04-15 12:00 58880 —-a-w- c:windowssystem32atl.dll
.

---

Sigcheck

---

[-] 2009-04-25 . AC23CF5D73E19F836172C490DB87593A . 634368 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[7] 2008-04-14 . A9CDF92EA1CFFB67448EF26F5DF21A6F . 579072 . . [5.1.2600.5512] . . c:windowsResPatchBackupuser32.dll

[-] 2009-04-25 . 7E6654A9CF11089A17883E876C14BC93 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 15:04 1144712 —-a-w- c:program filesAsk.comGenericAskToolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-06-04 1144712]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-25 3697952]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-06-04 1144712]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2009-01-11 132096]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«Nokia.PCSync»=»d:nokiaNokia PC Suite 6PCSync2.exe» [2008-03-26 1232896]
«PC Suite Tray»=»d:nokiaNokia PC Suite 6PCSuite.exe» [2008-04-16 1079808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«TaskSwitchXP»=»c:program filesTaskSwitchXPTaskSwitchXP.exe» [2007-03-09 62976]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-03 13529088]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-03 86016]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«CyberMania»=»c:program filesESETCyberMania.exe» [2008-07-03 556175]
«egui»=»c:program filesESETESET Smart Securityegui.exe» [2009-04-09 2029640]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«Download Master»=»d:download masterdmaster.exe» [2002-10-16 448473]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-10-10 39792]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2006-01-11 577536]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2009-01-11 132096]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«d:\Download Master\dmaster.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4

R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [09.04.2009 14:18 107256]
R2 ekrn;ESET Service;c:program filesESETESET Smart Securityekrn.exe [09.04.2009 14:19 731840]
S3 FXDrv32;FXDrv32;E:FXDrv32.sys [14.08.2005 19:49 16352]
.
Contents of the ‘Scheduled Tasks’ folder

2009-10-10 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]

2009-10-12 c:windowsTasksPCConfidential.job
— c:program filesWinfernoPC ConfidentialPCConfidential.exe [2009-10-08 11:10]

2009-10-12 c:windowsTasksRegPowerClean.job
— c:program filesWinfernoRegistryPowerCleanerRegPowerClean.exe [2009-10-08 11:48]

2009-10-12 c:windowsTasksRPCReminder.job
— c:program filesWinfernoRegistryPowerCleanerRPCReminder.exe [2009-10-08 11:34]

2009-10-12 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2009-06-04 15:04]

2009-10-12 c:windowsTasksUser_Feed_Synchronization-{51F17FAC-69F2-430E-8152-FB4B100E4B77}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 01:31]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://about:blank
uInternet Settings,ProxyOverride =
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Download using Download &Express — file://c:windowssystem32MetaProductsAdd_Url.htm
IE: Закачать при помощи Download Master — d:download masterdmie.htm
IE: Настроить параметры перевода — c:program filesPRMT8PRMTIEoptions.htm
IE: Незнакомые слова — c:program filesPRMT8PRMTIEinfopanel.htm
IE: Перевести — c:program filesPRMT8PRMTIEtranslat.htm
IE: Перевести страницу — c:program filesPRMT8PRMTIEpage.htm
IE: Поиск в Интернете — c:program filesPRMT8PRMTIEsearch.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesX-Translator DIAMONDPROMTIE4promtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesX-Translator DIAMONDPROMTIE4options.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
TCP: {4B68C232-AE2B-438C-AF3F-A597F8D2E839} = 195.5.46.12,192.168.1.1
Name-Space Handler: ftpHIEClickCatcher — {E131C96E-4DDB-11D4-84B8-008048B33DEA} — c:windowssystem32MetaProductsmdpph.dll
Name-Space Handler: httpHIEClickCatcher — {E131C96E-4DDB-11D4-84B8-008048B33DEA} — c:windowssystem32MetaProductsmdpph.dll
Name-Space Handler: httpsHIEClickCatcher — {E131C96E-4DDB-11D4-84B8-008048B33DEA} — c:windowssystem32MetaProductsmdpph.dll
FF — ProfilePath — c:documents and settings11Application DataMozillaFirefoxProfiles8ofh3n63.default
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOpera7ProgramPluginsnpdrmv2.dll
FF — plugin: c:program filesOpera7ProgramPluginsnpdsplay.dll
FF — plugin: c:program filesOpera7ProgramPluginsNPSWF32.dll
FF — plugin: c:program filesOpera7ProgramPluginsnpwmsdrm.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-EDLauncher — c:program filesPRMT8PRMTEDEDLauncher.exe
HKCU-Run-AdobeBridge — (no file)
HKLM-Run-nwiz — nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘explorer.exe'(704)
c:windowssystem32WININET.dll
c:windowssystem32msi.dll
c:windowssystem32wpdshserviceobj.dll
d:nokiaNokia PC Suite 6phonebrowser.dll
d:nokiaNokia PC Suite 6NGSCM.DLL
d:nokiaNokia PC Suite 6LangPhoneBrowser_rus.nlr
d:nokiaNokia PC Suite 6ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32webcheck.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
.

---

Other Running Processes

---

.
c:program filesBonjourmDNSResponder.exe
c:program filesFolderSizeFolderSizeSvc.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesCommon FilesNokiaMPAPIMPAPI3s.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclIrSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-10-12 17:26 — machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 14:26

Pre-Run: 10 079 354 880 байт свободно
Post-Run: 11 501 879 296 байт свободно

289 — E O F — 2009-10-09 22:19

[Admin]

Лог выглядит нормально.
Есть мелочь, которую можно удалить.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:

File::

c:windowsTasksPCConfidential.job

c:windowsTasksRegPowerClean.job

c:windowsTasksRPCReminder.job

c:windowsTasksScheduled Update for Ask Toolbar.job



Folder::

c:program filesWinferno

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.

Так же сообщите, проблема с InternetExplorer`ом осталась ?

[Автор]

Сообщения