Проблема значков общего диска и dvd дисковода

[andrei0390]

Всем привет.Изменилась иконка жесткого диска и dvd дисковода в папке мой компьютер остальные иконки прежние. Что делать?
Причем иногда старые иконки возвращаются на место на пару минут и все снова возвращается назад.Иконки не исчезают,присходит их замена на другие иконки.Вобщем хотелось вернуться к старому изображению иконок, тем более что в папке остальные иконки остались такие как были раньше. По интернету уже искал, смотрел реестр.Но я незнаю какое значение должно быть в этом реестре а сравнить несчем.

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Часто иконки дисков заменяются при заражении компьютера autorun.inf трояном.
В последнее время диски, флешки не подключали ?

Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.

* Дважды кликните по скачанному файлу.
* Если у вас есть файрвал (firewall) и он покажет, что программа RSIT пытается выйти в Интернет, то разрешите ей.
* Кликните по кнопке Continue.
* Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).

Вставьте оба RSIT лога (их содержимое) в ваш ответ. Каждый лог в отдельное сообщение.

[andrei0390]

спасибо что ответили первый лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by 1 at 2010-02-22 23:10:56
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:46, on 22.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32HLS32SVC.EXE
C:Program FilesFirebirdbinibguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFirebirdbinibserver.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesVisualTaskTipsVisualTaskTips.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:Program FilesJavajre1.6.0binjusched.exe
C:WINDOWSsystem32FLSDEVCP.EXE
C:PROGRA~1ALWILS~1Avast5avastUI.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesNetUPUTM5_wintrayutm5_wintray.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesDownload Masterdmaster.exe
C:DownloadsПрограммыRSIT.exe
C:Program Filestrend micro1.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer предоставлен: Mail.Ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Helper_bho — {71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5} — (no file)
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — C:Program FilesCanonEasy-WebPrintToolband.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: PROMT — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT78PRMTIEprmtie.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] HDAShCut.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [InstantOn] «C:Program FilesCyberLinkPowerCinema Linuxion_install.exe» /c
O4 — HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe
O4 — HKLM..Run: [Vistadrv] D:VistaDrivevsdrv.exe
O4 — HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre1.6.0binjusched.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [FLSDeviceControlPanel] C:WINDOWSsystem32FLSDEVCP.EXE
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [Tutor.exe] «C:Program FilesABBYY Lingvo 12Tutor.exe» /AS
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Быстрый запуск AutoCAD.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: ?i??o?s Desкtор S??r?h.lnk
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binssv.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT78PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT78PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT78PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT78PRMTIEoptions.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: @c:Program FilesMessengerMsgslang.dll,-61144 — {FB5F1910-F110-11d2-BB9E-00C04F795683} — c:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: @c:Program FilesMessengerMsgslang.dll,-61144 — {FB5F1910-F110-11d2-BB9E-00C04F795683} — c:Program FilesMessengermsmsgs.exe (file missing)
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 — Trusted Zone: http://*.195.16.50.18
O15 — Trusted Zone: http://*.85.21.242.18
O15 — Trusted Zone: http://*.mtbank.co.ru
O15 — Trusted IP range: http://194.85.132.130
O15 — Trusted IP range: http://85.21.242.18
O16 — DPF: {075DE2F2-4573-4056-8E93-70CABB68C5A2} (VdoxMPEG4 Control) — http://6160.meritlilin.com.tw/v6160.cab
O16 — DPF: {2AF0C7B1-9389-11D8-869A-0020ED529CEE} (HTTPFileCtl Class) — http://194.85.132.130/HTTPFile.cab
O16 — DPF: {7D0FDBB3-B42D-11D2-8977-0060080BBFF8} (LstDlg Class) — https://www.bankline.ru/servlets/ibc?File=12570842.cab
O16 — DPF: {A90CDED7-0D8F-49CE-87B3-5D4BE4C36407} (InistFileSystemObject Class) — https://www.bankline.ru/servlets/ibc?File=1676743.CAB
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} (SecureEx Class) — https://www.bankline.ru/servlets/ibc?File=12570838.CAB
O16 — DPF: {EE479A40-C128-40DD-93DA-000556AF9607} (DVRWeb Control) — http://87.245.181.50:9012/CtrWeb.cab
O17 — HKLMSystemCCSServicesTcpip..{46D91171-DDD5-4B72-A07E-796D5069C3CD}: NameServer = 217.150.34.129,217.150.35.129
O17 — HKLMSystemCCSServicesTcpip..{8CD7EE6C-34C8-4184-8F19-F3BF2556ADC6}: NameServer = 192.168.1.1
O18 — Protocol: csnet — {FF3EFE67-7569-11D2-9F80-00104B107C97} — (no file)
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Autodesk Licensing Service — Autodesk, Inc. — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: HL-Server (HLServer) — Aladdin Knowledge Systems Germany — C:WINDOWSsystem32HLS32SVC.EXE
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: FrontLine Drivers Auto Removal (v2) (sfrem02) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem02.exe
O23 — Service: Sony SCSI Helper Service — Sony Corporation — C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 16950 bytes

======Scheduled tasks folder======

C:WINDOWStasksUser_Feed_Synchronization-{30C1D3C3-2B0A-4223-8762-B7FE6CC5D4BC}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0binssv.dll [2008-05-21 501384]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-08-30 826032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-06 259696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll [2009-09-27 762864]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll [2009-06-06 470512]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2009-09-03 245760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — C:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-07-24 5586208]
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} — PROMT — C:Program FilesPRMT78PRMTIEprmtie.dll [2007-07-19 454656]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-06 259696]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-08-30 826032]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2009-09-03 245760]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Ярлык для страницы свойств High Definition Audio»=C:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-08-01 90112]
«AlcWzrd»=C:WINDOWSALCWZRD.EXE [2005-08-01 2803712]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-08-01 69632]
«InstantOn»=C:Program FilesCyberLinkPowerCinema Linuxion_install.exe [2005-05-11 93640]
«Easy-PrintToolBox»=C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2004-01-14 409600]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2008-10-25 31072]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2006-12-06 69216]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-12-05 54832]
«VisualTaskTips»=C:Program FilesVisualTaskTipsVisualTaskTips.exe [2006-07-31 36864]
«Vistadrv»=D:VistaDrivevsdrv.exe []
«SMSERIAL»=C:WINDOWSsm56hlpr.exe [2005-08-01 544768]
«»= []
«OrderReminder»=C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe [2006-07-30 98304]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0binjusched.exe [2008-05-21 77824]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«FLSDeviceControlPanel»=C:WINDOWSsystem32FLSDEVCP.EXE [2008-10-03 91696]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2007-07-05 193824]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«UDC Integration»= []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«avast5″=C:PROGRA~1ALWILS~1Avast5avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-05-30 460040]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-06-06 39408]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2009-11-20 289072]
«Tutor.exe»=C:Program FilesABBYY Lingvo 12Tutor.exe [2007-07-05 992544]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
C:Program FilesCommon FilesAdobeUpdaterAdobeUpdater.exe [2007-04-04 970752]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]
C:Program FilesATI TechnologiesATI.ACEcli.exe runtime []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
C:Program FilesDAEMON Toolsdaemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDaemonTools_WhenUSave_Installer]
C:Program FilesDaemonTools_WhenUSave_InstallerDaemonTools_WhenUSave_Installer.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
C:Program FilesDownload Masterdmaster.exe [2008-07-25 3286016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncWcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
C:Program FilesABBYY Lingvo 12Lvagent.exe [2007-07-05 193824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
C:Program FilesMSN MessengerMsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTaskSwitchXP]
C:Program FilesTaskSwitchXPTaskSwitchXP.exe [2006-08-05 62976]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTutor.exe]
C:Program FilesABBYY Lingvo 12Tutor.exe [2007-07-05 992544]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]
C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^Mobipocket Web Companion.lnk]
C:PROGRA~1MOBIPO~1.COMMOBIPO~1webcomp.exe [2003-08-08 1163264]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^ATI CATALYST System Tray.lnk]
C:PROGRA~1ATITEC~1ATI.ACECLI.exe SystemTray []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Быстрый запуск AutoCAD.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
?i??o?s Desкtор S??r?h.lnk — C:Program FilesWindows Desktop SearchWindowsSearch.exe

C:Documents and Settings1Главное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesGoogleGoogle Talkgoogletalk.exe»=»C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesCSoftNormaCS 1.0 Demo ClientNormaCSNetDemo.exe»=»C:Program FilesCSoftNormaCS 1.0 Demo ClientNormaCSNetDemo.exe:*:Enabled:NormaCS 1.0 Demo»
«C:Program FilesFlashGetFlashGet.exe»=»C:Program FilesFlashGetFlashGet.exe:*:Enabled:Flashget»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe»=»C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ Library»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe»=»C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process «
«C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe»=»C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe:*:Disabled:Nokia Software Updater»
«C:Program FilesCommon FilesNokiaTssInstrument APIbinroot.exe»=»C:Program FilesCommon FilesNokiaTssInstrument APIbinroot.exe:*:Enabled:root»
«C:Program FilesNokiaPhoenixphoenix.exe»=»C:Program FilesNokiaPhoenixphoenix.exe:*:Enabled:Phoenix Application»
«C:Program FilesuTorrent [tfile.ru]utorrent.exe»=»C:Program FilesuTorrent [tfile.ru]utorrent.exe:*:Enabled:µTorrent»
«C:Program FilesApexDC++ApexDC.exe»=»C:Program FilesApexDC++ApexDC.exe:*:Enabled:ApexDC++»
«C:Program FilesInternet Exploreriexplore.exe»=»C:Program FilesInternet Exploreriexplore.exe:*:Disabled:Internet Explorer»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe»=»C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service»
«C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE»=»C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service»
«C:Program FilesCommon FilesSymantec SharedccApp.exe»=»C:Program FilesCommon FilesSymantec SharedccApp.exe:*:Enabled:Symantec Email»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{07790b8c-289b-11dc-9628-00150033cff7}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — E:Recycledctfmon.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0acb3292-0464-11dd-974c-00150033cff7}]
shellAutoRuncommand — G:
shellopencommand — rundll32.exe .\kbdhelv2.dll,InstallM

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35820d00-15f1-11dd-977e-00150033cff7}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5e0e1cd2-4480-11dd-980f-00150033cff7}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .Recyclersvchost.exe
shellopencommand — G:.Recyclersvchost.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7aeda90a-de2d-11dc-96ce-00150033cff7}]
shellAutoRuncommand — G:oufddh.exe
shellexplorecommand — G:oufddh.exe
shellopencommand — G:oufddh.exe

======File associations======

.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-02-22 23:10:58 —-D—- C:Program Filestrend micro
2010-02-22 23:10:56 —-D—- C:rsit
2010-02-21 12:20:54 —-A—- C:WINDOWSsystem32svchost.exe
2010-02-21 11:28:59 —-D—- C:Documents and SettingsAll UsersApplication DataAlwil Software
2010-02-20 21:38:41 —-A—- C:WINDOWSsystem32aswBoot.exe
2010-02-19 18:54:13 —-D—- C:Program FilesSTDU Viewer
2010-02-19 18:54:13 —-D—- C:Program FilesCommon FilesSTDUtility
2010-02-12 17:03:51 —-D—- C:Program FilesCMS
2010-02-07 13:54:49 —-A—- C:WINDOWSsystem32capicom.dll
2010-02-07 13:54:31 —-D—- C:Program FilesCommon FilesSymantec Shared

======List of files/folders modified in the last 1 months======

2010-02-22 23:11:21 —-D—- C:WINDOWSPrefetch
2010-02-22 23:10:58 —-D—- C:Program Files
2010-02-22 23:02:28 —-D—- C:WINDOWSTemp
2010-02-22 21:15:00 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-22 14:27:12 —-A—- C:WINDOWSNeroDigital.ini
2010-02-22 09:56:45 —-AD—- C:WINDOWSsystem32
2010-02-22 09:56:45 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-02-22 09:56:08 —-D—- C:Documents and Settings1Application DatauTorrent
2010-02-22 09:56:03 —-D—- C:WINDOWS
2010-02-22 09:50:58 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-22 09:41:14 —-A—- C:WINDOWSModemLog_Motorola SM56 Data Fax Modem.txt
2010-02-21 14:44:59 —-HD—- C:WINDOWSinf
2010-02-21 14:44:29 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-02-21 14:43:46 —-HD—- C:WINDOWS$hf_mig$
2010-02-21 14:43:45 —-D—- C:WINDOWSsystem32CatRoot
2010-02-21 11:37:13 —-D—- C:Program FilesAlwil Software
2010-02-21 11:29:45 —-SHD—- C:WINDOWSInstaller
2010-02-21 11:29:44 —-D—- C:WINDOWSWinSxS
2010-02-20 21:38:59 —-D—- C:WINDOWSsystem32drivers
2010-02-20 21:32:48 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2010-02-20 21:01:26 —-A—- C:WINDOWSPCViewer_D6.INI
2010-02-19 18:54:13 —-D—- C:Program FilesCommon Files
2010-02-16 12:05:10 —-SD—- C:WINDOWSDownloaded Program Files
2010-02-07 13:26:11 —-D—- C:Program FilesDrWeb
2010-02-07 13:26:08 —-SD—- C:WINDOWSTasks
2010-02-04 10:09:59 —-AC—- C:WINDOWSPhotoSnapViewer.INI
2010-01-28 22:14:05 —-D—- C:WINDOWSsystem32config
2010-01-28 18:20:16 —-RD—- C:UDC Output Files
2010-01-24 21:24:38 —-D—- C:1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:WINDOWSsystem32driversaswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2010-02-11 46672]
R1 dk2drv;DK2 WindowsNT Driver; ??C:WINDOWSSYSTEM32Driversdk2drv.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-28 40448]
R1 ISODrive;ISO CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2004-08-03 8832]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32driversaswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2010-02-11 100432]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2008-06-06 271360]
R2 FLE5WNNT;FLE-5 WindowsNT Driver; ??C:WINDOWSSystem32Driversfle5wnnt.sys []
R2 FLSIFACE;FLSIface; ??C:WINDOWSSystem32Driversflsiface.sys []
R2 FLSPAR;FLSPar; ??C:WINDOWSSystem32Driversflspar.sys []
R2 FLSSER;FLSSer; ??C:WINDOWSSystem32Driversflsser.sys []
R2 FLSVCOM;FLSVCom; ??C:WINDOWSSystem32Driversflsvcom.sys []
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2008-06-06 18048]
R2 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibuKey.sys [2007-08-06 72704]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-18 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-12-05 2782208]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-08-01 2547008]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-18 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtlnicxp.sys [2005-08-01 70912]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2005-08-01 839724]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 aqpchmn4;aqpchmn4; C:WINDOWSsystem32driversaqpchmn4.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 ewituirec;ewituirec; ??C:WINDOWSsystem321.tmp []
S3 HdAudAddService;Драйвер функции Microsoft UAA для службы High Definition Audio; C:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 MBLAUDRV;Mobiola Audio Service; C:WINDOWSsystem32driversBTCamAudioDrv.sys [2007-07-31 13312]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-18 40320]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:WINDOWSsystem32driversnmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:WINDOWSsystem32driversnmwcdnsuc.sys [2008-02-01 8320]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE31bus.sys [2006-11-10 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE31mdfl.sys [2006-11-10 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE31mdm.sys [2006-11-10 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE31mgmt.sys [2006-11-10 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS); C:WINDOWSsystem32DRIVERSse31nd5.sys [2006-11-10 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE31obex.sys [2006-11-10 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM); C:WINDOWSsystem32DRIVERSse31unic.sys [2006-11-10 90800]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-06-06 8064]
S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 w29n51;Драйвер сетевого адаптера Intel(R) PRO/Wireless 2200BG для Windows XP; C:WINDOWSsystem32DRIVERSw29n51.sys [2005-08-01 3222784]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-12-05 495616]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-02-11 40384]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 HLServer;HL-Server; C:WINDOWSsystem32HLS32SVC.EXE [2001-07-13 509952]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-07 167936]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-02-11 40384]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-12-05 593920]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-18 268288]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe []
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:WINDOWSsystem32sfrem02.exe [2006-05-11 358008]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-09-06 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2007-11-15 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-06-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe [2007-05-10 73728]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-11-02 914944]
S4 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe []

---

EOF

---

[andrei0390]

Второй лог:
info.txt logfile of random’s system information tool 1.06 2010-02-22 23:11:52

======Uninstall list======

—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FC28F983-B433-4159-AF70-18522B3CE9C2}
—>MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
1.6—>»C:Program FilesRubbishunins000.exe»
1C Предприятие 7.7—>C:Program Files1Cv77uninst.exe
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY Lingvo 12 Multilingual Edition—>MsiExec.exe /I{A1200000-0004-0000-0000-074957833700}
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe» -l0x19
Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0419-1E257A25E34D}
Adobe Reader 9.1.2 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A91000000001}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
AGEIA PhysX v6.10.05—>MsiExec.exe /X{582876EC-A178-44D4-9823-C10D6C62EAFF}
ArchiCAD 11 RUS—>C:Program FilesGraphisoftArchiCAD 11Uninstall.ACuninstaller.exe
ArcSoft PhotoStudio 5.5—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{85309D89-7BE9-4094-BB17-24999C6118FC}Setup.exe» -l0x9
Ask Toolbar—>rundll32 C:PROGRA~1AskTBarbar1.binAskTBar.dll,O
ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2005 — Русский—>MsiExec.exe /I{5783F2D7-0301-0419-0002-0060B0CE6BBA}
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
avast! Free Antivirus—>C:Program FilesAlwil SoftwareAvast5aswRunDll.exe «C:Program FilesAlwil SoftwareAvast5Setupsetiface.dll» RunSetup
BetaPlayer—>C:Program FilesMicrosoft ActiveSyncBetaPlayerUninstall.exe BetaPlayer
Book Designer 4.0—>MsiExec.exe /I{322E9572-A659-4920-BE8E-D0899920C22C}
Canon CanoScan Toolbox 4.9—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}setup.exe» -l0x19 anything
Canon iP2200—>C:WINDOWSsystem32CNMCP74.exe «-PRINTERNAMECanon iP2200» «-HELPERDLLC:Documents and SettingsAll UsersApplication DataCanonBJIJPrinterCNMWINDOWSCanon iP2200 InstallerInst2cnmis.dll» «-RCDLLcnmi0419.dll»
Canon ScanGear Starter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{18A5DFF2-8A95-49F3-873F-743CB5549F3D}SETUP.EXE» -l0x19 anything
Canon Utilities Easy-PhotoPrint—>C:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox—>C:WINDOWSBJPSUNST.EXE
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
CMS—>»C:Program FilesCMSunins000.exe»
ConnectionServices—>»C:Program FilesConnectionServicesUninstall.exe»
ContentSaver—>»C:Program FilesContentSaverUninstall.exe»
cu-электрик—>»C:Program Filescu-электрикunins000.exe»
DK2 DESkey Drivers v7.14.0.25—>rundll32 C:WINDOWSsystem32DK2INST.DLL,RunDLL_Uninstall
Download Master version 5.5.5.1135—>»C:Program FilesDownload Masterunins000.exe»
Easy-WebPrint—>C:WINDOWSIsUninst.exe -f»C:Program FilesCanonEasy-WebPrintUninst.isu»
eBook Library by Sony—>MsiExec.exe /X{9494EBF5-C04A-4D55-BB31-C69C0BF71B12}
Expense Report Wizard Expense Recorder for SmartPhone—>MsiExec.exe /I{2559CC59-D676-44EF-BD84-5A1F352980A8}
Firebird 1.0.2.908—>»C:Program FilesFirebirdunins000.exe»
FLS-4 Driver Installation—>rundll32 C:WINDOWSsystem32flsinst.dll,UnInstall
Foxit PDF Creator—>C:Program FilesFoxit SoftwarePDF CreatorFPC_Uninstall.exe
Foxit PDF Editor—>C:Program FilesFoxit SoftwarePDF Editoruninstall.exe
GAG—>C:ZES’t Corp.GAGUninst.exe
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_9DE96A29E721D90A.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GPS2WorldWind—>MsiExec.exe /I{DD81833F-87AF-4BFF-98CD-9E3FFC5BADAC}
Guardant driver—>»C:WINDOWSsystem32rundll32.exe» grddrv32.dll,GD_UninstallDriver 1
Hardlock Device Driver—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32HLDRV.LOG
Hardlock Server—>C:PROGRA~1HL-SER~1UNWISE.EXE C:PROGRA~1HL-SER~1INSTALL.LOG
Hellfire for Pocket PC—>C:PROGRA~1ASTRAW~1HellfireUNWISE.EXE C:PROGRA~1ASTRAW~1HellfireINSTALL.LOG
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
HP OrderReminder—>»C:Program FilesHewlett-PackardOrderReminderuninstallhpuninstaller.exe» hp_LaserJet_1018
IDentify—>C:WINDOWSIsUninst.exe -f»C:Program FilesAIM ProductionsIDentifyUninst.isu»
Java(TM) SE Runtime Environment 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
jetAudio Basic VX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}setup.exe» -l0x19 -removeonly
K-Lite Mega Codec Pack 2.01—>»C:Program FilesK-Lite Codec Packunins000.exe»
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
LaserJet 1018—>C:Program FilesZenographics{372B1C82-C061-40AF-9309-4D7C87CB4754}Setup.exe -u «HPLJInstaller.dll=Hplj1018.inf»
LeaderTask 5.5—>»C:Program FilesAlmezaLeaderTaskunins000.exe»
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
Macromedia Flash Player 8—>MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
MadOnion.com/3DMark2001 SE—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{91B323B5-A79C-4D23-BD6D-046C565F9BCF}Setup.exe» -l0x9 uninstall -uninst
Manual CanoScan LiDE 25—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C45EB9E5-7165-4FB0-8C31-77FC4743362F}setup.exe» -l0x19
MATWorX Version 7—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1C2F9041-4F0C-11D7-B24D-00D0B7482A73}setup.exe» -UNINST
Mean Hamster Software Riven—>»C:WINDOWSepsuninst.exe» «C:Program FilesRivenuninst.dat»
Microsoft .NET Framework 1.1 Hotfix (KB886903)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM886903M886903Uninstall.msp»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>MsiExec.exe /X{F4D0F248-2BF7-4912-814E-4FD751923838}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft ActiveSync—>MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003—>MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Microsoft Works—>MsiExec.exe /I{737E2345-2897-4B75-9C9B-D541F7394D6B}
MobiPocket Reader—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesMobiPocket.comMobiPocket ReaderuninstallSetup.exe» /uninstall
Motorola SM56 Data Fax Modem—>C:WINDOWSMotorolaSMSERIALsm56unst.exe
Movavi Видео Конвертер 7—>MsiExec.exe /I{589CE155-1E47-451B-8FDA-3279DDE013A8}
Nero Digital—>C:WINDOWSUNNeroVision.exe /UNINSTALL
Nero Mega Plugin Pack—>MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
Nero OEM—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nero Online Upgrade—>MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
NeroVision Express Content—>C:WINDOWSUNNVEContent.exe /UNINSTALL
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetUP UserTrafManager5—>C:Program FilesNetUPUTM5_wintrayuninstall.exe
Nokia Connectivity Cable Driver—>MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver—>MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Personal Finances Pro v3.6—>»C:Program FilesPersonal Finances Prounins000.exe»
PowerCinema Linux 4.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}setup.exe» -uninstall
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe» -uninstall
PrimoPDF — brought to you by Nitro PDF Software—>»C:Program FilesNitro PDFPrimoPDFuninstaller.exe»
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
RasterDesk Pro 5.5—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3BE3AF64-CA78-4C5F-A1D7-71874C71918F}setup.exe»
S.T.A.L.K.E.R. — Новая война—>C:GamesSTALKERUNWISE.EXE C:GamesSTALKERINSTALL.LOG
S.T.A.L.K.E.R. [v1.0003]—>C:GamesSTALKERunwise.exe
SkyForceReloaded—>C:Program FilesMicrosoft ActiveSyncSkyForceReloadedUninstall.exe SkyForceReloaded
Skype web features—>MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ Beta 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
StartupMonitor—>MsiExec.exe /X{EA0B6678-C53D-4CF4-A658-47126BD97D41}
STDU Viewer version 1.5.18.0—>»C:Program FilesSTDU Viewerunins000.exe»
Stereoscopic Player—>MsiExec.exe /I{A087C838-1D87-4233-B19E-270AA9D4F6C1}
Syberia 2—>»C:Program FilesSyberia 2unins000.exe»
TaskSwitchXP—>C:Program FilesTaskSwitchXPuninst.exe
TCPMP—>C:Program FilesMicrosoft ActiveSyncTCPMPUninstall.exe TCPMP
The KMPlayer (remove only)—>»C:Program FilesThe KMPlayeruninstall.exe»
Thrustmaster Force Feedback Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}setup.exe» -l0x9 -removeonly
Total Commander (Remove or Repair)—>c:totalcmdtcuninst.exe
Ukrainian language for ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /X{9274109B-3F04-4608-8B3E-4AC55B5DDAF1}
UltraISO Premium V8.61—>»C:Program FilesUltraISOunins000.exe»
Universal Document Converter—>»C:Program FilesUniversal Document Converterunins000.exe»
Update для Microsoft .NET Framework 3.0 (КБ932394)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {6CDA893D-A8BB-44B5-896E-A474508B2EFF} /package {7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Virtual Pool Mobile—>C:Program FilesMicrosoft ActiveSyncVirtual Pool MobileUninstall.exe Virtual Pool Mobile
Visual Task Tips 2.1—>C:Program FilesVisualTaskTipsuninst.exe
Voyage to The Moon—>»C:Program FilesVoyage to The Moonunins000.exe»
WIBU-KEY Setup (WIBU-KEY Remove)—>C:Program FilesWIBUKEYSetupSetup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
WIDCOMM Bluetooth Software—>MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WinDjView 1.0—>C:Program FilesWinDjViewuninstall.exe
Windows Driver Package — Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)—>rundll32.exe C:PROGRA~1DIFX15B7F172FC21855DDIFxAppA.dll, DIFxARPUninstallDriverPackage C:WINDOWSsystem32DRVSTOREPRSUSB_0200B6D60DA90847167AFB40E87ADFDB0591D0A1PRSUSB.inf
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows Messenger 5.1 MUI Pack—>MsiExec.exe /I{F3CBA4E6-436E-4B51-9651-93830EE38616}
Windows Messenger 5.1—>MsiExec.exe /I{9D1C26BD-E792-4159-9D16-07EA222D8EF0}
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
XP Tweaker 1.50—>C:Program FilesXP TweakerUninstall.exe
X-Translator Discovery ERRE—>MsiExec.exe /I{F6F323AF-0123-474E-AFE0-F3F26556162C}
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
ЕвроФон—>MsiExec.exe /I{0A1EA1D3-A512-4AD3-89F1-BAD794DBC589}
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Тибет квест (русская версия)—>C:GamesТибет квестUninstall.exe
Учет доходов и расходов—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll
Яндекс.Бар 4.2 для Internet Explorer—>MsiExec.exe /X{6740F9E3-1353-47DD-9765-BA49FC4C3479}

======Security center information======

AV: avast! Antivirus
FW: Outpost Firewall Pro

======System event log======

Computer Name: YOUR-8FD8B146F8
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».

Record Number: 10476
Source Name: Service Control Manager
Time Written: 20100204104259.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: YOUR-8FD8B146F8
Event Code: 7036
Message: Служба «Совместимость быстрого переключения пользователей» перешла в состояние Работает.

Record Number: 10475
Source Name: Service Control Manager
Time Written: 20100204104259.000000+180
Event Type: информация
User:

Computer Name: YOUR-8FD8B146F8
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».

Record Number: 10474
Source Name: Service Control Manager
Time Written: 20100204104259.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: YOUR-8FD8B146F8
Event Code: 7036
Message: Служба «Службы терминалов» перешла в состояние Работает.

Record Number: 10473
Source Name: Service Control Manager
Time Written: 20100204104259.000000+180
Event Type: информация
User:

Computer Name: YOUR-8FD8B146F8
Event Code: 7036
Message: Служба «Fax» перешла в состояние Остановлена.

Record Number: 10472
Source Name: Service Control Manager
Time Written: 20100204104259.000000+180
Event Type: информация
User:

=====Application event log=====

Computer Name: YOUR-8FD8B146F8
Event Code: 1903
Message:
Record Number: 1847208
Source Name: HHCTRL
Time Written: 20091222170015.000000+180
Event Type: информация
User:

Computer Name: YOUR-8FD8B146F8
Event Code: 1903
Message:
Record Number: 1847207
Source Name: HHCTRL
Time Written: 20091222163007.000000+180
Event Type: информация
User:

Computer Name: YOUR-8FD8B146F8
Event Code: 1903
Message:
Record Number: 1847206
Source Name: HHCTRL
Time Written: 20091222160101.000000+180
Event Type: информация
User:

Computer Name: YOUR-8FD8B146F8
Event Code: 1903
Message:
Record Number: 1847205
Source Name: HHCTRL
Time Written: 20091222153016.000000+180
Event Type: информация
User:

Computer Name: YOUR-8FD8B146F8
Event Code: 1903
Message:
Record Number: 1847204
Source Name: HHCTRL
Time Written: 20091222150346.000000+180
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAdobeAGL;C:Program FilesCommon FilesTeleca Shared;C:Program FilesCommon FilesAutodesk Shared;C:Program FilesATI TechnologiesATI.ACECore-Static
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 13 Stepping 8, GenuineIntel
«PROCESSOR_REVISION»=0d08
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«AC_OPERA»=C:Program FilesOpera AC
«AC_SOURCH»=D:InstallInet

---

EOF

---

[andrei0390]

И что теперь делать?

[andrei0390]

Попробовал поиском найти autorun.inf, нашел 26 файлов.Проверил каждый антивирусом Avast, вроде все в порядке.А проблеме этой уже с полгода.

[Admin]

autorun.inf, нашел 26 файлов.Проверил каждый антивирусом Avast, вроде все в порядке

Этих файлов быть не должно.

Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.
Этот лог и свежий RSIT лог вставьте в ваше следующее сообщение.

[andrei0390]

Денные лога антивируса
Malwarebytes’ Anti-Malware 1.44
Версия базы данных: 3799
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

27.02.2010 9:50:53
mbam-log-2010-02-27 (09-50-53).txt

Тип проверки: Быстрая
Проверено объектов: 125993
Прошло времени: 10 minute(s), 1 second(s)

Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 27
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 6
Заражено файлов: 15

Заражено процессов в памяти:
(Вредоносные программы не обнаружены)

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
HKEY_CLASSES_ROOTbitaccelerator.bitaccelerator (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTbitaccelerator.bitaccelerator.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTconnectionservices.connectionservices (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTconnectionservices.connectionservices.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTreklosoft_adw.helper_bar (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTrs_adw.helper_bar.1 (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTrs_adw.helper_bho (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTrs_adw.helper_bho.1 (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e743cf05-181c-4d72-b4ee-95435ed4b86b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{f1287389-b2fe-4315-8484-540b2033646d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{2552632f-867d-4052-b836-7f83a5302534} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{71e59d37-d7fc-4ed6-bc1d-d13be02fe6c5} (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{ffffe708-b832-42f1-baff-247753b5e452} (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{71e59d37-d7fc-4ed6-bc1d-d13be02fe6c5} (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExplorer Bars{ffffe708-b832-42f1-baff-247753b5e452} (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{71e59d37-d7fc-4ed6-bc1d-d13be02fe6c5} (Trojan.Kerlofost) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSIDMADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREBitAccelerator (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREConnectionServices (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppIDrs_adw.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

Заражено значений реестра:
(Вредоносные программы не обнаружены)

Заражено параметров реестра:
(Вредоносные программы не обнаружены)

Заражено папок:
C:Program FilesConnectionServices (Trojan.BHO) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66} (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chrome (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontent (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}defaults (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}defaultspreferences (Trojan.Kerlofost) -> Quarantined and deleted successfully.

Заражено файлов:
C:Program FilesConnectionServicesUninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chrome.manifest (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}extension.reg (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}install.rdf (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentextensions.xul (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentlogo.png (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentmain.js (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentmain.xul (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentq.png (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentq_gray.png (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentx.png (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}chromecontentx_gray.png (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}defaultspreferencesmain.js (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Program FilesCommon Files{7445f2b0-cf99-11dd-ad8b-0800200c9a66}defaultspreferencesmain.js.old (Trojan.Kerlofost) -> Quarantined and deleted successfully.
C:Documents and Settings1Application Datawiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

[andrei0390]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by 1 at 2010-02-27 11:11:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 11 GB (14%) free of 76 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:20, on 27.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesVisualTaskTipsVisualTaskTips.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:Program FilesJavajre1.6.0binjusched.exe
C:WINDOWSsystem32FLSDEVCP.EXE
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:PROGRA~1ALWILS~1Avast5avastUI.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32HLS32SVC.EXE
C:Program FilesFirebirdbinibguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFirebirdbinibserver.exe
C:Program FilesNetUPUTM5_wintrayutm5_wintray.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:DownloadsПрограммыRSIT.exe
C:Program Filestrend micro1.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — C:Program FilesCanonEasy-WebPrintToolband.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: PROMT — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT78PRMTIEprmtie.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL
O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] HDAShCut.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [InstantOn] «C:Program FilesCyberLinkPowerCinema Linuxion_install.exe» /c
O4 — HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe
O4 — HKLM..Run: [Vistadrv] D:VistaDrivevsdrv.exe
O4 — HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre1.6.0binjusched.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [FLSDeviceControlPanel] C:WINDOWSsystem32FLSDEVCP.EXE
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [Tutor.exe] «C:Program FilesABBYY Lingvo 12Tutor.exe» /AS
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: Быстрый запуск AutoCAD.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: ?i??o?s Desкtор S??r?h.lnk
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binssv.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT78PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT78PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT78PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT78PRMTIEoptions.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: @c:Program FilesMessengerMsgslang.dll,-61144 — {FB5F1910-F110-11d2-BB9E-00C04F795683} — c:Program FilesMessengermsmsgs.exe (file missing)
O9 — Extra ‘Tools’ menuitem: @c:Program FilesMessengerMsgslang.dll,-61144 — {FB5F1910-F110-11d2-BB9E-00C04F795683} — c:Program FilesMessengermsmsgs.exe (file missing)
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 — Trusted Zone: http://*.195.16.50.18
O15 — Trusted Zone: http://*.85.21.242.18
O15 — Trusted Zone: http://*.mtbank.co.ru
O15 — Trusted IP range: http://194.85.132.130
O15 — Trusted IP range: http://85.21.242.18
O16 — DPF: {075DE2F2-4573-4056-8E93-70CABB68C5A2} (VdoxMPEG4 Control) — http://6160.meritlilin.com.tw/v6160.cab
O16 — DPF: {2AF0C7B1-9389-11D8-869A-0020ED529CEE} (HTTPFileCtl Class) — http://194.85.132.130/HTTPFile.cab
O16 — DPF: {7D0FDBB3-B42D-11D2-8977-0060080BBFF8} (LstDlg Class) — https://www.bankline.ru/servlets/ibc?File=12570842.cab
O16 — DPF: {A90CDED7-0D8F-49CE-87B3-5D4BE4C36407} (InistFileSystemObject Class) — https://www.bankline.ru/servlets/ibc?File=1676743.CAB
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} (SecureEx Class) — https://www.bankline.ru/servlets/ibc?File=12570838.CAB
O16 — DPF: {EE479A40-C128-40DD-93DA-000556AF9607} (DVRWeb Control) — http://87.245.181.50:9012/CtrWeb.cab
O17 — HKLMSystemCCSServicesTcpip..{46D91171-DDD5-4B72-A07E-796D5069C3CD}: NameServer = 217.150.34.129,217.150.35.129
O17 — HKLMSystemCCSServicesTcpip..{8CD7EE6C-34C8-4184-8F19-F3BF2556ADC6}: NameServer = 192.168.1.1
O18 — Protocol: csnet — {FF3EFE67-7569-11D2-9F80-00104B107C97} — (no file)
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Autodesk Licensing Service — Autodesk, Inc. — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: HL-Server (HLServer) — Aladdin Knowledge Systems Germany — C:WINDOWSsystem32HLS32SVC.EXE
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: FrontLine Drivers Auto Removal (v2) (sfrem02) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem02.exe
O23 — Service: Sony SCSI Helper Service — Sony Corporation — C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 16713 bytes

======Scheduled tasks folder======

C:WINDOWStasksUser_Feed_Synchronization-{30C1D3C3-2B0A-4223-8762-B7FE6CC5D4BC}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0binssv.dll [2008-05-21 501384]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-08-30 826032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-06 259696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll [2009-09-27 762864]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll [2009-06-06 470512]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2009-09-03 245760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — C:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-07-24 5586208]
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} — PROMT — C:Program FilesPRMT78PRMTIEprmtie.dll [2007-07-19 454656]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-06 259696]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-08-30 826032]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL [2009-09-03 245760]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Ярлык для страницы свойств High Definition Audio»=C:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-08-01 90112]
«AlcWzrd»=C:WINDOWSALCWZRD.EXE [2005-08-01 2803712]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-08-01 69632]
«InstantOn»=C:Program FilesCyberLinkPowerCinema Linuxion_install.exe [2005-05-11 93640]
«Easy-PrintToolBox»=C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE [2004-01-14 409600]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2008-10-25 31072]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2006-12-06 69216]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-12-05 54832]
«VisualTaskTips»=C:Program FilesVisualTaskTipsVisualTaskTips.exe [2006-07-31 36864]
«Vistadrv»=D:VistaDrivevsdrv.exe []
«SMSERIAL»=C:WINDOWSsm56hlpr.exe [2005-08-01 544768]
«»= []
«OrderReminder»=C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe [2006-07-30 98304]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0binjusched.exe [2008-05-21 77824]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«FLSDeviceControlPanel»=C:WINDOWSsystem32FLSDEVCP.EXE [2008-10-03 91696]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2007-07-05 193824]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«UDC Integration»= []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«avast5″=C:PROGRA~1ALWILS~1Avast5avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-05-30 460040]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-06-06 39408]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2009-11-20 289072]
«Tutor.exe»=C:Program FilesABBYY Lingvo 12Tutor.exe [2007-07-05 992544]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
C:Program FilesCommon FilesAdobeUpdaterAdobeUpdater.exe [2007-04-04 970752]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]
C:Program FilesATI TechnologiesATI.ACEcli.exe runtime []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
C:Program FilesDAEMON Toolsdaemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDaemonTools_WhenUSave_Installer]
C:Program FilesDaemonTools_WhenUSave_InstallerDaemonTools_WhenUSave_Installer.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
C:Program FilesDownload Masterdmaster.exe [2008-07-25 3286016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncWcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
C:Program FilesABBYY Lingvo 12Lvagent.exe [2007-07-05 193824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
C:Program FilesMSN MessengerMsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTaskSwitchXP]
C:Program FilesTaskSwitchXPTaskSwitchXP.exe [2006-08-05 62976]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTutor.exe]
C:Program FilesABBYY Lingvo 12Tutor.exe [2007-07-05 992544]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]
C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^Mobipocket Web Companion.lnk]
C:PROGRA~1MOBIPO~1.COMMOBIPO~1webcomp.exe [2003-08-08 1163264]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^ATI CATALYST System Tray.lnk]
C:PROGRA~1ATITEC~1ATI.ACECLI.exe SystemTray []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Быстрый запуск AutoCAD.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
?i??o?s Desкtор S??r?h.lnk — C:Program FilesWindows Desktop SearchWindowsSearch.exe

C:Documents and Settings1Главное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesGoogleGoogle Talkgoogletalk.exe»=»C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesCSoftNormaCS 1.0 Demo ClientNormaCSNetDemo.exe»=»C:Program FilesCSoftNormaCS 1.0 Demo ClientNormaCSNetDemo.exe:*:Enabled:NormaCS 1.0 Demo»
«C:Program FilesFlashGetFlashGet.exe»=»C:Program FilesFlashGetFlashGet.exe:*:Enabled:Flashget»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe»=»C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ Library»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe»=»C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process «
«C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe»=»C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe:*:Disabled:Nokia Software Updater»
«C:Program FilesCommon FilesNokiaTssInstrument APIbinroot.exe»=»C:Program FilesCommon FilesNokiaTssInstrument APIbinroot.exe:*:Enabled:root»
«C:Program FilesNokiaPhoenixphoenix.exe»=»C:Program FilesNokiaPhoenixphoenix.exe:*:Enabled:Phoenix Application»
«C:Program FilesuTorrent [tfile.ru]utorrent.exe»=»C:Program FilesuTorrent [tfile.ru]utorrent.exe:*:Enabled:µTorrent»
«C:Program FilesApexDC++ApexDC.exe»=»C:Program FilesApexDC++ApexDC.exe:*:Enabled:ApexDC++»
«C:Program FilesInternet Exploreriexplore.exe»=»C:Program FilesInternet Exploreriexplore.exe:*:Disabled:Internet Explorer»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe»=»C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service»
«C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE»=»C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service»
«C:Program FilesCommon FilesSymantec SharedccApp.exe»=»C:Program FilesCommon FilesSymantec SharedccApp.exe:*:Enabled:Symantec Email»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{07790b8c-289b-11dc-9628-00150033cff7}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — E:Recycledctfmon.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0acb3292-0464-11dd-974c-00150033cff7}]
shellAutoRuncommand — G:
shellopencommand — rundll32.exe .\kbdhelv2.dll,InstallM

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35820d00-15f1-11dd-977e-00150033cff7}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5e0e1cd2-4480-11dd-980f-00150033cff7}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .Recyclersvchost.exe
shellopencommand — G:.Recyclersvchost.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7aeda90a-de2d-11dc-96ce-00150033cff7}]
shellAutoRuncommand — G:oufddh.exe
shellexplorecommand — G:oufddh.exe
shellopencommand — G:oufddh.exe

======File associations======

.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-02-27 09:38:10 —-D—- C:Documents and Settings1Application DataMalwarebytes
2010-02-27 09:38:04 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-02-27 09:38:03 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-02-27 08:27:52 —-RASHD—- C:autorun.inf
2010-02-22 23:10:58 —-D—- C:Program Filestrend micro
2010-02-22 23:10:56 —-D—- C:rsit
2010-02-21 12:20:54 —-A—- C:WINDOWSsystem32svchost.exe
2010-02-21 11:28:59 —-D—- C:Documents and SettingsAll UsersApplication DataAlwil Software
2010-02-20 21:38:41 —-A—- C:WINDOWSsystem32aswBoot.exe
2010-02-19 18:54:13 —-D—- C:Program FilesSTDU Viewer
2010-02-19 18:54:13 —-D—- C:Program FilesCommon FilesSTDUtility
2010-02-12 17:03:51 —-D—- C:Program FilesCMS
2010-02-07 13:54:49 —-A—- C:WINDOWSsystem32capicom.dll
2010-02-07 13:54:31 —-D—- C:Program FilesCommon FilesSymantec Shared

======List of files/folders modified in the last 1 months======

2010-02-27 10:59:45 —-D—- C:WINDOWSPrefetch
2010-02-27 10:47:01 —-D—- C:WINDOWSTemp
2010-02-27 10:25:00 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-27 10:00:26 —-AD—- C:WINDOWSsystem32
2010-02-27 10:00:26 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-02-27 09:59:36 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-27 09:56:29 —-A—- C:WINDOWSModemLog_Motorola SM56 Data Fax Modem.txt
2010-02-27 09:55:59 —-D—- C:Documents and Settings1Application DatauTorrent
2010-02-27 09:55:34 —-D—- C:WINDOWS
2010-02-27 09:54:04 —-D—- C:WINDOWSsystem32drivers
2010-02-27 09:54:04 —-D—- C:WINDOWSAppPatch
2010-02-27 09:50:53 —-D—- C:Program Files
2010-02-24 16:10:22 —-A—- C:WINDOWSNeroDigital.ini
2010-02-21 14:44:59 —-HD—- C:WINDOWSinf
2010-02-21 14:44:29 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-02-21 14:43:46 —-HD—- C:WINDOWS$hf_mig$
2010-02-21 14:43:45 —-D—- C:WINDOWSsystem32CatRoot
2010-02-21 11:37:13 —-D—- C:Program FilesAlwil Software
2010-02-21 11:29:45 —-SHD—- C:WINDOWSInstaller
2010-02-21 11:29:44 —-D—- C:WINDOWSWinSxS
2010-02-20 21:32:48 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2010-02-20 21:01:26 —-A—- C:WINDOWSPCViewer_D6.INI
2010-02-19 18:54:13 —-D—- C:Program FilesCommon Files
2010-02-16 12:05:10 —-SD—- C:WINDOWSDownloaded Program Files
2010-02-07 13:26:11 —-D—- C:Program FilesDrWeb
2010-02-07 13:26:08 —-SD—- C:WINDOWSTasks
2010-02-04 10:09:59 —-AC—- C:WINDOWSPhotoSnapViewer.INI
2010-01-28 22:14:05 —-D—- C:WINDOWSsystem32config
2010-01-28 18:20:16 —-RD—- C:UDC Output Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:WINDOWSsystem32driversaswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2010-02-11 46672]
R1 dk2drv;DK2 WindowsNT Driver; ??C:WINDOWSSYSTEM32Driversdk2drv.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-28 40448]
R1 ISODrive;ISO CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2004-08-03 8832]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32driversaswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2010-02-11 100432]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2008-06-06 271360]
R2 FLE5WNNT;FLE-5 WindowsNT Driver; ??C:WINDOWSSystem32Driversfle5wnnt.sys []
R2 FLSIFACE;FLSIface; ??C:WINDOWSSystem32Driversflsiface.sys []
R2 FLSPAR;FLSPar; ??C:WINDOWSSystem32Driversflspar.sys []
R2 FLSSER;FLSSer; ??C:WINDOWSSystem32Driversflsser.sys []
R2 FLSVCOM;FLSVCom; ??C:WINDOWSSystem32Driversflsvcom.sys []
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2008-06-06 18048]
R2 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibuKey.sys [2007-08-06 72704]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-12-05 2782208]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-08-01 2547008]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtlnicxp.sys [2005-08-01 70912]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2005-08-01 839724]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 a1vmi6ln;a1vmi6ln; C:WINDOWSsystem32driversa1vmi6ln.sys []
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-18 60800]
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 ewituirec;ewituirec; ??C:WINDOWSsystem321.tmp []
S3 HdAudAddService;Драйвер функции Microsoft UAA для службы High Definition Audio; C:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 MBLAUDRV;Mobiola Audio Service; C:WINDOWSsystem32driversBTCamAudioDrv.sys [2007-07-31 13312]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-18 61824]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-18 40320]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:WINDOWSsystem32driversnmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:WINDOWSsystem32driversnmwcdnsuc.sys [2008-02-01 8320]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE31bus.sys [2006-11-10 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE31mdfl.sys [2006-11-10 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE31mdm.sys [2006-11-10 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE31mgmt.sys [2006-11-10 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS); C:WINDOWSsystem32DRIVERSse31nd5.sys [2006-11-10 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE31obex.sys [2006-11-10 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM); C:WINDOWSsystem32DRIVERSse31unic.sys [2006-11-10 90800]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-06-06 8064]
S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 w29n51;Драйвер сетевого адаптера Intel(R) PRO/Wireless 2200BG для Windows XP; C:WINDOWSsystem32DRIVERSw29n51.sys [2005-08-01 3222784]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-12-05 495616]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-02-11 40384]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 HLServer;HL-Server; C:WINDOWSsystem32HLS32SVC.EXE [2001-07-13 509952]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-07 167936]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-02-11 40384]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-12-05 593920]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-18 268288]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe []
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:WINDOWSsystem32sfrem02.exe [2006-05-11 358008]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-09-06 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2007-11-15 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-06-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe [2007-05-10 73728]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-11-02 914944]
S4 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe []

---

EOF

---

[andrei0390]

Но ситуация с значками не изменилась.Правда стали открыватся скрытые файлы и папки.И еще вопрос не будутли конфликтовать два антивируса может мне удалить Malwarebytes’ Anti-Malware .

[Admin]

Malwarebytes это антиспайварная программа, которая нормально уживается с антивирусными программами.

Выполним дополнительную проверку.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[andrei0390]

лог после сканирования:
ComboFix 10-02-27.04 — 1 27.02.2010 23:38:02.1.1 — x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.1023.664 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
Command switches used :: c:documents and settings1Рабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesInternet ExplorerSET252.tmp
c:program filesInternet ExplorerSET253.tmp
c:program filesInternet ExplorerSET254.tmp
c:program filesInternet ExplorerSET3E.tmp
c:program filesInternet ExplorerSET3F.tmp
c:program filesInternet ExplorerSET4.tmp
c:program filesInternet ExplorerSET41.tmp
c:program filesInternet ExplorerSET5.tmp
c:program filesInternet ExplorerSET6.tmp
c:program filesRS
c:recycledRecycled
c:recyclerS-1-5-21-618885646-2089123199-3783708908-1003
c:windowsnnfas32.dll

---

BITS: Possible infected sites

---

hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 06:38 . 2010-02-27 06:38

---

d

---

w- c:documents and settings1Application DataMalwarebytes
2010-02-27 06:38 . 2010-01-07 13:07 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-02-27 06:38 . 2010-02-27 06:38

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-27 06:38 . 2010-02-27 06:38

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2010-02-27 06:38 . 2010-01-07 13:07 19160 —-a-w- c:windowssystem32driversmbam.sys
2010-02-22 20:10 . 2010-02-27 08:11

---

d

---

w- c:program filestrend micro
2010-02-22 20:10 . 2010-02-22 20:11

---

d

---

w- C:rsit
2010-02-21 09:20 . 2004-08-18 12:00 14336 -c—a-w- c:windowssystem32dllcachesvchost.exe
2010-02-21 09:20 . 2004-08-18 12:00 14336 —-a-w- c:windowssystem32svchost.exe
2010-02-21 08:28 . 2010-02-21 08:28

---

d

---

w- c:documents and settingsAll UsersApplication DataAlwil Software
2010-02-20 18:38 . 2010-02-11 18:42 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-02-20 18:38 . 2010-02-11 18:39 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-02-20 18:38 . 2010-02-11 18:38 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-02-20 18:38 . 2010-02-11 18:53 38848 —-a-w- c:windowssystem32avastSS.scr
2010-02-20 18:38 . 2010-02-11 18:42 162512 —-a-w- c:windowssystem32driversaswSP.sys
2010-02-20 18:38 . 2010-02-11 18:38 100432 —-a-w- c:windowssystem32driversaswmon2.sys
2010-02-20 18:38 . 2010-02-11 18:38 94800 —-a-w- c:windowssystem32driversaswmon.sys
2010-02-20 18:38 . 2010-02-11 18:38 19024 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-02-20 18:38 . 2010-02-11 18:53 153184 —-a-w- c:windowssystem32aswBoot.exe
2010-02-19 15:54 . 2010-02-19 15:54

---

d

---

w- c:program filesSTDU Viewer
2010-02-19 15:54 . 2010-02-19 15:54

---

d

---

w- c:program filesCommon FilesSTDUtility
2010-02-12 14:03 . 2010-02-26 04:50

---

d

---

w- c:program filesCMS
2010-02-07 10:58 . 2010-02-07 10:58

---

d

---

w- c:documents and settings1Local SettingsApplication DataSymantec
2010-02-07 10:54 . 2010-02-20 18:30

---

d

---

w- c:program filesCommon FilesSymantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 20:14 . 2006-02-19 23:51 89936 —-a-w- c:windowssystem32perfc019.dat
2010-02-27 20:14 . 2006-02-19 23:51 476888 —-a-w- c:windowssystem32perfh019.dat
2010-02-27 17:53 . 2008-11-05 21:55

---

d

---

w- c:documents and settings1Application DatauTorrent
2010-02-21 08:37 . 2008-02-03 13:56

---

d

---

w- c:program filesAlwil Software
2010-02-20 18:32 . 2009-08-30 19:37

---

d

---

w- c:documents and settingsAll UsersApplication DataSymantec
2010-02-07 10:26 . 2008-01-28 15:58

---

d

---

w- c:program filesDrWeb
2010-01-16 21:31 . 2008-07-25 18:31

---

d

---

w- c:program filesYandex
2010-01-16 18:10 . 2009-02-11 05:42

---

d

---

w- c:program filesuTorrent
2009-06-24 10:38 . 2007-06-11 07:54 41788 -c—a-w- c:program filesUninstall.exe
2008-05-21 09:33 . 2008-05-21 09:33 1890 —sha-w- c:windowssystem32KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-06-06 39408]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-11-20 289072]
«Tutor.exe»=»c:program filesABBYY Lingvo 12Tutor.exe» [2007-07-05 992544]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Ярлык для страницы свойств High Definition Audio»=»HDAShCut.exe» [2005-01-07 61952]
«SoundMan»=»SOUNDMAN.EXE» [2005-08-01 90112]
«AlcWzrd»=»ALCWZRD.EXE» [2005-08-01 2803712]
«InstantOn»=»c:program filesCyberLinkPowerCinema Linuxion_install.exe» [2005-05-11 93640]
«Easy-PrintToolBox»=»c:program filesCanonEasy-PrintToolBoxBJPSMAIN.EXE» [2004-01-14 409600]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«VisualTaskTips»=»c:program filesVisualTaskTipsVisualTaskTips.exe» [2006-07-31 36864]
«SMSERIAL»=»sm56hlpr.exe» [2005-08-01 544768]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-07-30 98304]
«SunJavaUpdateSched»=»c:program filesJavajre1.6.0binjusched.exe» [2008-05-21 77824]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«FLSDeviceControlPanel»=»c:windowssystem32FLSDEVCP.EXE» [2008-10-03 91696]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2007-07-05 193824]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«avast5″=»c:progra~1ALWILS~1Avast5avastUI.exe» [2010-02-11 2756488]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]

c:documents and settings1ѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-8-27 113664]
‚л१Є  нЄа ­  Ё Їа®Ја ¬¬  § ЇгбЄ  ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2008-10-25 98696]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-8-27 113664]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart16.exe [2004-2-25 10872]

[HKLM~startupfolderC:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^Mobipocket Web Companion.lnk]
path=c:documents and settings1Главное менюПрограммыАвтозагрузкаMobipocket Web Companion.lnk
backup=c:windowspssMobipocket Web Companion.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^ATI CATALYST System Tray.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаATI CATALYST System Tray.lnk
backup=c:windowspssATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
2007-04-04 11:41 970752 —-a-w- c:program filesCommon FilesAdobeUpdaterAdobeUpdater.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
2006-11-12 10:48 157592 —-a-w- c:program filesDAEMON Toolsdaemon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2008-07-25 12:42 3286016 —-a-w- c:program filesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
2006-11-13 13:21 1289000 —-a-w- c:program filesMicrosoft ActiveSyncwcescomm.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2007-07-05 20:10 193824 —-a-w- c:program filesABBYY Lingvo 12LvAgent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTaskSwitchXP]
2006-08-04 22:29 62976 —-a-w- c:program filesTaskSwitchXPTaskSwitchXP.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTutor.exe]
2007-07-05 20:15 992544 —-a-w- c:program filesABBYY Lingvo 12Tutor.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«6262:TCP»= 6262:TCP:ukbxiq

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:windowssystem32driverssfsync05.sys [11.08.2006 19:09 59776]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [20.02.2010 21:38 162512]
R1 dk2drv;DK2 WindowsNT Driver;c:windowssystem32driversdk2drv.sys [03.10.2008 12:24 49720]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [20.02.2010 21:38 19024]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:windowssystem32driversfle5wnnt.sys [03.10.2008 12:25 33404]
R2 FLSIFACE;FLSIface;c:windowssystem32driversflsiface.sys [03.10.2008 12:25 13440]
R2 FLSPAR;FLSPar;c:windowssystem32driversflspar.sys [03.10.2008 12:25 16314]
R2 FLSSER;FLSSer;c:windowssystem32driversflsser.sys [03.10.2008 12:25 8344]
R2 FLSVCOM;FLSVCom;c:windowssystem32driversflsvcom.sys [03.10.2008 12:25 34080]
R2 HLServer;HL-Server;c:windowssystem32HLS32SVC.EXE [06.09.2007 15:17 509952]
R2 NVKEYNT;NVKEYNT;c:windowssystem32driversNVKEYNT.SYS [18.08.2007 19:15 68672]
S0 kwbxlacv;kwbxlacv;c:windowssystem32driversmefahpx.sys —> c:windowssystem32driversmefahpx.sys [?]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [26.08.2007 18:34 646392]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windowssystem32sfrem02.exe svc —> c:windowssystem32sfrem02.exe svc [?]
S3 ewituirec;ewituirec;??c:windowssystem321.tmp —> c:windowssystem321.tmp [?]
S3 MBLAUDRV;Mobiola Audio Service;c:windowssystem32driversBTCamAudioDrv.sys [28.07.2008 1:35 13312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [01.09.2008 8:51 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [01.09.2008 8:51 8320]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [22.08.2007 20:18 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [22.08.2007 20:19 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [22.08.2007 20:19 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [22.08.2007 20:19 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [22.08.2007 20:20 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [22.08.2007 20:19 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [22.08.2007 20:19 90800]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
muzqz
xfbwjtbq
xvvqmaq
uqjbklw
.
Contents of the ‘Scheduled Tasks’ folder

2010-02-27 c:windowsTasksUser_Feed_Synchronization-{30C1D3C3-2B0A-4223-8762-B7FE6CC5D4BC}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 00:31]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uInternet Settings,ProxyOverride =
IE: c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT78PRMTIEprmtie5.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
Trusted Zone: 195.16.50.18
Trusted Zone: 85.21.242.18
Trusted Zone: mtbank.co.ru
Trusted Zone: mybank.comwww
TCP: {46D91171-DDD5-4B72-A07E-796D5069C3CD} = 217.150.34.129,217.150.35.129
TCP: {8CD7EE6C-34C8-4184-8F19-F3BF2556ADC6} = 192.168.1.1
DPF: {075DE2F2-4573-4056-8E93-70CABB68C5A2} — hxxp://6160.meritlilin.com.tw/v6160.cab
DPF: {2AF0C7B1-9389-11D8-869A-0020ED529CEE} — hxxp://194.85.132.130/HTTPFile.cab
DPF: {7D0FDBB3-B42D-11D2-8977-0060080BBFF8} — hxxps://www.bankline.ru/servlets/ibc?File=12570842.cab
DPF: {A90CDED7-0D8F-49CE-87B3-5D4BE4C36407} — hxxps://www.bankline.ru/servlets/ibc?File=1676743.CAB
DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} — hxxps://www.bankline.ru/servlets/ibc?File=12570838.CAB
DPF: {EE479A40-C128-40DD-93DA-000556AF9607} — hxxp://87.245.181.50:9012/CtrWeb.cab
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-Vistadrv — d:vistadrivevsdrv.exe
HKLM-Run-UDC Integration — (no file)
MSConfigStartUp-ATICCC — c:program filesATI TechnologiesATI.ACEcli.exe
MSConfigStartUp-DaemonTools_WhenUSave_Installer — c:program filesDaemonTools_WhenUSave_InstallerDaemonTools_WhenUSave_Installer.exe
MSConfigStartUp-MsnMsgr — c:program filesMSN MessengerMsnMsgr.Exe
MSConfigStartUp-updateMgr — c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 00:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F92CF8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf757ffc3
DriverACPI -> ACPI.sys @ 0xf73f2cb8
Driveratapi -> 0x86de2e90
DriveriaStor -> iaStor.sys @ 0xf72bab58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7165ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7172b21
SendHandler -> NDIS.sys @ 0xf715087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(788)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2010-02-28 00:14:49
ComboFix-quarantined-files.txt 2010-02-27 21:14

Pre-Run: 10 966 409 216 байт свободно
Post-Run: 10 973 200 384 байт свободно

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Home Edition RU» /noexecute=optin /fastdetect

— — End Of File — — E095C34BBAC76CDD81F8E8A8969D0850

[andrei0390]

но опять ничего не изменилось,только появился второй значек internet explorer на рабочем столе и исчез один из значков CD дисковода G в папке мой компьютер.

[andrei0390]

Да значек на который поменялись родные значки общего диска и dvd дисковода называется неизвестный тип файла, определение этого значка я в интернете нашел.

[Admin]

Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:

Driver::

kwbxlacv

ewituirec



NetSvc::

muzqz

xfbwjtbq

xvvqmaq

uqjbklw

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.

[Автор]

Сообщения