Временами всплывает порно реклама на рабочем столе

[yadmitrii]

info.txt logfile of random’s system information tool 1.06 2009-08-19 11:37:59

======Uninstall list======

—>MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.57—>»C:Program Files7-ZipUninstall.exe»
ACDSee 10 Photo Manager—>MsiExec.exe /I{119E769A-C45B-47E1-A43C-14581D6058F9}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 9.1 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A91000000001}
AIMP2—>C:Program FilesAIMP2UnInstall.exe
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
Creation Master 09 Beta 3—>»C:Program FilesFifa MasterCreation Master 09unins000.exe»
Download Master version 5.5.12.1171—>»C:Program FilesDownload Masterunins000.exe»
FIFA 09—>D:C4C4~1FIFA09UNWISE.EXE D:C4C4~1FIFA09INSTALL.LOG
FIFA 09—>D:ДимаFIFA09unwise.exe
FlylinkDC++ r(366)—>»C:Program FilesFlylinkDC++unins000.exe»
GTA — Los Angeles—>»D:ДимаGTA — Los Angelesunins000.exe»
Hardlock Device Driver—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32HLDRV.LOG
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 4.2.5 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft WSE 3.0 Runtime—>MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MSXML 4.0 SP3 Parser—>MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04—>MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Opera 9.61—>MsiExec.exe /X{F8CCEF4F-6EEF-4B81-B70D-821E72451D93}
Opera 9.64—>MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
Photoshop Russian Update—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{16EF687F-D2C3-4B17-9DBD-31113E833426}Setup.exe»
Plato Video To 3GP Converter Free 10.07.01—>»C:Program FilesPlato Video To 3GP Converterunins000.exe»
Realtek AC’97 Audio—>Alcrmv.exe -r -m
Sound Master 09 Release 1.00—>»C:Program FilesFifa MasterSound Master 09unins000.exe»
StreamDown—>»C:Program FilesStreamDown v6.4unins000.exe»
Total Commander 7.02a PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
Unlocker 1.8.7—>C:Program FilesUnlockeruninst.exe
Vista Drive Icon 6in1—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Vit Registry Fix 9.4—>»C:Program FilesVitSoftVit Registry Fixunins000.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Yahoo! Messenger—>C:PROGRA~1Yahoo!MESSEN~1UNWISE.EXE /U C:PROGRA~1Yahoo!MESSEN~1INSTALL.LOG
Yahoo! Software Update—>C:PROGRA~1Yahoo!SOFTWA~1UNINST~1.EXE
Гарри Поттер и Принц-Полукровка™—>MsiExec.exe /X{FD1B1980-8CAB-4474-89F8-1245AF657AD1}
Дополнительные апплеты—>»C:WINDOWSsystem32CPLDAPUunins000.exe»
СтройОфисДемо—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AA7E5D2A-7193-48E8-9995-707693151708}Setup.exe»

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090818-0]
AV: Kaspersky Anti-Virus (disabled) (outdated)

======System event log======

Computer Name: MICROSOF-4F339B
Event Code: 7036
Message: Служба «avast! Mail Scanner» перешла в состояние Работает.

Record Number: 3419
Source Name: Service Control Manager
Time Written: 20090724172946.000000+240
Event Type: информация
User:

Computer Name: MICROSOF-4F339B
Event Code: 7035
Message: Служба «aswRdr» успешно отправила управляющий элемент «запустить».

Record Number: 3418
Source Name: Service Control Manager
Time Written: 20090724172946.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: MICROSOF-4F339B
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».

Record Number: 3417
Source Name: Service Control Manager
Time Written: 20090724172946.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: MICROSOF-4F339B
Event Code: 7036
Message: Служба «Службы терминалов» перешла в состояние Работает.

Record Number: 3416
Source Name: Service Control Manager
Time Written: 20090724172946.000000+240
Event Type: информация
User:

Computer Name: MICROSOF-4F339B
Event Code: 7036
Message: Служба «avast! Web Scanner» перешла в состояние Работает.

Record Number: 3415
Source Name: Service Control Manager
Time Written: 20090724172946.000000+240
Event Type: информация
User:

=====Application event log=====

Computer Name: MICROSOF-4F339B
Event Code: 11728
Message: Product: Adobe Acrobat 7.0 — Tryout Professional — English, Franзais, Deutsch — Настройка завершена успешно.

Record Number: 176
Source Name: MsiInstaller
Time Written: 20090719181422.000000+240
Event Type: информация
User: MICROSOF-4F339BAdmin

Computer Name: MICROSOF-4F339B
Event Code: 1042
Message: Завершение транзакции установщика Windows: C:WINDOWSInstallerd664e7.msi. ИД клиентского процесса: 972.

Record Number: 175
Source Name: MsiInstaller
Time Written: 20090719181215.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: MICROSOF-4F339B
Event Code: 1038
Message: Установщик Windows требует перезагрузки системы. Продукт: Adobe Acrobat 7.0 — Tryout Professional — English, Franзais, Deutsch. Версия: 7.0.0. Язык: 1033. Тип перезагрузки: 1. Причина перезагрузки: 2.

Record Number: 174
Source Name: MsiInstaller
Time Written: 20090719181215.000000+240
Event Type: информация
User: MICROSOF-4F339BAdmin

Computer Name: MICROSOF-4F339B
Event Code: 1040
Message: Начата транзакция установщика Windows: C:WINDOWSInstallerd664e7.msi. ИД клиентского процесса: 972.

Record Number: 173
Source Name: MsiInstaller
Time Written: 20090719181101.000000+240
Event Type: информация
User: MICROSOF-4F339BAdmin

Computer Name: MICROSOF-4F339B
Event Code: 1002
Message: Оболочка неожиданно завершила работу, и программа «Explorer.exe» была перезапущена.

Record Number: 172
Source Name: Winlogon
Time Written: 20090718204006.000000+240
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=2f02
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

Logfile of random’s system information tool 1.06 (written by random/random)
Run by юльчита at 2009-08-19 11:37:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (41%) free of 20 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:58, on 19.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32nvsvc32.exe
D:StroySoftUtilsIB_Backup.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesDownload Masterdmaster.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:WINDOWSexplorer.exe
C:Program FilesOperaopera.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:DownloadsПрограммыRSIT.exe
C:Program Filestrend microюльчита.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://nightwarez.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4D91-8333-CF10577473F7} — C:Program FilesGooglegoogletoolbar1.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [Messenger (Yahoo!)] «C:Program FilesYahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O17 — HKLMSystemCCSServicesTcpip..{65D658B6-451E-4F5A-8281-21026FDCE487}: NameServer = 10.100.6.1
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: IB_Backup (Service1) — StroySoft — D:StroySoftUtilsIB_Backup.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: Yahoo! Updater (YahooAUService) — Yahoo! Inc. — C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

—
End of file — 7093 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2009-04-16 158208]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4D91-8333-CF10577473F7}]
&Google — C:Program FilesGooglegoogletoolbar1.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-06-20 35840]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-06-20 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-01-15 13680640]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-01-15 86016]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2009-01-11 132096]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2009-05-06 3777536]
«Messenger (Yahoo!)»=C:Program FilesYahoo!MessengerYahooMessenger.exe [2009-05-26 4351216]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2009-08-13 288048]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2009-04-30 37376]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSMConfigurePrograms»=1
«NoSMHelp»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-08-19 11:37:22 —-D—- C:Program Filestrend micro
2009-08-19 11:37:21 —-D—- C:rsit
2009-08-19 11:28:18 —-D—- C:Documents and SettingsюльчитаApplication DataDesktopicon
2009-08-19 11:28:17 —-D—- C:Program FilesUnlocker
2009-08-19 11:23:38 —-D—- C:WINDOWSpss
2009-08-19 11:10:11 —-A—- C:ComboFix.txt
2009-08-19 11:01:29 —-A—- C:WINDOWSzip.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSSWXCACLS.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSSWSC.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSSWREG.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSsed.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSPEV.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSNIRCMD.exe
2009-08-19 11:01:29 —-A—- C:WINDOWSgrep.exe
2009-08-19 11:01:25 —-D—- C:WINDOWSERDNT
2009-08-19 11:01:13 —-D—- C:Qoobox
2009-08-19 10:53:04 —-A—- C:logit.txt
2009-08-18 21:02:43 —-A—- C:WINDOWSsystem32hlvdd.dll
2009-08-18 21:02:42 —-A—- C:WINDOWSsystem32UNWISE.EXE
2009-08-18 21:02:42 —-A—- C:WINDOWSsystem32hlduinst.exe
2009-08-18 21:02:42 —-A—- C:WINDOWSsystem32hinstd.dll
2009-08-18 20:55:17 —-D—- C:Program FilesCommon FilesBorland Shared
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32P2smon.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32P2SEVT.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32P2IRDAO.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32P2CTDAO.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32P2BDAO.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32P2bbnd.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32Implode.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32getIOR.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32EXLATE32.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32etc-1-0-12.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32ETC.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32ebus-3-3-2.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32EBUS.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32CRxmlx07.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32CRWRAP32.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32CRUTL15R.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32CRUTL15.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32Crutl14r.dll
2009-08-18 20:55:16 —-A—- C:WINDOWSsystem32Crutl14.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32stringres_en.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32S2DTCONV.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32Roboex32.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32PG32CONV.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3tdoen.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3soden.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3smnen.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3seven.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3rdoen.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3ddoen.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32p3dbden.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32P2SODBC.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32CRPE32.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32Crpaig80.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32CRInf9.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32CPEAUT32.dll
2009-08-18 20:55:15 —-A—- C:WINDOWSsystem32C2SUPPRT.dll
2009-08-18 20:55:14 —-A—- C:WINDOWSsystem32SSCSDK80.dll
2009-08-18 20:55:14 —-A—- C:WINDOWSsystem32Sbtrvd32.dll
2009-08-18 20:55:14 —-A—- C:WINDOWSsystem32S2SQLPRS.dll
2009-08-18 20:55:11 —-D—- C:WINDOWSCrystal
2009-08-18 20:54:29 —-A—- C:WINDOWSsystem32Upd_ver_dll.dll
2009-08-18 20:54:22 —-A—- C:WINDOWSsystem32GDS32.DLL
2009-08-18 20:54:20 —-D—- C:Program FilesFirebird
2009-08-17 21:44:10 —-D—- C:MyDownloads
2009-08-17 21:42:03 —-D—- C:Program FilesStreamDown v6.4
2009-08-13 17:26:59 —-D—- C:Program FilesuTorrent
2009-08-13 17:26:02 —-D—- C:Documents and SettingsюльчитаApplication DatauTorrent
2009-08-12 14:36:00 —-D—- C:Documents and SettingsюльчитаApplication DataYahoo!
2009-08-12 14:29:44 —-D—- C:Documents and SettingsAll UsersApplication DataYahoo!
2009-08-12 14:29:42 —-D—- C:Program FilesYahoo!
2009-08-12 12:14:39 —-D—- C:Documents and SettingsюльчитаApplication DataDownload Master
2009-08-11 13:33:21 —-D—- C:Documents and SettingsюльчитаApplication DataDivX
2009-08-11 13:33:20 —-D—- C:Documents and SettingsюльчитаApplication DataMedia Player Classic
2009-08-11 13:32:23 —-D—- C:Documents and SettingsюльчитаApplication DataDAEMON Tools
2009-08-11 13:21:47 —-D—- C:Documents and SettingsюльчитаApplication DataMacromedia
2009-08-11 13:18:24 —-D—- C:Documents and SettingsюльчитаApplication DataOpera
2009-08-11 13:17:01 —-D—- C:Documents and SettingsюльчитаApplication DataAdobe
2009-08-11 13:08:30 —-D—- C:Documents and SettingsюльчитаApplication DataIdentities
2009-08-11 13:08:15 —-SD—- C:Documents and SettingsюльчитаApplication DataMicrosoft
2009-08-11 13:08:15 —-ASH—- C:Documents and SettingsюльчитаApplication Datadesktop.ini
2009-08-10 13:14:31 —-D—- C:Program FilesDirectX
2009-08-10 13:14:16 —-RA—- C:WINDOWSsystem32tmp253.tmp
2009-08-10 13:14:16 —-RA—- C:WINDOWSsystem32tmp252.tmp
2009-08-09 16:34:00 —-RA—- C:WINDOWSsystem32tmp356.tmp
2009-08-09 16:34:00 —-RA—- C:WINDOWSsystem32tmp355.tmp
2009-08-07 19:36:19 —-D—- C:Documents and SettingsAll UsersApplication DataACD Systems
2009-08-07 19:36:14 —-D—- C:Program FilesCommon FilesACD Systems
2009-08-07 19:36:14 —-D—- C:Program FilesACD Systems
2009-08-07 15:10:25 —-D—- C:Program FilesFifa Master
2009-08-03 17:40:47 —-D—- C:Program Files7-Zip
2009-07-30 17:51:25 —-D—- C:vkopt163
2009-07-24 19:35:33 —-HDC—- C:WINDOWS$NtUninstallXPSEPSCLP$
2009-07-24 19:34:48 —-D—- C:Program FilesMSBuild
2009-07-24 19:33:17 —-D—- C:WINDOWSsystem32XPSViewer
2009-07-24 19:33:14 —-D—- C:WINDOWSsystem32en-us
2009-07-24 19:32:45 —-D—- C:Program FilesReference Assemblies
2009-07-24 19:32:31 —-N—- C:WINDOWSsystem32spmsg2.dll
2009-07-24 19:32:31 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-07-24 16:43:33 —-D—- C:Program FilesAskTBar
2009-07-22 13:49:26 —-D—- C:Program FilesMicrosoft WSE

======List of files/folders modified in the last 1 months======

2009-08-19 11:37:22 —-RD—- C:Program Files
2009-08-19 11:23:38 —-D—- C:WINDOWS
2009-08-19 11:11:35 —-D—- C:WINDOWSTemp
2009-08-19 11:10:13 —-D—- C:WINDOWSsystem32drivers
2009-08-19 11:10:13 —-D—- C:WINDOWSsystem32
2009-08-19 11:09:27 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-08-19 11:09:09 —-D—- C:WINDOWSsystem32CatRoot2
2009-08-19 11:08:56 —-D—- C:WINDOWSSoftwareDistribution
2009-08-19 11:08:40 —-A—- C:WINDOWSsystem.ini
2009-08-19 11:06:14 —-D—- C:Program FilesGoogle
2009-08-19 11:05:11 —-D—- C:WINDOWSAppPatch
2009-08-19 11:05:10 —-D—- C:Program FilesCommon Files
2009-08-19 11:02:01 —-A—- C:WINDOWSSchedLgU.Txt
2009-08-19 11:01:29 —-SHD—- C:System Volume Information
2009-08-19 11:01:29 —-D—- C:WINDOWSsystem32Restore
2009-08-19 10:57:20 —-D—- C:Temp
2009-08-19 10:35:33 —-D—- C:WINDOWSsystem32ShellExt
2009-08-19 10:31:21 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-08-18 21:02:45 —-HD—- C:WINDOWSinf
2009-08-18 21:02:43 —-D—- C:WINDOWSsystem32Setup
2009-08-18 20:55:14 —-D—- C:WINDOWSFonts
2009-08-18 20:54:10 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-18 16:59:08 —-D—- C:WINDOWSPrefetch
2009-08-18 16:37:38 —-D—- C:Program FilesAdobe
2009-08-18 15:26:49 —-D—- C:Program FilesAIMP2
2009-08-18 13:31:53 —-SHD—- C:WINDOWSInstaller
2009-08-18 13:31:49 —-D—- C:Program FilesOpera
2009-08-17 17:50:39 —-D—- C:Program FilesNetMeeting
2009-08-17 17:50:38 —-SD—- C:WINDOWSsystem32Microsoft
2009-08-15 13:25:21 —-D—- C:WINDOWSsystem32appmgmt
2009-08-13 21:05:56 —-D—- C:Program FilesFlylinkDC++
2009-08-13 17:16:33 —-D—- C:Downloads
2009-08-11 13:16:54 —-D—- C:Program FilesQIP
2009-08-11 13:15:03 —-A—- C:WINDOWSODBC.INI
2009-08-11 13:10:35 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-11 13:08:32 —-A—- C:WINDOWSOEWABLog.txt
2009-08-11 13:08:14 —-D—- C:Documents and Settings
2009-08-10 17:08:31 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-08-10 17:08:12 —-D—- C:Program FilesCommon FilesAdobe
2009-08-10 14:09:10 —-RSD—- C:WINDOWSassembly
2009-08-10 14:08:46 —-D—- C:WINDOWSsystem32DirectX
2009-08-10 13:14:16 —-A—- C:WINDOWSsystem32wrap_oal.dll
2009-08-10 13:14:16 —-A—- C:WINDOWSsystem32OpenAL32.dll
2009-08-10 13:14:11 —-D—- C:WINDOWSWinSxS
2009-08-01 15:00:06 —-D—- C:Program FilesCommon FilesInstallShield
2009-07-26 20:24:26 —-D—- C:WINDOWSMicrosoft.NET
2009-07-24 20:45:39 —-D—- C:WINDOWSsystem32CatRoot
2009-07-24 19:35:26 —-D—- C:WINDOWSsystem32ru-ru
2009-07-24 19:32:34 —-D—- C:WINDOWSsystem32spool
2009-07-23 17:44:55 —-HD—- C:WINDOWSsystem32GroupPolicy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-06-19 36864]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R2 exFat;exFat; C:WINDOWSsystem32driversexFat.sys [2009-01-28 133632]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 catchme;catchme; ??C:ComboFixcatchme.sys []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-01-15 6301248]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSnvefd2k.sys [2007-07-12 42112]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2008-10-30 117120]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S3 aphm2uff;aphm2uff; C:WINDOWSsystem32driversaphm2uff.sys []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-06-22 25280]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-01-15 163908]
R2 Service1;IB_Backup; D:StroySoftUtilsIB_Backup.exe [2004-11-19 2757632]
R2 YahooAUService;Yahoo! Updater; C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe [2008-11-10 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-06-23 69632]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-06-20 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

[Admin]

Здравствууйте, добро пожаловать на Spyware-ru форум.

Вижу вы запускали Combofix, запустите ещё раз и получившийся лог вставьте в ваше следующее сообщение.

[Автор]

Сообщения