загружена опреативная память на 80%

[alekst5]

доброго дня ,загружена оперативная память почти полностью,программы никакие не запущены,машина тормозит ужасно!помогите !докт веб нашел троянов,я их снес ,не помогает![Logfile of random’s system information tool 1.05 (written by random/random)
Run by ex2 at 2009-01-20 07:36:44
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 19 GB (45%) free of 42 GB
Total RAM: 1919 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:37:46, on 20.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAvira Premium Security Suitesched.exe
C:Program FilesAviraAvira Premium Security Suiteavfwsvc.exe
C:Program FilesAviraAvira Premium Security Suiteavguard.exe
C:Program FilesAviraAvira Premium Security Suiteavesvc.exe
E:EWA netdatabaseTransBase EWAtbmux32.exe
E:EWA netdatabaseTransBase EPCtbmux32.exe
E:EWA netdatabaseTransBase WIStbmux32.exe
E:EWA netserverbintomcat.exe
C:Program FilesFirebirdFirebird_1_5binfbguard.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesBHPSPmap1binMapperMonService.exe
C:PROGRA~1BHPSlicbinlmgrd.exe
C:Program FilesBHPSJRE142binjavaw.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
E:BMWgrouptransbasetbmux32.exe
E:TECDOC_CD1_2009dbtbmux32.exe
C:Program FilesAviraAvira Premium Security Suiteavmailc.exe
C:Program FilesAviraAvira Premium Security SuiteAVWEBGRD.EXE
C:Program FilesBHPSGmgbinDBMonService.exe
C:Program FilesBHPSMAPUbinDBMonService.exe
C:Program FilesBHPSGmgbinTomcatMonService.exe
C:Program FilesBHPSJRE142binjava.exe
C:Program FilesBHPSGmgbintbmux32.exe
C:Program FilesBHPSMAPUbintbmux32.exe
C:Program FilesFirebirdFirebird_1_5binfbserver.exe
E:EWA netdatabaseTransBase EPCtbkern32.exe
C:WINDOWSSystem32alg.exe
E:EWA netdatabaseTransBase EWAtbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:Program FilesBHPSGmgbintbkern32.exe
C:WINDOWSExplorer.EXE
D:Program FilesA4TechMouseAmoumain.exe
C:Program FilesAviraAvira Premium Security Suiteavgnt.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesRainlendar2Rainlendar2.exe
C:Program FilesPunto Switcherpunto.exe
D:Program FilesprinteruTorrent.exe
E:EWA netdatabaseTransBase EWAtbkern32.exe
C:WINDOWSsystem32ntvdm.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
C:PROGRA~1BHPSlicbinbhepcls.exe
D:ali123launch.exe
C:TempRarSFX0_start.exe
C:TempRarSFX0setup.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesDownload Masterdmaster.exe
D:ali123RSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microex2.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSpchealthhelpctrSystempanelsblank.htm
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://forum.alcohol-soft.com/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — (no file)
O2 — BHO: (no name) — {02EA51A8-939A-4E9B-9393-9E59D5CE09B1} — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: (no name) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [WheelMouse] d:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAvira Premium Security Suiteavgnt.exe» /min
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [Infium] «C:Program FilesQIP Infiuminfium.exe»
O4 — HKCU..Run: [SmartRAM] «C:Program FilesIObitAdvanced SystemCare 3Sup_SmartRAM.exe» /m
O4 — HKCU..Run: [Uniblue RegistryBooster 2009] D:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-21-220523388-343818398-839522115-500..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Администратор’)
O4 — HKUSS-1-5-21-220523388-343818398-839522115-500..RunOnce: [NeroHomeFirstStart] «C:Program FilesCommon FilesNeroLibNMFirstStart.exe» (User ‘Администратор’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{B33DDFE6-54EF-4CF4-9BB0-75532F139983}: NameServer = 192.168.1.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) — Avira GmbH — C:Program FilesAviraAvira Premium Security Suiteavfwsvc.exe
O23 — Service: Avira Premium Security Suite MailGuard (AntiVirMailService) — Avira GmbH — C:Program FilesAviraAvira Premium Security Suiteavmailc.exe
O23 — Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAvira Premium Security Suitesched.exe
O23 — Service: Avira Premium Security Suite Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAvira Premium Security Suiteavguard.exe
O23 — Service: Avira Premium Security Suite WebGuard (antivirwebservice) — Avira GmbH — C:Program FilesAviraAvira Premium Security SuiteAVWEBGRD.EXE
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Avira Premium Security Suite MailGuard helper service (AVEService) — Avira GmbH — C:Program FilesAviraAvira Premium Security Suiteavesvc.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: EWA net DB Core — Transaction Software, D 81737 Munich — E:EWA netdatabaseTransBase EWAtbmux32.exe
O23 — Service: EWA net DB EPC — Transaction Software, D 81737 Munich — E:EWA netdatabaseTransBase EPCtbmux32.exe
O23 — Service: EWA net DB WIS — Transaction Software, D 81737 Munich — E:EWA netdatabaseTransBase WIStbmux32.exe
O23 — Service: EWA net Server — Alexandria Software Consulting — E:EWA netserverbintomcat.exe
O23 — Service: Firebird Guardian — DefaultInstance (FirebirdGuardianDefaultInstance) — The Firebird Project — C:Program FilesFirebirdFirebird_1_5binfbguard.exe
O23 — Service: Firebird Server — DefaultInstance (FirebirdServerDefaultInstance) — The Firebird Project — C:Program FilesFirebirdFirebird_1_5binfbserver.exe
O23 — Service: Forceware Web Interface (ForcewareWebInterface) — Apache Software Foundation — C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: ForceWare IP service (nSvcIp) — NVIDIA Corporation — C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
O23 — Service: ForceWare user log service (nSvcLog) — NVIDIA Corporation — C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: pqeauto.database.dbmonitor.GMG — ProQuest Business Solutions — C:Program FilesBHPSGmgbinDBMonService.exe
O23 — Service: pqeauto.database.dbmonitor.MAPU — ProQuest Business Solutions — C:Program FilesBHPSMAPUbinDBMonService.exe
O23 — Service: pqeauto.energy.mappermonitor — ProQuest Business Solutions — C:Program FilesBHPSPmap1binMapperMonService.exe
O23 — Service: pqeauto.engine.tomcatmonitor.GMG — ProQuest Business Solutions — C:Program FilesBHPSGmgbinTomcatMonService.exe
O23 — Service: ProQuest Product License Manager — Macrovision Corporation — C:PROGRA~1BHPSlic\binlmgrd.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — d:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — d:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Transbase — Transaction Software, D 81737 Munich — E:BMWgrouptransbasetbmux32.exe
O23 — Service: Transbase TECDOC CD 1_2009 Service — Transaction Software, D 81829 Munich — E:TECDOC_CD1_2009dbtbmux32.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 12043 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02EA51A8-939A-4E9B-9393-9E59D5CE09B1}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]
«WheelMouse»=d:Program FilesA4TechMouseAmoumain.exe [2007-02-10 204800]
«avgnt»=C:Program FilesAviraAvira Premium Security Suiteavgnt.exe [2008-06-12 266497]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Rainlendar2″=C:Program FilesRainlendar2Rainlendar2.exe [2007-12-30 1365504]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«Infium»=C:Program FilesQIP Infiuminfium.exe [2008-10-14 4888576]
«SmartRAM»=C:Program FilesIObitAdvanced SystemCare 3Sup_SmartRAM.exe [2008-12-12 202264]
«Uniblue RegistryBooster 2009″=D:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHigh Definition Audio Property Page Shortcut]
C:WINDOWSsystem32HDAShCut.exe [2004-10-27 61952]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMicrosoft Windows DLL Loader]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRegClean Expert Scheduler]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMConfigurePrograms»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoResolveSearch»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe»=»C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe:*:Enabled:Apache HTTP Server»
«E:BMWgroupjavaclientETK.exe»=»E:BMWgroupjavaclientETK.exe:*:Enabled:ETK»
«E:Fiatj2sdk1.4.1binjavaw.exe»=»E:Fiatj2sdk1.4.1binjavaw.exe:*:Enabled:javaw»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«D:Program FilesprinteruTorrent.exe»=»D:Program FilesprinteruTorrent.exe:*:Enabled:µTorrent»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{02a89b47-d24a-11dd-80ee-001a920728df}]
shellAutoRuncommand — G:xorprj.exe
shellexplorecommand — G:xorprj.exe
shellopencommand — G:xorprj.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1188d0c9-62bf-11dd-802b-001a920728df}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{28bf2b6a-6d13-11dd-8038-001a920728df}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2a6f1148-4354-11dd-bffe-001a920728df}]
shellAutoRuncommand — G:
shellopencommand — rundll32.exe .\qsru.dll,InstallM

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d9bf31a8-0797-11dd-bfa9-001a920728df}]
shellAutoRuncommand — nlblkhq.com
shellexplorecommand — nlblkhq.com
shellopencommand — nlblkhq.com

======List of files/folders created in the last 1 months======

2009-01-20 07:36:44 —-D—- C:rsit
2009-01-20 07:36:44 —-D—- C:Program Filestrend micro
2009-01-20 07:12:08 —-HDC—- C:Documents and SettingsAll UsersApplication Data{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-20 07:06:55 —-RHD—- C:AHCache
2009-01-20 06:54:37 —-HDC—- C:Documents and SettingsAll UsersApplication Data~0
2009-01-17 09:53:40 —-D—- C:inst orig
2009-01-16 12:57:38 —-N—- C:WINDOWSunvise32.exe
2009-01-15 10:11:58 —-A—- C:WINDOWSsystem32WgaTray.exe
2009-01-15 10:11:58 —-A—- C:WINDOWSsystem32WgaLogon.dll
2009-01-15 10:11:58 —-A—- C:WINDOWSsystem32OGACheckControl.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32Vista.Emulation.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32SDL.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32PhysXCore.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32PhysXCooking.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32NPSWF32.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32Newton.dll
2009-01-15 10:11:57 —-A—- C:WINDOWSsystem32LegitCheckControl.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32msjava.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32fmodex.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32fmod.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32eax.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32D3D10SDKLayers.DLL
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32CompressATI2.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32bass.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32avrt.dll
2009-01-15 10:11:56 —-A—- C:WINDOWSsystem32atimgpud.dll
2009-01-15 10:11:54 —-D—- C:WINDOWSsystem32PF
2009-01-15 10:11:54 —-D—- C:WINDOWSsystem32Ansi
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32zlib1.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32wnaspi32.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32vcomp.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32Vbrun300.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32vbrun200.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32vbrun100.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32D3DX10d_39.dll
2009-01-15 10:11:54 —-A—- C:WINDOWSsystem32d2d1.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32Vb40032.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32Vb40016.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32ssleay32.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcrt10.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcr90.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcr80d.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcr80.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcp90.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcp80.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcm90.dll
2009-01-15 10:11:53 —-A—- C:WINDOWSsystem32msvcm80.dll
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32msvci70.dll
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32mfcm80u.dll
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32mfcm80.dll
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32mfc80.dll
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71KOR.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71JPN.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71ITA.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71FRA.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71ESP.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71ENU.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71DEU.DLL
2009-01-15 10:11:52 —-A—- C:WINDOWSsystem32MFC71CHT.DLL
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32MFC71CHS.DLL
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70u.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70kor.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70jpn.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70ita.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70fra.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70esp.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70enu.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70deu.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70cht.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70chs.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32mfc70.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32libssl32.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32libeay32.dll
2009-01-15 10:11:51 —-A—- C:WINDOWSsystem32ATL80.dll
2009-01-15 10:11:50 —-A—- C:WINDOWSsystem32atl70.dll
2009-01-12 09:09:35 —-D—- C:Program Filesdirectx
2009-01-08 10:20:40 —-D—- C:Documents and Settingsex2Application DataSoftware Informer
2009-01-07 13:32:49 —-RHD—- C:Documents and Settingsex2Application DataSecuROM
2009-01-06 09:35:52 —-D—- C:WINDOWSsystem32AGEIA
2009-01-06 09:35:52 —-D—- C:Program FilesAGEIA Technologies
2009-01-06 09:35:38 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-01-05 16:15:08 —-D—- C:WINDOWS__SkypeIEToolbar_Cache
2009-01-05 08:20:53 —-D—- C:NVIDIA
2009-01-05 08:07:41 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-01-05 08:06:33 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2009-01-05 08:06:33 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2009-01-05 08:06:32 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2009-01-05 08:06:32 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2009-01-05 08:06:32 —-A—- C:WINDOWSsystem32D3DX9_40.dll
2009-01-05 08:06:31 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-01-05 08:06:31 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-01-05 08:06:31 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2009-01-05 08:06:31 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2009-01-05 08:06:30 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-01-05 08:06:30 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-01-05 08:06:30 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-01-05 08:06:29 —-A—- C:WINDOWSsystem32D3DX9_39.dll
2009-01-05 08:05:10 —-HD—- C:WINDOWSmsdownld.tmp
2008-12-31 09:23:54 —-D—- C:Documents and Settingsex2Application DataPointstone
2008-12-31 09:18:32 —-D—- C:Program FilesCommon FilesPointstone
2008-12-29 15:13:32 —-D—- C:Documents and Settingsex2Application DataAvira
2008-12-29 15:06:42 —-A—- C:WINDOWSsystem32avsda.dll
2008-12-29 15:06:38 —-D—- C:Program FilesAvira
2008-12-29 15:06:38 —-D—- C:Documents and SettingsAll UsersApplication DataAvira
2008-12-25 08:05:11 —-D—- C:Documents and Settingsex2Application DatauTorrent
2008-12-24 11:43:01 —-D—- C:Documents and Settingsex2Application DataOpenOffice.org
2008-12-24 11:42:32 —-D—- C:WINDOWSShellNew
2008-12-24 11:41:39 —-D—- C:Program FilesOpenOffice.org 3
2008-12-23 10:34:26 —-D—- C:Documents and Settingsex2Application DataCursorArts
2008-12-22 14:15:00 —-A—- C:WINDOWSsystem32appdrvrem01.exe

======List of files/folders modified in the last 1 months======

2009-01-20 07:37:43 —-D—- C:temp
2009-01-20 07:36:47 —-D—- C:WINDOWSPrefetch
2009-01-20 07:36:44 —-D—- C:Program Files
2009-01-20 07:19:36 —-D—- C:WINDOWSTemp
2009-01-20 07:14:43 —-SHD—- C:WINDOWSInstaller
2009-01-20 07:14:43 —-SHD—- C:Config.Msi
2009-01-20 06:54:37 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-20 06:45:18 —-D—- C:WINDOWSsystem32drivers
2009-01-19 16:39:19 —-A—- C:WINDOWSNeroDigital.ini
2009-01-19 14:39:39 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-19 13:08:32 —-D—- C:Program FilesMozilla Firefox
2009-01-19 11:19:01 —-D—- C:WINDOWSLogs
2009-01-19 11:19:01 —-D—- C:WINDOWS
2009-01-17 15:12:02 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-17 11:35:49 —-HD—- C:WINDOWSinf
2009-01-16 07:47:57 —-D—- C:WINDOWSsystem32
2009-01-16 07:33:02 —-RSD—- C:WINDOWSassembly
2009-01-16 07:32:46 —-D—- C:WINDOWSsystem32DirectX
2009-01-15 10:11:56 —-RSD—- C:WINDOWSFonts
2009-01-14 10:58:15 —-D—- C:Program FilesIObit
2009-01-07 14:01:38 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-07 07:38:13 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-01-06 09:35:38 —-D—- C:Program FilesCommon Files
2009-01-05 08:26:35 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-01-05 08:23:30 —-D—- C:WINDOWSHelp
2009-01-05 08:23:28 —-D—- C:WINDOWSnview
2009-01-05 08:21:34 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-24 11:42:33 —-D—- C:WINDOWSWinSxS
2008-12-24 11:41:11 —-D—- C:Program FilesOpenOffice.org 2.3
2008-12-24 10:57:34 —-D—- C:Documents and Settingsex2Application DataOpenOffice.org2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2008-12-22 2911848]
R1 avfwot;avfwot; C:WINDOWSsystem32DRIVERSavfwot.sys [2008-05-07 71592]
R1 avgio;avgio; ??C:Program FilesAviraAvira Premium Security Suiteavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 tmcomm;tmcomm; ??C:WINDOWSsystem32driverstmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-03-04 127872]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSsystem32DRIVERSAmps2prt.sys [2007-02-09 14336]
R3 avfwim;AvFw Packet Filter Miniport; C:WINDOWSsystem32DRIVERSavfwim.sys [2008-05-07 71464]
R3 avgntflt;avgntflt; ??C:Program FilesAviraAvira Premium Security Suiteavgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 IKFileSec;File Security Driver; C:WINDOWSsystem32driversikfilesec.sys [2008-08-25 40840]
R3 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-08-25 66952]
R3 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-08-25 81288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-06-29 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-06-29 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2005-11-03 10368]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2005-10-10 393088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-18 26624]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-18 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-18 17024]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 amqcm30z;amqcm30z; C:WINDOWSsystem32driversamqcm30z.sys []
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2004-10-27 145920]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-18 40320]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PRODIGY;PRODIGY; C:WINDOWSSystem32DriversPRODIGY.SYS [2006-08-29 32377]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirFirewallService;Avira Premium Security Suite Firewall; C:Program FilesAviraAvira Premium Security Suiteavfwsvc.exe [2008-05-16 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard; C:Program FilesAviraAvira Premium Security Suiteavmailc.exe [2008-12-29 164097]
R2 AntiVirScheduler;Avira Premium Security Suite Scheduler; C:Program FilesAviraAvira Premium Security Suitesched.exe [2008-10-15 68865]
R2 AntiVirService;Avira Premium Security Suite Guard; C:Program FilesAviraAvira Premium Security Suiteavguard.exe [2008-10-15 151297]
R2 antivirwebservice;Avira Premium Security Suite WebGuard; C:Program FilesAviraAvira Premium Security SuiteAVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service; C:Program FilesAviraAvira Premium Security Suiteavesvc.exe [2008-05-09 41217]
R2 EWA net DB Core;EWA net DB Core; E:EWA netdatabaseTransBase EWAtbmux32.exe [2003-11-05 176128]
R2 EWA net DB EPC;EWA net DB EPC; E:EWA netdatabaseTransBase EPCtbmux32.exe [2006-07-27 380928]
R2 EWA net DB WIS;EWA net DB WIS; E:EWA netdatabaseTransBase WIStbmux32.exe [2003-11-05 176128]
R2 EWA net Server;EWA net Server; E:EWA netserverbintomcat.exe [2003-07-31 65536]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian — DefaultInstance; C:Program FilesFirebirdFirebird_1_5binfbguard.exe [2007-01-31 65536]
R2 ForcewareWebInterface;Forceware Web Interface; C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe [2006-04-13 20543]
R2 nSvcIp;ForceWare IP service; C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe [2006-06-29 131131]
R2 nSvcLog;ForceWare user log service; C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe [2006-06-29 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-10-07 163908]
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG; C:Program FilesBHPSGmgbinDBMonService.exe [2007-04-08 73728]
R2 pqeauto.database.dbmonitor.MAPU;pqeauto.database.dbmonitor.MAPU; C:Program FilesBHPSMAPUbinDBMonService.exe [2008-11-19 73728]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor; C:Program FilesBHPSPmap1binMap [2009-01-15 1292]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG; C:Program FilesBHPSGmgbinTomcatMonService.exe [2007-04-08 69632]
R2 ProQuest Product License Manager;ProQuest Product License Manager; C:PROGRA~1BHPSlic\binlmgrd.exe [2008-11-19 630272]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
R2 Transbase TECDOC CD 1_2009 Service;Transbase TECDOC CD 1_2009 Service; E:TECDOC_CD1_2009dbtbmux32.exe [2008-11-19 356352]
R2 Transbase;Transbase; E:BMWgrouptransbasetbmux32.exe [2004-08-05 385024]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
R3 FirebirdServerDefaultInstance;Firebird Server — DefaultInstance; C:Program FilesFirebirdFirebird_1_5binfbserver.exe [2007-01-31 1527893]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2008-12-22 304528]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-07-17 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2002-08-01 65536]
S3 sdAuxService;PC Tools Auxiliary Service; d:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; d:Program FilesSpyware DoctorpctsSvc.exe [2008-12-15 1079176]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-12-10 353280]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]

---

EOF

---

]
info.txt logfile of random’s system information tool 1.05 2009-01-20 07:37:48

======Uninstall list======

«Аскания-Авто» — Ценник v1.0—>»d:AscaniaAutounins000.exe»
—>C:Program FilesBHPSJRE142PQJREIUU.exe -u
—>MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.44 beta—>»C:Program Files7-ZipUninstall.exe»
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe AIR—>c:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Audition 2.0—>msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0—>MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Help Center 2.0—>MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Reader 7.0.8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe SVG Viewer 3.0—>C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -fC:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallInstall.log
Advanced SystemCare 3—>»C:Program FilesIObitAdvanced SystemCare 3unins000.exe»
AVAparts 2.1—>D:AVASetup.exe /remove
Avira Premium Security Suite—>C:Program FilesAviraAvira Premium Security SuiteSETUP.EXE /REMOVE
BDE 5.1—>C:WINDOWSIsUn0419.exe -f»C:Program FilesBorlandCommon FilesBDEUninst.isu»
Bosch Viewer—>E:BoschESITRO~1MCVIEWERUNWISE.EXE E:BoschESITRO~1MCVIEWERviewer_uninstall.log
Catalogo Cifam—>MsiExec.exe /I{EC94ADDA-CDA9-4D84-B68F-7B9CE09F4871}
Catalogo Pilenga—>C:WINDOWSIsUninst.exe -fd:Uninst.isu
CCleaner (remove only)—>»d:Program FilesCCleaneruninst.exe»
CD-Katalog—>C:WINDOWSiun507.exe d:Hegyalja.rusCDKatairunin.ini
Combined Community Codec Pack 2008-07-03—>»C:Program FilesCombined Community Codec Packunins000.exe»
Compact Catalogue Iveco—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1BFCA9A2-1D51-4750-8811-3DD4CD5580BC}Setup.exe»
CORTECO WELCAT—>D:CortecoUnInstall_17787.exe
Dialogys—>E:renaultDialogys_uninstuninstaller.exe
Download Master version 5.5.7.1145—>»C:Program FilesDownload Masterunins000.exe»
eCAT—>d:eCATsetup.exe /u eCAT
Electronic Parts Catalogue—>C:WINDOWSuninst.exe -fC:DeIsL1.isu
EPC for Windows98—>C:WINDOWSst6unst.exe -n «E:TMCEPCW2ST6UNST.000»
EPC30.04.07—>C:WINDOWSEPC30.04.07 Uninstaller.exe
ePER—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BB224962-A37E-4E24-87E2-BD0F47B6A8F5}setup.exe» -l0x9
ESI[tronic]—>E:BoschESITRO~1Setup.exe -u
ETK (Local)—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EC17C160-E2F0-47CC-86D4-140AE22EC38E}setup.exe» -l0x19
EWA net—>E:EWA netinstallmanagersetup.exe /clean
Firebird 1.5.4—>»C:Program FilesFirebirdFirebird_1_5unins000.exe»
FlameRobin 0.7.6—>»C:Program FilesFlameRobinunins000.exe»
FormaParts — Каталог 1.0.8—>»d:FormaPartsCatalogunins000.exe»
GM Daewoo EPC System 1.0—>»C:Dwmc_epcsetupuninst.exe»
GME EPC 3 3.23.0—>»C:Program FilesBHPSGmgInstlrbinuninstaller.exe» -u -t -iGmg -lru -p»C:Program FilesBHPSGmg» -r»C:Program FilesBHPSGmgInstlr»
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
hp LaserJet 1010 Series—>MsiExec.exe /I{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
IC_Katalog—>d:Inter CarsIC_Kataloguninstall.exe
ItalAvto—>MsiExec.exe /I{6C92A946-8FD2-46D3-8251-492821FC625B}
iWheelZoom 7.80—>d:Program FilesA4TechMouseUninst32.exe
J2SE Runtime Environment 5.0 Update 4—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Mazda EPC 3.0.3—>»C:Program FilesBHPSMAPUInstlrbinuninstaller.exe» -u -t -iMAPU -len -p»C:Program FilesBHPSMAPU» -r»C:Program FilesBHPSMAPUInstlr»
MAZDA EPC2—>E:MAZEPCUNINST.EXE E:MAZEPCINSTALL.LOG
Microsoft .NET Framework (English) v1.0.3705—>C:WINDOWSMicrosoft.NETFrameworkInstall.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)—>MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft ODBC .NET Data Provider—>MsiExec.exe /I{6868B3BD-0642-442C-A542-28716AA6DD2D}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero OEM—>D:AheadnerouninstallUNNERO.exe /UNINSTALL
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nissan FAST For Windows—>E:NissanUNINST.EXE E:NissanFW32INST.LOG
Nokia Connectivity Cable Driver—>MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{29466F9C-7C6A-419C-B301-F440FAF78760}Nokia_PC_Suite_rel_6_85_14_1_rus.exe
Nokia PC Suite—>MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA PhysX v8.09.04—>MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OpenAL—>»C:Program FilesOpenALOalinstGridRelease.exe» /U
OpenOffice.org 3.0—>MsiExec.exe /I{87A1E0E0-BAA6-40DD-82D6-7CFEEA05B3F9}
PC Connectivity Solution—>MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
ProQuest Product Licenser—>»C:Program FilesBHPSlic\uninstall.exe» -lang 1033 -log «C:Program FilesBHPSlic\BHFLMLOG.log»
ProQuestPalmDependsMSI—>MsiExec.exe /X{4E9E953A-D5C1-4E84-A693-A70F4DE65A6F}
Punto Switcher 3.0—>C:Program FilesPunto Switcheruninstall.exe
QIP Infium 2.0.9018 RC3—>»C:Program FilesQIP Infiumunins000.exe»
Radiator—>MsiExec.exe /I{A5D82845-F690-420D-9A11-562455F981A9}
Rainlendar2 (remove only)—>»C:Program FilesRainlendar2uninst.exe»
Reg Organizer 4.22—>»d:Program FilesReg Organizerunins000.exe»
SEINSA CT2—>C:WINDOWSiun506.exe C:SEINSAFirunin.ini
Skype™ 3.6—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
Spyware Doctor 6.0—>d:Program FilesSpyware Doctorunins000.exe /LOG
SUBARU-FAST 2—>E:SubaruUNINSFAE.EXE E:SubaruSUBARU.LOG
System Cleaner 5—>d:Program FilesPointstoneSystem Cleaner 5Uninstall.exe
SzakalCD 6.1—>»D:szakalCDunins000.exe»
TECDOC CD 1.2009—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{7C321891-78A2-44E8-9F44-4A667264ABC9} /l1049 /V»/Liove+ C:WINDOWSOfflineCatalogue_1_2009_TECDOC_CD.log»
VCDS Release 805.0—>d:Ross-TechVCDSUnInstall.exe
Winamp—>»d:Program FilesWinampUninstWA.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
WoodAuto—>C:WASPuninstall.exe
Архиватор WinRAR—>d:Program FilesWinRARuninstall.exe
Встраиваемый программный модуль изображений 2.13.0—>»C:Program FilesBHPSImgrplg2Instlrbinuninstaller.exe» -u -t -w -iImgrplg -lru -p»C:Program FilesBHPSImgrplg2″ -r»C:Program FilesBHPSImgrplg2Instlr»
Контрольные величины ESI—>C:WINDOWSIsUn0419.exe -fE:BoschESItronicUninst.isu
Пакет драйверов Windows — Nokia Modem (08/03/2007 3.2)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988pccs_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (08/03/2007 6.84.0.2)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BEnokbtmdm.inf
Пакет драйверов Windows — Nokia Modem (10/12/2007 3.6)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7nokia_bluetooth.inf
Пакет драйверов Windows — Ross-Tech USB Driver Package (11/16/2007 6.0.2.0)—>C:PROGRA~1DIFX270581355A767BF1DPInst.exe /u C:WINDOWSsystem32DRVSTORErt-usb_3C465006B48E3FFC70C99F2071FD1F21BB749614rt-usb.inf
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall

======Security center information======

AV: Avira Premium Security Suite
FW: ActiveArmor Firewall (disabled)
FW: Avira Firewall

System event log

Computer Name: XP1600
Event Code: 7
Message: Неверный блок на устройстве DeviceCdRom0.

Record Number: 16853
Source Name: Cdrom
Time Written: 20081215121259.000000+120
Event Type: ошибка
User:

Computer Name: XP1600
Event Code: 7
Message: Неверный блок на устройстве DeviceCdRom0.

Record Number: 16852
Source Name: Cdrom
Time Written: 20081215121259.000000+120
Event Type: ошибка
User:

Computer Name: XP1600
Event Code: 7
Message: Неверный блок на устройстве DeviceCdRom0.

Record Number: 16851
Source Name: Cdrom
Time Written: 20081215121259.000000+120
Event Type: ошибка
User:

Computer Name: XP1600
Event Code: 7
Message: Неверный блок на устройстве DeviceCdRom0.

Record Number: 16850
Source Name: Cdrom
Time Written: 20081215121259.000000+120
Event Type: ошибка
User:

Computer Name: XP1600
Event Code: 7
Message: Неверный блок на устройстве DeviceCdRom0.

Record Number: 16849
Source Name: Cdrom
Time Written: 20081215121259.000000+120
Event Type: ошибка
User:

Application event log

Computer Name: XP1600
Event Code: 101
Message: wuauclt (3236) Ядро базы данных остановлено.

Record Number: 3538
Source Name: ESENT
Time Written: 20080813073115.000000+180
Event Type: информация
User:

Computer Name: XP1600
Event Code: 103
Message: wuaueng.dll (3236) SUS20ClientDataStore: Ядро базы данных остановило работу экземпляра (0).

Record Number: 3537
Source Name: ESENT
Time Written: 20080813073115.000000+180
Event Type: информация
User:

Computer Name: XP1600
Event Code: 102
Message: wuaueng.dll (3236) SUS20ClientDataStore: Ядро базы данных запустило новый экземпляр (0).

Record Number: 3536
Source Name: ESENT
Time Written: 20080813072614.000000+180
Event Type: информация
User:

Computer Name: XP1600
Event Code: 100
Message: wuauclt (3236) Ядро базы данных 5.01.2600.2180 запущено.

Record Number: 3535
Source Name: ESENT
Time Written: 20080813072614.000000+180
Event Type: информация
User:

Computer Name: XP1600
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 3534
Source Name: SecurityCenter
Time Written: 20080813072533.000000+180
Event Type: информация
User:

Security event log

Computer Name: XP1600
Event Code: 538
Message: Выход пользователя из системы:

Пользователь: АНОНИМНЫЙ ВХОД

Домен: NT AUTHORITY

Код входа: (0x0,0xD70A4BE)

Тип входа: 3

Record Number: 74414
Source Name: Security
Time Written: 20090110130452.000000+120
Event Type: аудит — успех
User: NT AUTHORITYАНОНИМНЫЙ ВХОД

Computer Name: XP1600
Event Code: 540
Message: Успешный сетевой вход в систему:

Пользователь:

Домен:

Код входа: (0x0,0xD70A4BE)

Тип входа: 3

Процесс входа: NtLmSsp

Пакет проверки: NTLM

Рабочая станция: N1
Код GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 74413
Source Name: Security
Time Written: 20090110130452.000000+120
Event Type: аудит — успех
User: NT AUTHORITYАНОНИМНЫЙ ВХОД

Computer Name: XP1600
Event Code: 538
Message: Выход пользователя из системы:

Пользователь: Гость

Домен: XP1600

Код входа: (0x0,0xD6DF682)

Тип входа: 3

Record Number: 74412
Source Name: Security
Time Written: 20090110130348.000000+120
Event Type: аудит — успех
User: XP1600Гость

Computer Name: XP1600
Event Code: 538
Message: Выход пользователя из системы:

Пользователь: АНОНИМНЫЙ ВХОД

Домен: NT AUTHORITY

Код входа: (0x0,0xD6E8674)

Тип входа: 3

Record Number: 74411
Source Name: Security
Time Written: 20090110130046.000000+120
Event Type: аудит — успех
User: NT AUTHORITYАНОНИМНЫЙ ВХОД

Computer Name: XP1600
Event Code: 540
Message: Успешный сетевой вход в систему:

Пользователь:

Домен:

Код входа: (0x0,0xD6E8674)

Тип входа: 3

Процесс входа: NtLmSsp

Пакет проверки: NTLM

Рабочая станция: N2
Код GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 74410
Source Name: Security
Time Written: 20090110130046.000000+120
Event Type: аудит — успех
User: NT AUTHORITYАНОНИМНЫЙ ВХОД

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«EXTPROC_DLLS»=ANY
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=2
«OS»=Windows_NT
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAdobeAGL
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
«PROCESSOR_LEVEL»=15
«PROCESSOR_REVISION»=4302
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%
«QLinkSBU»=Automotive

---

EOF

---

[alekst5]

помогите пожалуйста!

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Судя по логу, возможно что ваш компьютер заражён червём conficker.aa.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

[Автор]

Сообщения