здрасте..

[justzen]

хеллоу, компьютер стал работать с ошибками, браузер подвисает постоянно, папки открываются с задержкой в пару сек.

log.txt

Logfile of random’s system information tool 1.05 (written by random/random)
Run by zen at 2009-03-06 15:45:33
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 45 GB (30%) free of 153 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:42, on 06.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesMotorolaSMSERIALsm56hlpr.exe
C:Program FilesCompalWireless Select SwitchWLSS.exe
C:Windowsvsnp2uvc.exe
C:Program FilesCompalWow Video&AudioWVAMain.exe
C:Program FilesWinampwinampa.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesMobile PartnerMobile Partner.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesWindows LiveContactswlcomm.exe
C:Program FilesAVGAVG8avgui.exe
C:Windowssystem32SearchFilterHost.exe
C:UserszenDesktopRSIT.exe
C:Program Filestrend microzen.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daemonsearch.com/intl/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.2.8.7.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} — C:Program FilesAVGAVG8avgssie.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O3 — Toolbar: AVG Security Toolbar — {A057A204-BACC-4D26-9990-79A187E2698E} — C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [SMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe
O4 — HKLM..Run: [WLSS] C:Program FilesCompalWireless Select SwitchWLSS.exe
O4 — HKLM..Run: [snp2uvc] C:Windowsvsnp2uvc.exe
O4 — HKLM..Run: [Wow Video&Audio] C:Program FilesCompalWow Video&AudioWVAMain.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [VoipBuster] «C:Program FilesVoipBuster.comVoipBusterVoipBuster.exe» -nosplash -minimized
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [Mobile Partner] «C:Program FilesMobile PartnerMobile Partner.exe»
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..Run: [Steam] «C:Program FilesSteamSteam.exe» -silent
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: OpenOffice.org 3.0.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O8 — Extra context menu item: &D&ownload &with BitComet — res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 — Extra context menu item: &D&ownload all video with BitComet — res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 — Extra context menu item: &D&ownload all with BitComet — res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: BitComet — {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} — res://C:Program FilesBitComettoolsBitCometBHO_1.2.8.7.dll/206 (file missing)
O13 — Gopher Prefix:
O17 — HKLMSystemCCSServicesTcpip..{A1B65E55-35BD-4610-B113-AD0DAE10A805}: NameServer = 195.197.54.100 195.74.0.47
O18 — Protocol: linkscanner — {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} — C:Program FilesAVGAVG8avgpp.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: avgrsstx.dll
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WindowsSystem32appdrvrem01.exe
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: Nalpeiron Licensing Service (ASTSRV) — Nalpeiron Ltd. — C:Windowssystem32ASTSRV.EXE
O23 — Service: AVG Free8 E-mail Scanner (avg8emc) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgemc.exe
O23 — Service: AVG Free8 WatchDog (avg8wd) — AVG Technologies CZ, s.r.o. — C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: Smart Watchdog Service (Smart Watchdog) — Unknown owner — C:Program FilesCompal Electronics, INCSmart WatchdogSWDsvc.exe
O23 — Service: Steam Client Service — Valve Corporation — C:Program FilesCommon FilesSteamSteamService.exe

—
End of file — 8221 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [2009-02-03 1078552]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-02-03 1968920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} — AVG Security Toolbar — C:PROGRA~1AVGAVG8AVGTOO~1.DLL [2009-02-03 1968920]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-19 1008184]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-05-10 4468736]
«SMSERIAL»=C:Program FilesMotorolaSMSERIALsm56hlpr.exe [2007-01-17 634880]
«WLSS»=C:Program FilesCompalWireless Select SwitchWLSS.exe [2007-04-23 190000]
«snp2uvc»=C:Windowsvsnp2uvc.exe [2006-12-29 569344]
«Wow Video&Audio»=C:Program FilesCompalWow Video&AudioWVAMain.exe [2007-05-03 951856]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-09-12 36352]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-06 136600]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2008-11-04 413696]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2008-11-20 290088]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2008-09-16 13580832]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2008-09-16 92704]
«AVG8_TRAY»=C:PROGRA~1AVGAVG8avgtray.exe [2009-02-03 1601304]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MsnMsgr»=C:Program FilesWindows LiveMessengerMsnMsgr.Exe [2009-02-06 3885408]
«VoipBuster»=C:Program FilesVoipBuster.comVoipBusterVoipBuster.exe [2008-01-17 8811824]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«Mobile Partner»=C:Program FilesMobile PartnerMobile Partner.exe [2007-09-04 86016]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-19 202240]
«Steam»=C:Program FilesSteamSteam.exe [2009-01-08 1410296]

C:UserszenAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»avgrsstx.dll»

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F]
shellAutoRuncommand — F:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{758eecde-92a9-11dd-82be-001b382ae280}]
shellAutoRuncommand — E:Autorun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{84366224-cba7-11dd-89c2-0013e85f344d}]
shellAutoRuncommand — F:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{84366237-cba7-11dd-89c2-0013e85f344d}]
shellAutoRuncommand — F:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{84366243-cba7-11dd-89c2-001b382ae280}]
shellAutoRuncommand — F:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{84366245-cba7-11dd-89c2-001b382ae280}]
shellAutoRuncommand — F:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{947af021-d034-11dd-a1f8-001b382ae280}]
shellAutoRuncommand — G:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{995a80ef-d107-11dd-b2aa-001b382ae280}]
shellAutoRuncommand — I:LaunchU3.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9a902261-a814-11dd-b374-001b382ae280}]
shellAutoRuncommand — E:Autorun.exe

======List of files/folders created in the last 1 months======

2009-03-06 12:10:11 —-D—- C:Program Filestrend micro
2009-03-06 12:10:10 —-D—- C:rsit
2009-03-03 22:11:22 —-D—- C:VundoFix Backups
2009-03-01 23:01:36 —-D—- C:Program FilesMicrosoft
2009-03-01 23:01:11 —-D—- C:Program FilesWindows Live SkyDrive
2009-03-01 22:52:29 —-D—- C:Program FilesCommon FilesWindows Live
2009-02-16 00:59:05 —-A—- C:Windowssystem32EncDec.dll
2009-02-16 00:59:00 —-A—- C:Windowssystem32psisdecd.dll
2009-02-12 11:23:39 —-A—- C:Windowssystem32mshtml.dll
2009-02-12 11:23:37 —-A—- C:Windowssystem32ieframe.dll
2009-02-12 11:23:35 —-A—- C:Windowssystem32urlmon.dll
2009-02-12 11:23:33 —-A—- C:Windowssystem32msfeeds.dll
2009-02-12 11:23:32 —-A—- C:Windowssystem32wininet.dll
2009-02-12 11:23:32 —-A—- C:Windowssystem32mstime.dll
2009-02-12 11:23:32 —-A—- C:Windowssystem32iertutil.dll
2009-02-12 11:23:31 —-A—- C:Windowssystem32jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-03-06 15:45:29 —-D—- C:WindowsTemp
2009-03-06 15:45:18 —-AD—- C:Windows
2009-03-06 13:10:41 —-SHD—- C:System Volume Information
2009-03-06 12:11:43 —-D—- C:WindowsPrefetch
2009-03-06 12:10:11 —-RD—- C:Program Files
2009-03-06 11:31:46 —-D—- C:WindowsSystem32
2009-03-06 11:31:46 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-03-06 11:31:45 —-D—- C:Windowsinf
2009-03-06 11:27:29 —-D—- C:Program FilesSteam
2009-03-05 23:21:37 —-D—- C:UserszenAppDataRoamingSkype
2009-03-05 18:45:18 —-D—- C:UserszenAppDataRoamingskypePM
2009-03-03 12:49:30 —-HD—- C:$AVG8.VAULT$
2009-03-01 23:07:40 —-SHD—- C:WindowsInstaller
2009-03-01 23:02:27 —-D—- C:Windowswinsxs
2009-03-01 23:01:31 —-D—- C:Windowssystem32catroot
2009-03-01 23:01:20 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-03-01 23:01:02 —-D—- C:Program FilesWindows Live
2009-03-01 22:52:29 —-D—- C:Program FilesCommon Files
2009-03-01 22:52:26 —-SD—- C:ProgramDataMicrosoft
2009-02-27 01:14:54 —-D—- C:Windowssystem32catroot2
2009-02-26 21:18:39 —-D—- C:Program FilesMicrosoft Silverlight
2009-02-24 17:08:23 —-D—- C:Program FilesDivX
2009-02-20 16:53:36 —-A—- C:Windowssystem32PnkBstrB.exe
2009-02-20 16:09:01 —-D—- C:Program FilesEA Sports
2009-02-18 17:51:36 —-D—- C:WindowsDebug
2009-02-16 08:29:07 —-D—- C:WindowsMicrosoft.NET
2009-02-16 08:27:35 —-D—- C:Windowsehome
2009-02-16 00:56:48 —-D—- C:Program FilesWindows Mail
2009-02-12 06:56:17 —-A—- C:Windowssystem32mrt.exe
2009-02-07 14:31:55 —-D—- C:Program FilesCommon FilesSteam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:WindowsSystem32Driversappdrv01.sys [2008-11-01 2911848]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:WindowsSystem32Driversavgldx86.sys [2009-02-03 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:WindowsSystem32Driversavgmfx86.sys [2009-02-03 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:WindowsSystem32Driversavgtdix.sys [2009-02-03 107272]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-02-08 179712]
R3 CamFilter;CamFilter; C:WindowsSystem32DriversCamFilter.sys [2007-05-11 17408]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:Windowssystem32DRIVERSCmBatt.sys [2008-01-19 14208]
R3 FStarForce;FStarForce; C:Windowssystem32DRIVERSFStarForce.sys [2008-10-24 9216]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:Windowssystem32DRIVERSGEARAspiWDM.sys [2008-04-17 15464]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-05-10 1775712]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2008-09-16 7379872]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:Windowssystem32DRIVERSsmserial.sys [2007-01-17 983936]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:Windowssystem32DRIVERSsnp2uvc.sys [2007-01-17 9599872]
R3 TcUsb;TC USB Kernel Driver; C:WindowsSystem32Driverstcusb.sys [2008-08-08 50704]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32DRIVERSwmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-19 83328]
S3 a2przcgu;a2przcgu; C:Windowssystem32driversa2przcgu.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:Windowssystem32driversdrmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:Windowssystem32driversMSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:Windowssystem32driversMSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:Windowssystem32driversMSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:Windowssystem32driversMSTEE.sys [2008-01-19 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:WindowsSystem32Driversusbaapl.sys [2008-11-07 32000]
S3 usbvideo;USB Video Device (WDM); C:WindowsSystem32Driversusbvideo.sys [2006-11-02 132352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASTSRV;Nalpeiron Licensing Service; C:Windowssystem32ASTSRV.EXE [2008-05-19 57344]
R2 avg8emc;AVG Free8 E-mail Scanner; C:PROGRA~1AVGAVG8avgemc.exe [2009-02-03 903960]
R2 avg8wd;AVG Free8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2009-02-03 298264]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2007-04-16 647168]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2008-09-16 196608]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2009-01-06 66872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2007-04-16 327680]
R2 Smart Watchdog;Smart Watchdog Service; C:Program FilesCompal Electronics []
R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2008-11-20 536872]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WindowsSystem32appdrvrem01.exe [2008-11-01 304528]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 Steam Client Service;Steam Client Service; C:Program FilesCommon FilesSteamSteamService.exe [2009-02-06 316664]

---

EOF

---

[justzen]

info.txt logfile of random’s system information tool 1.05 2009-03-06 12:10:50

======Uninstall list======

—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
AC3Filter (remove only)—>C:Program FilesAC3Filteruninstall.exe
Acrobat.com—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com—>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX—>C:Windowssystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:Windowssystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Alien Skin Bokeh—>C:ALIENS~1BokehUnwise32.exe C:ALIENS~1BokehINSTALL.LOG
Apple Mobile Device Support—>MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0—>C:Program FilesAVGAVG8setup.exe /UNINSTALL
BitComet 1.04—>C:Program FilesBitCometuninst.exe
Bonjour—>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Gigabit Integrated Controller—>MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Call of Duty(R) — World at War(TM)—>C:Program FilesInstallShield Installation Information{D80A6A73-E58A-4673-AFF5-F12D7110661F}setup.exe -runfromtemp -l0x0409
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
Choice Guard—>MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike—>»C:Program FilesSteamsteam.exe» steam://uninstall/10
Dead Space—>»C:Program FilesElectronic ArtsDead SpaceUninstallunins000.exe»
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters—>C:Program FilesDivXDivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
EuroTalk Talk Now Plus!—>C:PROGRA~1EuroTalkTALKNO~1UNWISE.EXE C:PROGRA~1EuroTalkTALKNO~1INSTALL.LOG
Fallout 3 v1.0—>»C:Program FilesBethesda SoftworksFallout 3unins000.exe»
FIFA 09—>MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
iTunes—>MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Magic ISO Maker v5.5 (build 0272)—>C:PROGRA~1MagicISOUNWISE.EXE C:PROGRA~1MagicISOINSTALL.LOG
mCore—>MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver—>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp—>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 SP1—>c:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Silverlight—>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC—>C:Program FilesmIRCuninstall.exe _?=C:Program FilesmIRC
mMHouse—>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile Partner—>C:Program FilesMobile Partneruninst.exe
Motorola SM56 Data Fax Modem—>rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
mPfMgr—>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers—>C:Windowssystem32NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0—>MsiExec.exe /I{37D61238-24EE-49C7-BA77-E395458B5E35}
POD-Bot 2.5—>C:Windowsunvise32.exe C:PROGRAM FILESSTEAMSTEAMAPPSEE@EE.EECOUNTER-STRIKECSTRIKEcstrikepoduninst.log
PunkBuster Services—>C:Windowssystem32pbsvc.exe -u
QuickTime—>MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}setup.exe» -l0x19 anything
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 3.0.3—>C:Program FilesSopCastuninst.exe
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TouchChip USB Driver 2.12—>MsiExec.exe /I{0D9C3E56-1F07-4C72-B472-824AE5E7C6D7}
USB Video Device—>C:Program FilesInstallShield Installation Information{399C37FB-08AF-493B-BFED-20FBD85EDF7F}setup.exe -runfromtemp -l0x0009 -removeonly
VC80CRTRedist — 8.0.50727.762—>MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VoipBuster—>»C:Program FilesVoipBuster.comVoipBusterunins000.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Live Communications Platform—>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger—>MsiExec.exe /X{4740F152-2F61-4DEF-80C4-BFDEC8D928C3}
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wireless Select Switch—>C:PROGRA~1COMMON~1INSTAL~1Driver1050INTEL3~1IDriver.exe /M{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}
Wow Video&Audio utility—>C:PROGRA~1COMMON~1INSTAL~1Driver1050INTEL3~1IDriver.exe /M{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Основные компоненты Windows Live—>C:Program FilesWindows LiveInstallerwlarp.exe
Основные компоненты Windows Live—>MsiExec.exe /I{9091E58F-3A35-45BA-BE8A-BEAB0E236BBB}
Помощник по входу в Windows Live—>MsiExec.exe /I{518A8485-E038-4A8C-A76B-1C868D95F13E}
Программное обеспечение Intel(R) PROSet/Wireless—>C:WindowsInstalleriProInst.exe
Средство передачи Windows Live—>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

System event log

Computer Name: suomi-pc
Event Code: 104
Message: The service is publishing to the network.
Record Number: 82420
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090306092927.413707-000
Event Type: Information
User: NT AUTHORITYLOCAL SERVICE

Computer Name: suomi-pc
Event Code: 20003
Message: Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT*6TO4MP037 with the following status: 0.
Record Number: 82421
Source Name: Microsoft-Windows-User-PnP
Time Written: 20090306092931.312707-000
Event Type: Information
User: NT AUTHORITYSYSTEM

Computer Name: suomi-pc
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 82422
Source Name: Service Control Manager
Time Written: 20090306092934.000000-000
Event Type: Information
User:

Computer Name: suomi-pc
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 82423
Source Name: Service Control Manager
Time Written: 20090306094604.000000-000
Event Type: Information
User:

Computer Name: suomi-pc
Event Code: 6013
Message: The system uptime is 2185 seconds.
Record Number: 82424
Source Name: EventLog
Time Written: 20090306100054.000000-000
Event Type: Information
User:

Application event log

Computer Name: suomi-pc
Event Code: 20225
Message: CoId={DE27F4C3-DAB7-4BAE-931B-A60E7DB22099}: The user suomi-pczen has dialed a connection named Saunalahti to the Remote Access Server which has successfully connected. The connection parameters are:
TunnelIpAddress = 85.77.221.222
TunnelIpv6Address = None
Dial-in User = .
Record Number: 12143
Source Name: RasClient
Time Written: 20090306092924.000000-000
Event Type: Information
User:

Computer Name: suomi-pc
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 12144
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090306093009.811707-000
Event Type: Information
User: suomi-pczen

Computer Name: suomi-pc
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 12145
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090306093021.814707-000
Event Type: Information
User: NT AUTHORITYSYSTEM

Computer Name: suomi-pc
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 12146
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090306093145.000000-000
Event Type: Information
User:

Computer Name: suomi-pc
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 12147
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090306093146.000000-000
Event Type: Information
User:

Security event log

Computer Name: suomi-pc
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 20131
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090306101044.230307-000
Event Type: Audit Failure
User:

Computer Name: suomi-pc
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 20132
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090306101044.323907-000
Event Type: Audit Failure
User:

Computer Name: suomi-pc
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 20133
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090306101044.370707-000
Event Type: Audit Failure
User:

Computer Name: suomi-pc
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 20134
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090306101044.448707-000
Event Type: Audit Failure
User:

Computer Name: suomi-pc
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 20135
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090306101044.495507-000
Event Type: Audit Failure
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesQuickTimeQTSystem
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«CLASSPATH»=.;C:Program FilesJavajre1.6.0_07libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.6.0_07libextQTJava.zip

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Проверим ваш компьютер с помощью программы которая ищет руткиты.

Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.
Жду от вас содержимое этого лог файла.

[Автор]

Сообщения