[gsl]

комп работает как часики)))
Спасибо!!!
Кланяюсь!)))

[gsl]

я прошу прощения, что поднимаю тему, но хотелось бы все таки знать, все ли удалилось или мне нужно принять еще какие-то меры?..
Спасибо большое еще раз за помощь!

[gsl]

Спасибо, Валерий!
Все сделала, как вы сказали.
вот лог

[gsl]

после чистки комбофиксом все поработало хорошо минут 5, потом снова заорала авира, нашла 2 трояна, сегодня включила комп, запустила мозиллу. произвольно открылось дополнительное окно, в котором, угадайте что?? фейк антивирус! угрожает мне миллионом троянов .
я не знаю что еще сделать. такое впечатление, будто какая-то зараза проковыряла в моем компе дырку и тащит из сети всяку нечисть почем зря ((((((

[gsl]

Поняла в чем проблема с комбофикс. Я неправильно его удалила в прошлый раз. Сделала анинстал через командную строку, скачала снова и он запустился. Чистил долго. Перезагрузил комп и появились вот такие предупреждения

а потом окошко зависло. Перезапустила, чтобы таки получить лог.
Вот

[gsl]

еще лог от hijackthis

[gsl]

И снова здравствуйте 😀 )
Я вам уже надоела наверно, но , увы, кроме вас, мне помочь некому 🙄

Последний лог комбофикса забыла выложить. Все работало хорошо. Какое-то время назад снова начали атаковать фейк антивирусы. Убивала мозиллу в процессах, т.к. просто так не давало ее закрыть, после перезапуска все было тихо. сегодня начала авира выдавать warnings о троянах один за другим. причем никакие действия на них не применяются. Орет тупо и все. Снова скачала комбофикс, попыталась запустить, но появляется вот такое предупреждение и после нажатия «ок» комбофикс вырубается.

это как то связано с тем скриптом, что я запускала перед этим? (тот что вы мне выше говорили создать)

iobit security360 нашла 4 трояна в реестре, вроде бы удалила.следом запускаю находит еще 2. авира по прежнему разрывается предупреждениями
Сейчас установила spybotSD, нажала «сканировать», но что-то совсем непонятно, что она сканирует и сканирует ли вообще. но периодически выдает сообщения о том, что в реестр вносятся какие-то изменения, я все отменяю, т.к. совсем не понимаю о чем речь.

пока вот логи програмки RSIT:

[gsl]

Спасибо большое, Валерий!

Сделала все как вы сказали, только лог не могу выложить, т.к. после перезагрузки компьютера (combofix перезагрузила комп сама) зависло окошко программы. Я мышью не водила и не кликала, но автоматически, с запуском системы, запустилась авира, а в окошке создания лога было написано не запускать никаких приложений. Я оставила бук включенным на ночь — на утро то же висящее окошко. Поискала лог на диске С, там где был предыдущий, но его там нет. Может быть подскажете, где его искать? или запустить combofix еще раз?

[gsl]

здравствуйте! обращаюсь к вам из старой темы, т.к. здесь все логи.

После очистки компьютера программой combofix все стало работать отлично (лог combofix выше).
Но вчера авира начала выдавать кучу предупреждений и при сканировании нашла 6 файлов (2 из них кейгены к прогам). очистка авирой ничего не дала. Также просканировала прогой iobit security 360, та нашла кучу кукиз трекеров и все удалила. Но к сожалению предупреждения о вирусах так и появлялись. Я не знаю, то ли это что-то новое, то-ли после перыдущей очистки остались какие-то вредоносные файлы.

Сегодня снова скачала combofix и провела чистку с ее помощью. вроде все тихо. Вот выкладываю последний лог. Посмотрите пожалуйста, нужны ли какие-то дополнительные меры по лечению?… Спасибо!

ComboFix 10-05-25.02 — Sve 05/26/2010 8:49.2.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.359 [GMT 3:00]
Running from: c:documents and settingsSveDesktopComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:docume~1SveLOCALS~1Tempsvchost.exe
c:windowsRbidya.exe
c:windowsTasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 05:27 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem32f36decbb.exe
2010-05-25 21:13 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem32Spoolprtprocsw32x86M7g31a.dll
2010-05-25 12:02 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem32Spoolprtprocsw32x86IQG55.dll
2010-05-25 12:02 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem325dce9825.exe
2010-05-24 10:19 . 2010-05-24 10:19

---

d

---

w- c:documents and settingsAll UsersApplication DataParetoLogic
2010-05-24 10:19 . 2010-05-24 10:19

---

d

---

w- c:program filesCommon FilesParetoLogic
2010-05-24 10:19 . 2010-05-24 10:19

---

d

---

w- c:documents and settingsAll UsersApplication DataFileCure
2010-05-24 10:19 . 2010-05-24 10:19

---

d

---

w- c:program filesParetoLogic
2010-05-23 17:34 . 2010-05-24 21:14

---

d

---

w- c:documents and settingsopenLocal SettingsApplication Dataradikal
2010-05-23 16:23 . 2010-05-23 16:23

---

d

---

w- c:documents and settingsopenLocal SettingsApplication DataApple Computer
2010-05-23 10:49 . 2010-05-23 10:49 146920 —-a-w- c:documents and settingsopenLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-22 11:54 . 2010-05-24 21:03

---

d

---

w- c:documents and settingsopenApplication DataskypePM
2010-05-22 11:51 . 2010-05-24 21:30

---

d

---

w- c:documents and settingsopenApplication DataSkype
2010-05-22 09:26 . 2010-05-22 09:26

---

d

---

w- c:documents and settingsopenLocal SettingsApplication DataGoogle
2010-05-21 17:31 . 2010-05-21 17:31

---

d

---

w- c:documents and settingsopenLocal SettingsApplication DataMozilla
2010-05-21 17:23 . 2010-05-24 10:13

---

d

---

w- c:documents and settingsopenApplication DataApple Computer
2010-05-21 17:22 . 2010-05-21 17:22

---

d-sh—w- c:documents and settingsopenIETldCache
2010-05-21 17:22 . 2010-05-21 17:22

---

d

---

w- c:documents and settingsopenApplication DataPC Suite
2010-05-09 17:38 . 2010-05-09 17:40

---

d

---

w- c:program filesiTunes
2010-05-09 17:27 . 2010-05-09 17:27

---

d

---

w- c:program filesBonjour
2010-05-09 17:24 . 2010-05-09 17:24 73000 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 9.1.1.12SetupAdmin.exe
2010-05-09 17:22 . 2010-05-09 17:23

---

d

---

w- c:program filesSafari
2010-05-09 17:21 . 2010-05-09 17:21 79144 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.31.22.7SetupAdmin.exe
2010-05-06 08:39 . 2010-05-25 21:09

---

d

---

w- c:documents and settingsSveApplication DataSkype
2010-05-06 08:39 . 2010-05-06 08:39

---

d

---

w- c:program filesCommon FilesSkype
2010-05-06 08:39 . 2010-05-06 08:39

---

d

---

r- c:program filesSkype
2010-05-04 06:26 . 2010-05-04 06:26 4286 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CBBA6597-973E-4C9E-93D7-C58C46FC0F8B}_6FEFF9B68218417F98F549.exe
2010-05-04 06:26 . 2010-05-04 06:26 1150 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CBBA6597-973E-4C9E-93D7-C58C46FC0F8B}_E6A480C17EDF4297B06E7F.exe
2010-05-04 06:26 . 2010-05-04 06:26 10134 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CBBA6597-973E-4C9E-93D7-C58C46FC0F8B}_3A9865F08BEDE34A367EC2.exe
2010-04-30 17:48 . 2010-04-30 17:48

---

d

---

w- c:program filesCombined Community Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 21:08 . 2009-06-03 09:28

---

d

---

w- c:documents and settingsSveApplication DataskypePM
2010-05-23 10:35 . 2009-09-20 20:48

---

d

---

w- c:documents and settingsSveApplication DatauTorrent
2010-05-22 09:08 . 2009-09-20 20:47

---

d

---

w- c:program filesuTorrent
2010-05-22 08:54 . 2010-03-06 23:38 309 —-a-w- c:documents and settingsSveApplication DataCCleanupcompind.bat
2010-05-11 16:20 . 2009-06-04 16:15 146920 -c—a-w- c:documents and settingsSveLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-11 16:09 . 2008-10-15 23:46

---

d

---

w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-05-11 15:59 . 2010-04-21 20:14

---

d

---

w- c:program filesPinnacle
2010-05-11 15:48 . 2010-04-21 20:08

---

d

---

w- c:documents and settingsAll UsersApplication DataPinnacle
2010-05-10 15:19 . 2009-12-18 07:44 75276 -c—-w- c:windowssystem32mlfcache.dat
2010-05-10 15:19 . 2009-12-17 18:06

---

d

---

w- c:documents and settingsSveApplication DataApple Computer
2010-05-09 17:39 . 2010-02-28 21:34

---

d

---

w- c:program filesiPod
2010-05-06 08:39 . 2009-06-03 09:27

---

d

---

w- c:documents and settingsAll UsersApplication DataSkype
2010-04-25 15:14 . 2010-04-21 23:04 50064 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-04-24 11:32 . 2010-04-24 11:31 664

---

w- c:windowssystem32d3d9caps.dat
2010-04-23 10:47 . 2010-04-23 10:46

---

d

---

w- c:documents and settingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-23 10:45 . 2010-04-23 10:44

---

d

---

w- c:program filesQuickTime
2010-04-23 10:44 . 2009-12-17 18:02

---

d

---

w- c:documents and settingsAll UsersApplication DataApple Computer
2010-04-23 10:44 . 2010-04-23 10:44

---

d

---

w- c:program filesApple Software Update
2010-04-23 08:56 . 2010-03-08 20:04 56816

---

w- c:windowssystem32driversavgntflt.sys
2010-04-22 20:16 . 2010-04-22 19:52

---

d

---

w- c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2010-04-22 20:14 . 2008-10-15 22:58

---

d—h—w- c:program filesInstallShield Installation Information
2010-04-22 20:13 . 2008-10-15 22:58

---

d

---

w- c:program filesCommon FilesInstallShield
2010-04-22 20:04 . 2010-04-22 20:04 29926 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CEF37035-C1BB-4174-8175-1E878435F61A}ARPPRODUCTICON.exe
2010-04-22 20:04 . 2010-04-22 20:04 29926 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{690D1794-6D7C-4A55-8371-17BAC69C66CE}ARPPRODUCTICON.exe
2010-04-22 19:52 . 2010-04-22 19:52

---

d

---

w- c:program filesSmartSound Software
2010-04-22 19:51 . 2010-04-22 19:51

---

d

---

w- c:documents and settingsAll UsersApplication DataQuickTime
2010-04-22 19:50 . 2010-04-22 19:49

---

d

---

w- c:program filesDivX
2010-04-22 19:49 . 2010-04-22 19:49

---

d

---

w- c:program filesAvid
2010-04-21 21:59 . 2010-04-21 21:59

---

d

---

w- c:documents and settingsSveApplication DataSony Creative Software
2010-04-21 20:41 . 2010-04-21 20:41

---

d

---

w- c:program filesCommon FilesPinnacle
2010-04-21 20:40 . 2010-04-21 20:40

---

d

---

w- c:documents and settingsAll UsersApplication DataPinnacle Studio Ultimate Collection
2010-04-21 19:17 . 2009-07-24 03:40

---

d

---

w- c:documents and settingsSveApplication DataSony
2010-04-21 19:05 . 2010-04-21 19:05

---

d

---

w- c:documents and settingsAll UsersApplication DataSony
2010-04-21 17:25 . 2010-04-21 17:25

---

d

---

w- c:documents and settingsAll UsersApplication DataPhotodex
2010-04-19 17:21 . 2009-07-24 03:42

---

d

---

w- c:program filesVSTplugins
2010-04-08 10:20 . 2010-04-08 10:20 91424

---

w- c:windowssystem32dnssd.dll
2010-04-08 10:20 . 2010-04-08 10:20 107808

---

w- c:windowssystem32dns-sd.exe
2010-04-04 19:50 . 2009-07-16 16:49

---

d

---

w- c:program filesICQ6.5
2010-03-28 20:53 . 2010-03-28 20:53

---

d

---

w- c:program filestrend micro
2010-03-28 16:37 . 2010-03-28 16:37 10 —-a-w- c:windowspopcinfo.dat
2010-03-20 21:47 . 2008-10-15 21:59 218624

---

w- c:windowssystem32uxtheme.dll
2010-03-12 12:20 . 2010-03-14 08:13 280440 —-a-w- c:documents and settingsSveApplication DataQipGuardsqlite3.dll
2010-03-12 12:20 . 2010-03-14 08:13 184272 —-a-w- c:documents and settingsSveApplication DataQipGuardQipGuard.exe
2010-03-12 12:20 . 2010-03-14 08:12 127440 —-a-w- c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
2010-03-12 12:20 . 2010-03-14 08:13 20944 —-a-w- c:documents and settingsSveApplication DataQipGuardchrome.dll
2010-03-10 06:15 . 2008-10-15 21:59 420352

---

w- c:windowssystem32vbscript.dll
2010-02-25 06:24 . 2008-10-15 21:59 916480

---

w- c:windowssystem32wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-06-03 39408]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-12-19 135168]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-12-19 159744]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-12-19 131072]
«RTHDCPL»=»RTHDCPL.EXE» [2008-05-08 16862208]
«MGSysCtrl»=»c:program filesSystem Control ManagerMGSysCtrl.exe» [2008-07-29 684032]
«ITSecMng»=»c:program filesTOSHIBABluetooth Toshiba StackItSecMng.exe» [2007-09-28 75136]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«IObit Security 360″=»c:program filesIObitIObit Security 360IS360tray.exe» [2009-12-24 1280272]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-03-17 421888]
«PinnacleDriverCheck»=»c:windowssystem32\PSDrvCheck.exe» [2004-03-10 406016]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2010-04-28 142120]

c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableNotifications»= 1 (0x1)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\WINDOWS\system32\spoolsv.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [3/8/2010 11:04 PM 108289]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32driversRTS5121.sys [10/16/2008 2:00 AM 156160]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:56 PM 133104]
S2 IS360service;IS360service;c:program filesIObitIObit Security 360is360srv.exe [3/8/2010 3:38 PM 311568]
S2 Micro Star SCM;Micro Star SCM;c:program filesSystem Control ManagerMSIService.exe [10/16/2008 2:12 AM 159744]
S2 MSWU-5dce9825;MSWU-5dce9825;c:windowssystem325dce9825.exe [5/25/2010 3:02 PM 75264]
S2 MSWU-f36decbb;MSWU-f36decbb;c:windowssystem32f36decbb.exe [5/26/2010 8:27 AM 75264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [7/12/2009 7:01 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [7/12/2009 7:01 AM 8320]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:windowssystem32driversrt2860.sys [10/16/2008 4:40 AM 625792]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [7/1/2009 8:59 PM 691696]
.
Contents of the ‘Scheduled Tasks’ folder

2010-05-24 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 08:50]

2010-05-24 c:windowsTasksFileCure Default.job
— c:program filesParetoLogicFileCureFileCure.exe [2010-03-28 19:47]

2010-05-26 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 15:56]

2010-05-25 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 15:56]

2010-05-25 c:windowsTasksParetoLogic Update Version3.job
— c:program filesCommon FilesParetoLogicUUS3Pareto_Update3.exe [2009-08-04 18:19]

2010-05-26 c:windowsTasksUser_Feed_Synchronization-{0C0802E1-F828-45F9-9F7A-3E0597A78443}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{a298ed31-d405-40e2-880f-b7511948e582}componentsFFExternalAlert.dll
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{a298ed31-d405-40e2-880f-b7511948e582}componentsRadioWMPCore.dll
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-DAEMON Tools Lite — c:program filesDAEMON Tools Litedaemon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-26 08:58:01
ComboFix-quarantined-files.txt 2010-05-26 05:57
ComboFix2.txt 2010-04-23 08:36

Pre-Run: 21,998,682,112 bytes free
Post-Run: 22,659,956,736 bytes free

— — End Of File — — C923153B45963528DF687BB70789F805

[gsl]

Антивирус тоже обновился!! Низкий вам ПОКЛОН!!!!!

комбофикс удалить надо теперь с компа, как я понимаю?

[gsl]

Спасибо! кажется помогло!!! ИЕ запускается и работает нормально, вот сейчас обновляю винду! :)))) перезагружу и попробою обновить антивирус)))

еще попутно вопрос, еслли не затруднительно..

я в США нахожусь и русский текст в аське, когда я офлайн отображется в виде кракозяблов… подскажите пожалуйста (дайсте ссылку), где я могу почитать, как это исправляется. Спасибо!!!

[gsl]

ComboFix 10-04-21.01 — Sve 04/23/2010 11:28:41.1.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.660 [GMT 3:00]
Running from: c:documents and settingsSveDesktopComboFix.exe
Command switches used :: c:documents and settingsSveDesktopWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsSveApplication DataMicrosoftInternet ExplorerqiPSearchbar.dll
c:documents and settingsSveLocal SettingsTemporary Internet Files8Y0naa.jpg
c:documents and settingsSveLocal SettingsTemporary Internet Filesanlmam6n.jpg
c:documents and settingsSveLocal SettingsTemporary Internet Filesk8bn1.jpg
c:documents and settingsSveLocal SettingsTemporary Internet Filesy4M776k.jpg

.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-21 23:04 . 2010-04-23 08:22 2352 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-04-21 21:59 . 2010-04-21 21:59

---

d

---

w- c:documents and settingsSveApplication DataSony Creative Software
2010-04-21 20:43 . 2004-03-29 14:23 90112 —-a-w- c:windowsunvise32.exe
2010-04-21 20:43 . 2010-04-21 20:43

---

d

---

w- c:program filesLooksBuilderSE
2010-04-21 20:41 . 2010-04-21 20:41 29926 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{6DE721A5-5E89-4D74-994C-652BB3C0672E}ARPPRODUCTICON.exe
2010-04-21 20:41 . 2005-09-23 19:18 171520 —-a-w- c:windowssystem32driversMarvinBus.sys
2010-04-21 20:41 . 2010-04-21 20:41

---

d

---

w- c:program filesCommon FilesPinnacle
2010-04-21 20:40 . 2010-04-21 20:40

---

d

---

w- c:documents and settingsSveLocal SettingsApplication DataDownloaded Installations
2010-04-21 20:40 . 2010-04-21 20:53

---

d

---

w- c:documents and settingsSveLocal SettingsApplication DataPinnacle
2010-04-21 20:40 . 2010-04-21 20:40

---

d

---

w- c:documents and settingsAll UsersApplication DataPinnacle Studio Ultimate Collection
2010-04-21 20:33 . 2010-04-21 20:33

---

d

---

w- c:program filesCommon FilesPegasus Imaging
2010-04-21 20:33 . 2010-04-21 20:33

---

d

---

w- c:program filesCommon FilesYahoo!
2010-04-21 20:33 . 2010-04-21 20:33

---

d

---

w- c:documents and settingsAll UsersApplication DataStudio 14
2010-04-21 20:33 . 2010-04-21 20:33

---

d

---

w- c:documents and settingsAll UsersApplication DataPinnacle Studio Plus
2010-04-21 20:14 . 2010-04-21 20:42

---

d

---

w- c:program filesPinnacle
2010-04-21 20:08 . 2010-04-21 20:39

---

d

---

w- c:documents and settingsAll UsersApplication DataPinnacle
2010-04-21 19:05 . 2010-04-21 19:05

---

d

---

w- c:documents and settingsAll UsersApplication DataSony
2010-04-21 17:25 . 2010-04-21 17:25

---

d

---

w- c:documents and settingsAll UsersApplication DataPhotodex
2010-04-19 17:05 . 2010-04-21 19:12

---

d

---

w- c:documents and settingsSveLocal SettingsApplication DataSony
2010-03-28 20:53 . 2010-03-28 20:53

---

d

---

w- c:program filestrend micro
2010-03-28 20:53 . 2010-03-28 20:53

---

d

---

w- C:rsit
2010-03-28 16:37 . 2010-03-28 16:37 10 —-a-w- c:windowspopcinfo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 08:17 . 2009-10-26 11:54

---

d

---

w- c:documents and settingsSveApplication DataSkype
2010-04-22 05:15 . 2009-06-03 09:28

---

d

---

w- c:documents and settingsSveApplication DataskypePM
2010-04-21 20:48 . 2009-06-04 16:15 99752 -c—a-w- c:documents and settingsSveLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-04-21 20:04 . 2009-09-20 20:48

---

d

---

w- c:documents and settingsSveApplication DatauTorrent
2010-04-21 19:17 . 2009-07-24 03:40

---

d

---

w- c:documents and settingsSveApplication DataSony
2010-04-20 19:16 . 2010-03-06 23:38 238 —-a-w- c:documents and settingsSveApplication DataCCleanupcompind.bat
2010-04-19 17:21 . 2009-07-24 03:42

---

d

---

w- c:program filesVSTplugins
2010-04-17 18:50 . 2009-09-20 20:47

---

d

---

w- c:program filesuTorrent
2010-04-15 05:58 . 2008-10-15 23:46

---

d

---

w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-04-04 19:50 . 2009-07-16 16:49

---

d

---

w- c:program filesICQ6.5
2010-03-26 16:50 . 2009-07-01 13:06

---

d

---

w- c:documents and settingsSveApplication DataU3
2010-03-20 21:47 . 2008-10-15 21:59 218624 —-a-w- c:windowssystem32uxtheme.dll
2010-03-16 20:42 . 2010-03-16 20:42

---

d

---

w- c:program filesMSECache
2010-03-14 15:56 . 2009-12-17 18:02

---

d

---

w- c:documents and settingsAll UsersApplication DataApple Computer
2010-03-14 15:47 . 2010-02-28 21:34

---

d

---

w- c:program filesiPod
2010-03-14 08:13 . 2010-03-14 08:13

---

d

---

w- c:documents and settingsSveApplication DataQipGuard
2010-03-14 08:12 . 2009-10-26 20:56

---

d

---

w- c:program filesQIP Infium
2010-03-12 12:20 . 2010-03-14 08:13 280440 —-a-w- c:documents and settingsSveApplication DataQipGuardsqlite3.dll
2010-03-12 12:20 . 2010-03-14 08:13 184272 —-a-w- c:documents and settingsSveApplication DataQipGuardQipGuard.exe
2010-03-12 12:20 . 2010-03-14 08:12 127440 —-a-w- c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
2010-03-12 12:20 . 2010-03-14 08:13 20944 —-a-w- c:documents and settingsSveApplication DataQipGuardchrome.dll
2010-03-10 06:15 . 2008-10-15 21:59 420352 —-a-w- c:windowssystem32vbscript.dll
2010-03-08 20:04 . 2010-03-08 20:04

---

d

---

w- c:program filesAvira
2010-03-08 20:04 . 2010-03-08 20:04

---

d

---

w- c:documents and settingsAll UsersApplication DataAvira
2010-03-08 19:47 . 2009-07-01 18:02

---

d

---

w- c:program filesCommon FilesYandex
2010-03-08 13:07 . 2009-07-28 01:48

---

d

---

w- c:program filesPivim Multibar
2010-03-08 12:38 . 2010-03-08 12:38

---

d

---

w- c:documents and settingsAll UsersApplication DataIObit
2010-03-08 12:38 . 2010-03-08 12:38

---

d

---

w- c:program filesIObit
2010-03-08 12:36 . 2010-02-11 19:40

---

d

---

w- c:program filesElectronic Arts
2010-03-07 17:55 . 2010-03-07 17:55

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-03-07 15:58 . 2010-03-06 10:57

---

d

---

w- c:documents and settingsAll UsersApplication DataDoctor Web
2010-03-07 15:57 . 2009-06-03 09:27

---

d

---

w- c:program filesGoogle
2010-03-07 15:55 . 2010-03-07 15:55

---

d

---

w- c:program filesAlwil Software
2010-03-07 15:55 . 2010-03-07 15:55

---

d

---

w- c:documents and settingsAll UsersApplication DataAlwil Software
2010-03-07 12:25 . 2009-11-08 13:32

---

d

---

w- c:documents and settingsAll UsersApplication DataFLEXnet
2010-03-06 23:38 . 2010-03-06 23:30

---

d

---

w- c:documents and settingsSveApplication DataCCleanup
2010-03-06 23:30 . 2010-03-06 23:29

---

d

---

w- c:program filesComplete Cleanup Trial
2010-03-05 23:33 . 2009-06-03 09:03

---

d

---

w- c:program filesSymantec
2010-03-05 23:33 . 2009-06-03 09:03

---

d

---

w- c:program filesCommon FilesSymantec Shared
2010-02-28 21:34 . 2009-12-17 17:59

---

d

---

w- c:program filesCommon FilesApple
2010-02-28 11:04 . 2008-10-15 22:58

---

d—h—w- c:program filesInstallShield Installation Information
2010-02-25 06:24 . 2008-10-15 21:59 916480 —-a-w- c:windowssystem32wininet.dll
2010-02-24 13:11 . 2008-10-15 21:59 455680 —-a-w- c:windowssystem32driversmrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 —-a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 —-a-w- c:windowssystem32ntkrnlpa.exe
2010-02-15 17:12 . 2010-02-15 17:12 38784 —-a-w- c:documents and settingsSveApplication DataMacromediaFlash Playerwww.macromedia.combinairappinstallerairappinstaller.exe
2010-02-12 04:33 . 2008-10-15 21:59 100864 —-a-w- c:windowssystem326to4svc.dll
2010-02-11 19:54 . 2010-02-11 19:54 10134 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{E3E71D07-CD27-46CB-8448-16D4FB29AA13}ARPPRODUCTICON.exe
2010-02-11 12:02 . 2008-10-15 21:59 226880 —-a-w- c:windowssystem32driverstcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-06-03 39408]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-06-02 24264488]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2009-04-23 691656]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-12-19 135168]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-12-19 159744]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-12-19 131072]
«RTHDCPL»=»RTHDCPL.EXE» [2008-05-08 16862208]
«MGSysCtrl»=»c:program filesSystem Control ManagerMGSysCtrl.exe» [2008-07-29 684032]
«ITSecMng»=»c:program filesTOSHIBABluetooth Toshiba StackItSecMng.exe» [2007-09-28 75136]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«IObit Security 360″=»c:program filesIObitIObit Security 360IS360tray.exe» [2009-12-24 1280272]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«USBToolTip»=»c:progra~1PinnacleSHARED~1ProgramsUSBTipUSBTip.exe» [2007-02-20 199752]

c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableNotifications»= 1 (0x1)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Pinnacle\Studio 14\Programs\RM.exe»=
«c:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe»=
«c:\Program Files\Pinnacle\Studio 14\Programs\umi.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [3/8/2010 11:04 PM 108289]
R2 IS360service;IS360service;c:program filesIObitIObit Security 360is360srv.exe [3/8/2010 3:38 PM 311568]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32driversRTS5121.sys [10/16/2008 2:00 AM 156160]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [7/1/2009 8:59 PM 691696]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:56 PM 133104]
S2 Micro Star SCM;Micro Star SCM;c:program filesSystem Control ManagerMSIService.exe [10/16/2008 2:12 AM 159744]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [7/12/2009 7:01 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [7/12/2009 7:01 AM 8320]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:windowssystem32driversrt2860.sys [10/16/2008 4:40 AM 625792]
.
Contents of the ‘Scheduled Tasks’ folder

2010-04-20 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 10:34]

2010-04-23 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 15:56]

2010-04-23 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 15:56]

2010-04-23 c:windowsTasksUser_Feed_Synchronization-{0C0802E1-F828-45F9-9F7A-3E0597A78443}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{a298ed31-d405-40e2-880f-b7511948e582}componentsFFExternalAlert.dll
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{a298ed31-d405-40e2-880f-b7511948e582}componentsRadioWMPCore.dll
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-WeatherClock — c:program filesWeather ClockWeatherClock.exe
HKCU-Run-AdobeBridge — (no file)
HKCU-Run-EA Core — c:program filesElectronic ArtsEADMCore.exe
AddRemove-HijackThis — c:docume~1SveLOCALS~1TempRar$EX00.343HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 11:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(872)
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
c:windowssystem32igfxdev.dll
.
Completion time: 2010-04-23 11:36:17
ComboFix-quarantined-files.txt 2010-04-23 08:36

Pre-Run: 4,770,406,400 bytes free
Post-Run: 4,754,415,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Home Edition» /noexecute=optin /fastdetect

— — End Of File — — DE2E6CB4BFD49B5B2EEBC9BF494A9E95

[gsl]

Спасибо за ответ!

Не знаю почему логи выглядят неполными… копировала целиком. прогу с вашего сайта качала. В этот раз RSIT выдал только один лог. Пробовала несколько раз, перезагружала комп, чистила реестр, все равно один выдает. Вот:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Sve at 2010-04-20 22:21:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (33%) free of 40 GB
Total RAM: 1013 MB (38% free)

HijackThis download failed

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksDriver Robot.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job
C:WINDOWStasksUser_Feed_Synchronization-{0C0802E1-F828-45F9-9F7A-3E0597A78443}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsSveApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-11-06 256112]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll [2009-12-03 764912]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll [2009-11-06 458736]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-10-20 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} — Pivim Multibar — C:Program FilesPivim Multibarpivim.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-11-06 256112]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2007-12-19 135168]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2007-12-19 159744]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2007-12-19 131072]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-05-08 16862208]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-04 69632]
«MGSysCtrl»=C:Program FilesSystem Control ManagerMGSysCtrl.exe [2008-07-30 684032]
«ITSecMng»=C:Program FilesTOSHIBABluetooth Toshiba StackItSecMng.exe [2007-09-29 75136]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2008-10-25 31072]
«AdobeCS4ServiceManager»=C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe [2008-08-14 611712]
«IObit Security 360″=C:Program FilesIObitIObit Security 360IS360tray.exe [2009-12-24 1280272]
«avgnt»=C:Program FilesAviraAntiVir Desktopavgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-06-03 39408]
«PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-06-25 1414144]
«WeatherClock»=C:Program FilesWeather ClockWeatherClock.exe []
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2009-06-02 24264488]
«AdobeBridge»= []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe -silent []
«QIP Internet Guardian»=C:Documents and SettingsSveApplication DataQipGuardQipGuard.exe [2010-03-12 184272]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesFlashGetflashget.exe»=»C:Program FilesFlashGetflashget.exe:*:Enabled:Flashget»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe»=»C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:*:Enabled:Adobe CSI CS4»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Enabled:EA Download Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E]
shellAutoRuncommand — E:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{18fcf0dd-ca20-11de-9ea6-002185b7266e}]
shellAutoRuncommand — WDSetup.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2371bf11-daa3-11de-9eae-002185b7266e}]
shellAutoRuncommand — .Encryption ToolMaxtorEncryption.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6377727a-5f9e-11de-9e76-002185b7266e}]
shellAutoRuncommand — F:LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2010-04-15 08:57:00 —-HDC—- C:WINDOWS$NtUninstallKB979683$
2010-04-15 08:56:41 —-HDC—- C:WINDOWS$NtUninstallKB980232$
2010-04-15 08:50:37 —-HDC—- C:WINDOWS$NtUninstallKB978338$
2010-04-15 08:50:26 —-HDC—- C:WINDOWS$NtUninstallKB977816$
2010-04-15 08:50:18 —-HDC—- C:WINDOWS$NtUninstallKB978601$
2010-04-15 08:48:52 —-HDC—- C:WINDOWS$NtUninstallKB979309$
2010-04-04 23:18:09 —-D—- C:Program FilesMozilla Firefox
2010-03-28 23:53:25 —-D—- C:Program Filestrend micro
2010-03-28 23:53:24 —-D—- C:rsit
2010-03-23 16:01:02 —-D—- C:WINDOWSie8updates
2010-03-22 01:42:17 —-HDC—- C:WINDOWSie8

======List of files/folders modified in the last 1 months======

2010-04-20 22:20:23 —-D—- C:WINDOWSPrefetch
2010-04-20 22:18:19 —-RD—- C:Program Files
2010-04-20 22:17:21 —-D—- C:Documents and SettingsSveApplication DataSkype
2010-04-20 22:14:45 —-D—- C:Documents and SettingsSveApplication DataskypePM
2010-04-20 22:14:00 —-D—- C:WINDOWSTemp
2010-04-20 22:13:46 —-D—- C:WINDOWSsystem32CatRoot2
2010-04-20 22:12:27 —-A—- C:WINDOWSSchedLgU.Txt
2010-04-20 09:01:07 —-D—- C:Config.Msi
2010-04-20 01:46:29 —-D—- C:Documents and SettingsSveApplication DatauTorrent
2010-04-19 20:21:57 —-SHD—- C:WINDOWSInstaller
2010-04-19 20:21:35 —-D—- C:Program FilesVSTplugins
2010-04-19 20:04:44 —-D—- C:WINDOWSsystem32
2010-04-17 21:50:52 —-D—- C:Program FilesuTorrent
2010-04-15 09:15:40 —-D—- C:WINDOWS
2010-04-15 08:58:25 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2010-04-15 08:57:14 —-HD—- C:WINDOWSinf
2010-04-15 08:57:09 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-04-15 08:56:51 —-HD—- C:WINDOWS$hf_mig$
2010-04-15 08:56:47 —-A—- C:WINDOWSimsins.BAK
2010-04-15 08:56:43 —-D—- C:WINDOWSsystem32drivers
2010-04-06 20:52:54 —-A—- C:WINDOWSsystem32MRT.exe
2010-04-04 23:02:56 —-D—- C:WINDOWSNetwork Diagnostic
2010-04-04 22:50:35 —-D—- C:Program FilesICQ6.5
2010-03-31 00:20:56 —-D—- C:Program FilesInternet Explorer
2010-03-28 18:38:02 —-SD—- C:Documents and SettingsSveApplication DataMicrosoft
2010-03-28 18:26:22 —-A—- C:WINDOWSAviSplitter.INI
2010-03-28 13:30:54 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-26 19:50:18 —-D—- C:Documents and SettingsSveApplication DataU3
2010-03-22 13:32:13 —-SD—- C:WINDOWSTasks
2010-03-22 02:58:56 —-D—- C:WINDOWSHelp
2010-03-22 01:43:44 —-D—- C:WINDOWSWBEM
2010-03-22 01:43:43 —-D—- C:WINDOWSsystem32en-US
2010-03-22 01:43:32 —-D—- C:WINDOWSMedia
2010-03-22 01:31:31 —-D—- C:WINDOWSsystem32CatRoot
2010-03-21 00:47:16 —-A—- C:WINDOWSsystem32uxtheme.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; ??C:Program FilesAviraAntiVir Desktopavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2009-05-11 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:WINDOWSSystem32Driverstosrfcom.sys [2007-10-02 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:WINDOWSsystem32driversadfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:WINDOWSsystem32DRIVERSavgntflt.sys [2009-07-28 55656]
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-05-08 4739072]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:WINDOWSSystem32DriversRTS5121.sys [2008-06-11 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:WINDOWSsystem32DRIVERSrtl8187Se.sys [2008-07-10 306176]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-06-11 106368]
R3 tosporte;Bluetooth COM Port; C:WINDOWSsystem32DRIVERStosporte.sys [2006-10-11 41600]
R3 ULCDRHlp;ULCDRHlp; C:WINDOWSSystem32DriversULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-14 121984]
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSathw.sys [2008-04-09 1309504]
S3 ay2kitll;ay2kitll; C:WINDOWSsystem32driversay2kitll.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:WINDOWSsystem32DRIVERSDot4.sys [2008-04-14 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:WINDOWSsystem32DRIVERSdot4usb.sys [2001-08-17 23808]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:WINDOWSsystem32driversnmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:WINDOWSsystem32driversnmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:WINDOWSsystem32DRIVERSRT2860.sys [2008-05-19 625792]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:WINDOWSsystem32DRIVERStosrfbd.sys [2008-02-16 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:WINDOWSSystem32Driverstosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:WINDOWSsystem32DRIVERSTosrfhid.sys [2008-02-01 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:WINDOWSsystem32driverstosrfsnd.sys [2008-01-23 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:WINDOWSsystem32DRIVERStosrfusb.sys [2007-10-19 41856]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
S3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:Program FilesAviraAntiVir Desktopsched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:Program FilesAviraAntiVir Desktopavguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 IS360service;IS360service; C:Program FilesIObitIObit Security 360IS360srv.exe [2009-12-24 311568]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-10-20 153376]
R2 Micro Star SCM;Micro Star SCM; C:Program FilesSystem Control ManagerMSIService.exe [2008-06-10 159744]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-09-29 128360]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-06-02 637952]
S2 gupdate;Google Update Service (gupdate); C:Program FilesGoogleUpdateGoogleUpdate.exe [2010-03-07 133104]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-11-08 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-06-03 182768]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

---

EOF

---

лог Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:53 PM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesIObitIObit Security 360IS360srv.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesSystem Control ManagerMSIService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSystem Control ManagerMGSysCtrl.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIObitIObit Security 360IS360tray.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Documents and SettingsSveApplication DataQipGuardQipGuard.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1SveLOCALS~1TempRar$EX00.343HijackThis.exe
C:WINDOWSsystem32wbemwmiprvse.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsSveApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsSveApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Pivim Multibar — {1BB22D38-A411-4B13-A746-C2A4F4EC7344} — C:Program FilesPivim Multibarpivim.dll (file missing)
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [MGSysCtrl] C:Program FilesSystem Control ManagerMGSysCtrl.exe
O4 — HKLM..Run: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [AdobeCS4ServiceManager] «C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» -launchedbylogin
O4 — HKLM..Run: [IObit Security 360] «C:Program FilesIObitIObit Security 360IS360tray.exe» /autostart
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir Desktopavgnt.exe» /min
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKCU..Run: [WeatherClock] C:Program FilesWeather ClockWeatherClock.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [QIP Internet Guardian] C:Documents and SettingsSveApplication DataQipGuardQipGuard.exe
O4 — Global Startup: Bluetooth Manager.lnk = ?
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: ????????? ? OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &????????? ? OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP Infium — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIP Infiuminfium.exe (HKCU)
O14 — IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Avira AntiVir Scheduler (AntiVirSchedulerService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopsched.exe
O23 — Service: Avira AntiVir Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopavguard.exe
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Update Service (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: IS360service — IObit — C:Program FilesIObitIObit Security 360IS360srv.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Micro Star SCM — Unknown owner — C:Program FilesSystem Control ManagerMSIService.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe

—
End of file — 10257 bytes

Еще момент я чищу реестр с помощью CCleaner, кеш и кукиз в ИЕ он до конца не вычищает, все время пишет, что и там и там 1 файл заблокирован от удаления.

[gsl]

я прошу прощения.. я видела просьбу не обновлять сообщения, но уже так много времени прошло.. а я в этом ничего не понимаю. По прежнему не могу привести ИЕ (а соответственно и все обновления) в действие. 🙄

[gsl]

info.txt logfile of random’s system information tool 1.06 2010-03-28 23:53:32

======Uninstall list======

—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C5200823-1EDA-4B23-BA0C-B938CD7CC769}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuninstall.exe»
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-0015-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-0019-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {6F177D09-F21D-4F50-9436-353972D1D232}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-0044-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {37317C49-30C4-412C-B0B9-D95090F330D8}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-00A1-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {90120000-00BA-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
2007 Microsoft Office Suite Service Pack 2 (SP2)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Adobe AIR—>c:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4—>MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4—>MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4—>MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color — Photoshop Specific CS4—>MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4—>MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4—>MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4—>MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4—>MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4—>MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4—>MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4—>MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4—>MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4—>MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4—>MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4—>MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player—>msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player—>MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module—>MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4—>MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support—>MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4—>C:Program FilesCommon FilesAdobeInstallersfaf656ef605427ee2f42989c3ad31b8Setup.exe —uninstall=1
Adobe Photoshop CS4—>MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4—>MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.2—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help—>MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension—>MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup—>MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4—>MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4—>MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4—>MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK—>MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB—>MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Application Support—>MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support—>MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir Desktopsetup.exe /REMOVE
Bluetooth Stack for Windows by Toshiba—>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour—>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BurnRecovery—>MsiExec.exe /I{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}
Complete Cleanup Trial—>»C:Program FilesComplete Cleanup Trialunins000.exe»
Connect—>MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Critical Update for Windows Media Player 11 (KB959772)—>»C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_E582EA556D8DE101.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Hotfix for Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
Hotfix for Windows XP (KB976098-v2)—>»C:WINDOWS$NtUninstallKB976098-v2$spuninstspuninst.exe»
Hotfix for Windows XP (KB979306)—>»C:WINDOWS$NtUninstallKB979306$spuninstspuninst.exe»
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
IObit Security 360—>»C:Program FilesIObitIObit Security 360unins000.exe»
Java(TM) 6 Update 16—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
kuler—>MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LiveUpdate 1.80 (Symantec Corporation)—>C:Program FilesSymantecLiveUpdateLSETUP.EXE /U
Microsoft .NET Framework 1.1 Security Update (KB953297)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM953297M953297Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel 2007 Help Îáíîâëåíèå (KB963678)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {420938DB-BF97-4664-BE29-0C68B4802C00}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant—>MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Ultimate 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007—>MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {D3A002FB-0F62-4840-80AD-2D2C63F83449}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWudf01007$spuninstspuninst.exe»
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime—>MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MuzRu—>MsiExec.exe /I{46A84850-92C0-4774-8577-D0D8DE4586CD}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver—>MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}Nokia_PC_Suite_7_1_30_9_rus_web.exe
Nokia PC Suite—>MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
PC Connectivity Solution—>MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDF Settings CS4—>MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw—>MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picasa 3—>»C:Program FilesGooglePicasa3Uninstall.exe»
Pivim Multibar—>C:Program FilesPivim Multibaruninstall.exe
RadikalFotoShellExt—>MsiExec.exe /I{15DFBAAA-5994-4486-A0FD-7EF3D8F4793F}
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 8 (KB971961)—>»C:WINDOWSie8updatesKB971961-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB978207)—>»C:WINDOWSie8updatesKB978207-IE8spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB954155)—>»C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Security Update for Windows XP (KB958869)—>»C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Security Update for Windows XP (KB961371)—>»C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe»
Security Update for Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Security Update for Windows XP (KB963027)—>»C:WINDOWS$NtUninstallKB963027$spuninstspuninst.exe»
Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Security Update for Windows XP (KB969059)—>»C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe»
Security Update for Windows XP (KB969897)—>»C:WINDOWS$NtUninstallKB969897$spuninstspuninst.exe»
Security Update for Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Security Update for Windows XP (KB969947)—>»C:WINDOWS$NtUninstallKB969947$spuninstspuninst.exe»
Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Security Update for Windows XP (KB970430)—>»C:WINDOWS$NtUninstallKB970430$spuninstspuninst.exe»
Security Update for Windows XP (KB971468)—>»C:WINDOWS$NtUninstallKB971468$spuninstspuninst.exe»
Security Update for Windows XP (KB971486)—>»C:WINDOWS$NtUninstallKB971486$spuninstspuninst.exe»
Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Security Update for Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
Security Update for Windows XP (KB972260)—>»C:WINDOWS$NtUninstallKB972260$spuninstspuninst.exe»
Security Update for Windows XP (KB972270)—>»C:WINDOWS$NtUninstallKB972270$spuninstspuninst.exe»
Security Update for Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Security Update for Windows XP (KB973525)—>»C:WINDOWS$NtUninstallKB973525$spuninstspuninst.exe»
Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Security Update for Windows XP (KB973904)—>»C:WINDOWS$NtUninstallKB973904$spuninstspuninst.exe»
Security Update for Windows XP (KB974112)—>»C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe»
Security Update for Windows XP (KB974318)—>»C:WINDOWS$NtUninstallKB974318$spuninstspuninst.exe»
Security Update for Windows XP (KB974392)—>»C:WINDOWS$NtUninstallKB974392$spuninstspuninst.exe»
Security Update for Windows XP (KB974455)—>»C:WINDOWS$NtUninstallKB974455$spuninstspuninst.exe»
Security Update for Windows XP (KB974571)—>»C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe»
Security Update for Windows XP (KB975025)—>»C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe»
Security Update for Windows XP (KB975467)—>»C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe»
Security Update for Windows XP (KB975560)—>»C:WINDOWS$NtUninstallKB975560$spuninstspuninst.exe»
Security Update for Windows XP (KB975561)—>»C:WINDOWS$NtUninstallKB975561$spuninstspuninst.exe»
Security Update for Windows XP (KB975713)—>»C:WINDOWS$NtUninstallKB975713$spuninstspuninst.exe»
Security Update for Windows XP (KB976325)—>»C:WINDOWS$NtUninstallKB976325$spuninstspuninst.exe»
Security Update for Windows XP (KB977165)—>»C:WINDOWS$NtUninstallKB977165$spuninstspuninst.exe»
Security Update for Windows XP (KB977914)—>»C:WINDOWS$NtUninstallKB977914$spuninstspuninst.exe»
Security Update for Windows XP (KB978037)—>»C:WINDOWS$NtUninstallKB978037$spuninstspuninst.exe»
Security Update for Windows XP (KB978251)—>»C:WINDOWS$NtUninstallKB978251$spuninstspuninst.exe»
Security Update for Windows XP (KB978262)—>»C:WINDOWS$NtUninstallKB978262$spuninstspuninst.exe»
Security Update for Windows XP (KB978706)—>»C:WINDOWS$NtUninstallKB978706$spuninstspuninst.exe»
Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Sound Forge 8.0b—>MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
Suite Shared Configuration CS4—>MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Control Manager—>C:Program FilesInstallShield Installation Information{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}setup.exe -runfromtemp -l0x0009 -removeonly
Ulead Burn.Now 4.5 SE—>C:Program FilesInstallShield Installation Information{A3BE3F1E-2472-4211-8735-E8239BE49D9F}setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Microsoft Office InfoPath 2007 (KB976416)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb979895)—>msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 8 (KB976662)—>»C:WINDOWSie8updatesKB976662-IE8spuninstspuninst.exe»
Update for Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955759)—>»C:WINDOWS$NtUninstallKB955759$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Update for Windows XP (KB971737)—>»C:WINDOWS$NtUninstallKB971737$spuninstspuninst.exe»
Update for Windows XP (KB973687)—>»C:WINDOWS$NtUninstallKB973687$spuninstspuninst.exe»
Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
Update for Windows XP (KB976749)—>»C:WINDOWS$NtUninstallKB976749$spuninstspuninst.exe»
Update for Windows XP (KB978207)—>»C:WINDOWS$NtUninstallKB978207$spuninstspuninst.exe»
USB 2.0 Card Reader—>C:Program FilesInstallShield Installation Information{D10CB652-9332-4242-B7A9-2D61570144F7}setup.exe -runfromtemp -l0x0009 -removeonly
Weather Clock 4.2—>»C:Program FilesWeather Clockunins000.exe»
Windows Driver Package — Atheros (AR5416) Net (04/08/2008 7.6.0.200)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTOREnetathw_8508BD3D9EB89B06D2861AE76DC11BAE84C3E3C7netathw.inf
Windows Driver Package — Nokia Modem (06/01/2009 4.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7Anokia_bluetooth.inf
Windows Driver Package — Nokia Modem (06/01/2009 7.01.0.3)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30nokbtmdm.inf
Windows Driver Package — Nokia pccsmcfd (08/22/2008 7.0.0.0)—>C:PROGRA~1DIFXB4723E9A0713E5B1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Windows Driver Package — Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTORErt2860_182C209AFE287E941D2F1DE5B71B3589853F453Brt2860.inf
Windows Driver Package — Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTOREnet8187se_06BCAD86CB743343CBFF6639914BD6E626DE4A59net8187se.inf
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
XP Codec Pack—>C:Program FilesXP Codec PackUninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Doctor Web Anti-Virus
AV: AntiVir Desktop (outdated)

======System event log======

Computer Name: GRISLANA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 17592
Source Name: Service Control Manager
Time Written: 20100313222759.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 17589
Source Name: Service Control Manager
Time Written: 20100313222759.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 17586
Source Name: Service Control Manager
Time Written: 20100313222759.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 17583
Source Name: Service Control Manager
Time Written: 20100313222759.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 17580
Source Name: Service Control Manager
Time Written: 20100313222759.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: GRISLANA
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00d31433.

Record Number: 1496
Source Name: Application Error
Time Written: 20091124230829.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 5
Message:
Record Number: 1478
Source Name: Norton AntiVirus
Time Written: 20091121112015.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 5
Message:
Record Number: 1477
Source Name: Norton AntiVirus
Time Written: 20091121112015.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 5
Message:
Record Number: 1476
Source Name: Norton AntiVirus
Time Written: 20091121112015.000000+120
Event Type: error
User:

Computer Name: GRISLANA
Event Code: 5
Message:
Record Number: 1475
Source Name: Norton AntiVirus
Time Written: 20091121112014.000000+120
Event Type: error
User:

=====Security event log=====

Computer Name: GRISLANA
Event Code: 528
Message: Successful Logon:

User Name: Sve

Domain: GRISLANA

Logon ID: (0x0,0x2F8DE09)

Logon Type: 2

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name: GRISLANA

Logon GUID: —

Record Number: 20296
Source Name: Security
Time Written: 20100310082532.000000+120
Event Type: audit success
User: GRISLANASve

Computer Name: GRISLANA
Event Code: 680
Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: Sve

Source Workstation: GRISLANA

Error Code: 0x0

Record Number: 20295
Source Name: Security
Time Written: 20100310082532.000000+120
Event Type: audit success
User: NT AUTHORITYSYSTEM

Computer Name: GRISLANA
Event Code: 615
Message: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

Record Number: 20294
Source Name: Security
Time Written: 20100310082520.000000+120
Event Type: audit failure
User: NT AUTHORITYNETWORK SERVICE

Computer Name: GRISLANA
Event Code: 615
Message: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

Record Number: 20293
Source Name: Security
Time Written: 20100310031436.000000+120
Event Type: audit failure
User: NT AUTHORITYNETWORK SERVICE

Computer Name: GRISLANA
Event Code: 520
Message: The system time was changed.

Process ID: 2720

Process Name: C:WINDOWSsystem32rundll32.exe

Primary User Name: Sve

Primary Domain: GRISLANA

Primary Logon ID: (0x0,0x12F7C)

Client User Name: Sve

Client Domain: GRISLANA

Client Logon ID: (0x0,0x12F7C)

Previous Time: 23:57:13 09.03.2010

New Time: 23:57:13 09.03.2010

Record Number: 20292
Source Name: Security
Time Written: 20100309235713.000000+120
Event Type: audit success
User: GRISLANASve

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesUlead SystemsMPEG
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 28 Stepping 2, GenuineIntel
«PROCESSOR_REVISION»=1c02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

[Автор]

Сообщения