[IGOREK]

Благодарю за помощь, проблема решена с помощью программы taskmanager. Вы делаете большое дело))

[IGOREK]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Администратор at 2009-12-27 19:57:32
Microsoft Windows XP Professional Service Pack 3
System drive I: has 7 GB (25%) free of 26 GB
Total RAM: 767 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:35, on 27.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: Normal

Running processes:
I:WINDOWSSystem32smss.exe
I:WINDOWSsystem32winlogon.exe
I:WINDOWSsystem32services.exe
I:WINDOWSsystem32lsass.exe
I:WINDOWSsystem32svchost.exe
I:WINDOWSSystem32svchost.exe
I:WINDOWSsystem32spoolsv.exe
I:WINDOWSExplorer.EXE
I:WINDOWSnotepad.exe
I:WINDOWSsystem32RUNDLL32.EXE
I:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
I:Program FilesNVIDIA CorporationNvMixerNVMixerTray.exe
I:Program FilesCommon FilesRealUpdate_OBrealsched.exe
I:Program FilesHPHP Software UpdateHPWuSchd2.exe
I:Program FilesBrownieBrstsWnd.exe
I:Program FilesPunto Switcherps.exe
I:Program FilesLClockLClock.exe
G:ProgramFilesпромтPRMTEDEDLauncher.exe
I:WINDOWSsystem32ctfmon.exe
I:WINDOWSsystem32nvsvc32.exe
I:WINDOWSsystem32svchost.exe
I:Program FilesBrowniebrpjp04a.exe
I:Program FilesHPDigital Imagingbinhpqtra08.exe
I:FlylinkDC++FlylinkDC.exe
G:ProgramFilesпромтPRMTEDprmedsvr.exe
I:Program FilesHPDigital Imagingbinhpqimzone.exe
I:WINDOWSsystem32msiexec.exe
I:Program FilesHPDigital ImagingbinhpqSTE08.exe
I:WINDOWSsystem32MsiExec.exe
I:Program FilesMozilla Firefoxfirefox.exe
I:Documents and SettingsАдминистраторРабочий столRSIT.exe
I:Program Filestrend microАдминистратор.exe

R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — I:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — I:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — I:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — I:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — I:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (file missing)
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — I:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll (file missing)
O3 — Toolbar: PROMT — {892E81F6-EC63-4d13-8422-835A7A05D6EB} — G:ProgramFilesпромтPRMTIEprmtie.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — I:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — I:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (file missing)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE I:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE I:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NeroFilterCheck] I:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [GrooveMonitor] «I:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [NVMixerTray] «I:Program FilesNVIDIA CorporationNvMixerNVMixerTray.exe»
O4 — HKLM..Run: [FineReader7NewsReaderPro] «I:Program FilesABBYY FineReader 7.0 Professional EditionABBYYNewsReader.exe»
O4 — HKLM..Run: [TkBellExe] «I:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [HP Software Update] I:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [QuickTime Task] «I:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [BrStsWnd] I:Program FilesBrownieBrstsWnd.exe Autorun
O4 — HKCU..Run: [Punto Switcher] I:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] I:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] I:Program FilesLClockLClock.exe
O4 — HKCU..Run: [AlcoholAutomount] «I:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [EDLauncher] G:ProgramFilesпромтPRMTEDEDLauncher.exe
O4 — HKCU..Run: [ctfmon.exe] I:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [Punto Switcher] I:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] I:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection I:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] I:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection I:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] I:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection I:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] I:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection I:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: FlylinkDC++.lnk = I:FlylinkDC++FlylinkDC.exe
O4 — Global Startup: Быстрый запуск AutoCAD.lnk = I:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = I:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 — Global Startup: Быстрый запуск HP Photosmart Premier.lnk = I:Program FilesHPDigital Imagingbinhpqthb08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://I:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://I:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 — Extra context menu item: Online-словари — G:ProgramFilesпромтPRMTIEoda.htm
O8 — Extra context menu item: Автоматически определить шаблон тематики — G:ProgramFilesпромтPRMTIEaot.htm
O8 — Extra context menu item: Настроить параметры перевода — G:ProgramFilesпромтPRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — G:ProgramFilesпромтPRMTIEinfopanel.htm
O8 — Extra context menu item: Открыть словарную статью — G:ProgramFilesпромтPRMTIEaddentry.htm
O8 — Extra context menu item: Перевести — G:ProgramFilesпромтPRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — G:ProgramFilesпромтPRMTIEpage.htm
O8 — Extra context menu item: Поиск в Интернете — G:ProgramFilesпромтPRMTIEsearch.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://I:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://I:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — I:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — I:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — I:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — I:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: (no name) — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — G:ProgramFilesпромтPRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настроить параметры перевода — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — G:ProgramFilesпромтPRMTIEoptions.htm
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — I:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — G:ProgramFilesпромтPRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — G:ProgramFilesпромтPRMTIEprmtie5.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — I:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — I:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — I:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — I:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — I:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — I:Program FilesMessengermsmsgs.exe
O16 — DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) — http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — I:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 — Filter hijack: text/html — (no CLSID) — (no file)
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — I:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Autodesk Licensing Service — Autodesk — I:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — I:WINDOWSsystem32services.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — I:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — I:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — I:WINDOWSsystem32HPZipm12.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — I:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — I:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — I:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — I:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — I:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 11610 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — I:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — I:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — I:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-03-27 820400]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — I:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — I:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{892E81F6-EC63-4d13-8422-835A7A05D6EB} — PROMT — G:ProgramFilesпромтPRMTIEprmtie.dll [2007-03-21 749568]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — I:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-03-27 820400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — I:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=I:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=I:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«NeroFilterCheck»=I:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«GrooveMonitor»=I:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«NVMixerTray»=I:Program FilesNVIDIA CorporationNvMixerNVMixerTray.exe [2004-10-07 131072]
«FineReader7NewsReaderPro»=I:Program FilesABBYY FineReader 7.0 Professional EditionABBYYNewsReader.exe [2004-12-17 290816]
«TkBellExe»=I:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2009-06-28 198160]
«HP Software Update»=I:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-05-08 54840]
«QuickTime Task»=I:Program FilesQuickTimeqttask.exe [2009-07-06 413696]
«BrStsWnd»=I:Program FilesBrownieBrstsWnd.exe [2008-09-18 880640]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=I:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=I:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=I:Program FilesLClockLClock.exe [2004-09-19 65536]
«AlcoholAutomount»=I:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2009-02-24 203928]
«EDLauncher»=G:ProgramFilesпромтPRMTEDEDLauncher.exe [2007-03-14 118784]
«ctfmon.exe»=I:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]

I:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Быстрый запуск AutoCAD.lnk — I:Program FilesCommon FilesAutodesk Sharedacstart16.exe
HP Digital Imaging Monitor.lnk — I:Program FilesHPDigital Imagingbinhpqtra08.exe
Быстрый запуск HP Photosmart Premier.lnk — I:Program FilesHPDigital Imagingbinhpqthb08.exe

I:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
FlylinkDC++.lnk — I:FlylinkDC++FlylinkDC.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — I:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=I:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«I:Program FilesuTorrentuTorrent.exe»=»I:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

======File associations======

.scr — open — «I:WINDOWSsystem32notepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2009-12-27 19:48:06 —-SHD—- I:FOUND.018
2009-12-27 19:44:57 —-D—- I:_OTM
2009-12-27 16:09:32 —-SHD—- I:FOUND.017
2009-12-27 15:18:16 —-SHD—- I:FOUND.016
2009-12-27 13:35:50 —-SHD—- I:FOUND.015
2009-12-27 00:57:44 —-SHD—- I:FOUND.014
2009-12-27 00:14:00 —-SHD—- I:FOUND.013
2009-12-26 13:18:39 —-D—- I:Documents and SettingsАдминистраторApplication DataMedia Player Classic
2009-12-26 11:39:18 —-SHD—- I:FOUND.012
2009-12-25 18:02:33 —-D—- I:Documents and SettingsАдминистраторApplication DataTalkback
2009-12-25 17:26:50 —-D—- I:Documents and SettingsАдминистраторApplication DataReal
2009-12-25 17:15:36 —-D—- I:Program FilesAnVir Task Manager
2009-12-25 16:17:37 —-D—- I:rsit
2009-12-25 14:27:59 —-D—- I:Program Filestrend micro
2009-12-25 13:19:43 —-HD—- I:WINDOWSsystem32GroupPolicy
2009-12-25 10:49:22 —-D—- I:Program FilesAlwil Software
2009-12-25 10:08:36 —-SHD—- I:FOUND.011
2009-12-24 22:09:54 —-SHD—- I:FOUND.010
2009-12-24 22:07:10 —-D—- I:WINDOWSpss
2009-12-24 21:41:10 —-SHD—- I:FOUND.009
2009-12-24 20:58:18 —-SHD—- I:FOUND.008
2009-12-24 20:35:58 —-SHD—- I:FOUND.007
2009-12-24 20:22:17 —-SHD—- I:WINDOWSCSC
2009-12-24 20:22:13 —-A—- I:WINDOWSntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-12-27 19:48:40 —-A—- I:WINDOWSBrownie.ini
2009-12-27 19:13:36 —-A—- I:WINDOWSSchedLgU.Txt
2009-12-27 00:53:42 —-A—- I:WINDOWSOEWABLog.txt
2009-12-26 13:18:42 —-A—- I:WINDOWSNeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); I:WINDOWSSystem32Driversappdrv01.sys [2009-03-20 2915944]
R1 ISODrive;ISO CD-ROM Device Driver; ??I:Program FilesUltraISOdriversISODrive.sys []
R1 kbdhid;Драйвер клавиатуры HID; I:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R2 irda;ИК-протокол IrDA; I:WINDOWSsystem32DRIVERSirda.sys [2008-04-14 88192]
R2 rspndr;Ответчик обнаружения топологии уровня связи; I:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 HidUsb;Драйвер класса HID Microsoft; I:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; I:WINDOWSsystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 mouhid;Драйвер мыши HID; I:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; I:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; I:WINDOWSsystem32driversnvax.sys [2004-10-22 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; I:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; I:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-04-14 13056]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; I:WINDOWSsystem32driversnvapu.sys [2004-10-22 413824]
R3 Rasirda;Минипорт WAN (IrDA); I:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); I:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; I:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; I:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; I:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-14 17152]
S3 a028n8hr;a028n8hr; I:WINDOWSsystem32driversa028n8hr.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; I:WINDOWSsystem32DRIVERSHPZid412.sys [2006-05-16 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; I:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-05-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; I:WINDOWSsystem32DRIVERSHPZius12.sys [2006-05-16 21568]
S3 rhjau;rhjau; ??I:WINDOWSsystem321B.tmp []
S3 usbprint;Класс принтеров Microsoft USB; I:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; I:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; I:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; I:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; I:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; I:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Монитор инфракрасной связи; I:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; I:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
S2 appdrvrem01;Application Driver Auto Removal Service (01); I:WINDOWSSystem32appdrvrem01.exe [2009-03-20 304528]
S2 Netprotocol;Network Protocol Driver; I:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; I:WINDOWSsystem32HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; I:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; I:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-03-18 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; I:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; I:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; I:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; I:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; I:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; I:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 gusvc;Google Software Updater; I:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; I:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

---

EOF

---

[IGOREK]

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named ai4821rl was found to stop!
No service named ai4821rl was found to delete!
Error: No service named rhjau was found to stop!
No service named rhjau was found to delete!
Error: No service named Netprotocol was found to stop!
No service named Netprotocol was found to delete!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\plugin deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{587c27a4-5d8b-11de-86a9-00016cbedaa2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{587c27a4-5d8b-11de-86a9-00016cbedaa2} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{addaf876-64d9-11de-86c2-00016cbedaa2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{addaf876-64d9-11de-86c2-00016cbedaa2} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c93815b8-177f-11de-85e1-00016cbedaa2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c93815b8-177f-11de-85e1-00016cbedaa2} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ec5ce212-9d35-11de-8770-00016cbedaa2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ec5ce212-9d35-11de-8770-00016cbedaa2} not found.
========== FILES ==========
DllUnregisterServer procedure not found in I:WINDOWSsystem32netprotocol.dll
I:WINDOWSsystem32netprotocol.dll moved successfully.
File/Folder I:Program Filesplugin.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 522782 bytes

User: LocalService
->Temp folder emptied: 66887 bytes
->Temporary Internet Files folder emptied: 13443951 bytes

User: Администратор
->Temp folder emptied: 86589 bytes
->Temporary Internet Files folder emptied: 3767917 bytes
->FireFox cache emptied: 3741920 bytes

User: L-¦L=L~1

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2356571 bytes
%systemroot%System32 .tmp files removed: 5709 bytes
Windows Temp folder emptied: 2083541 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 351249233 bytes

Total Files Cleaned = 360,00 mb

OTM by OldTimer — Version 3.1.4.0 log created on 12272009_194457

Files moved on Reboot…

Registry entries deleted on Reboot…

[IGOREK]

Сам баннер удалил, до того как прочел ваше сообщение, убрав из папки programfiles левый exешник. Перезагрузил компьютер, баннер появляться не стал, но по прежнему пытается загрузиться некая программа «PhotoGallery» , которая раннее сопровождала появление баннера. Подскажите как от нее избавится.

[Автор]

Сообщения