не можем удалить вирус PC Defender (2)

[SmokyMo]

Подскажите пожалуйста как бороться, у меня точно такая же проблема.
Скачал MalwareBytes Anti-malware, но он не успевает просканировать так как перезагружается компьютер… Браузер закрывает каждые 3 минуты…

[CERBER]

Здравствуйте!
Добро пожаловать на Spyware-ru форум.
Сделайте сканирование вашей системы, программой RSIT,
— подробно описано как и что надо делать, в этой теме:
Как вылечить компьютер, первые шаги.

[SmokyMo]

Неожиданно тема стала моей 🙂
Лог RSIT
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Admin at 2010-08-31 15:51:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (31%) free of 20 GB
Total RAM: 1535 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:20, on 31.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSMixer.exe
C:Program FilesDef GroupPC Defenderpcdef.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesJPG Saverjpgsaver.exe
C:Program FilesPando NetworksMedia BoosterPMB.exe
C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe
C:Program FilesDef GroupPC Defenderproccheck.exe
C:Program FilesDef GroupPC Defenderprockill32.exe
S:ProgramsDAEMON Tools LiteDTLite.exe
C:Program FilesDef GroupPC Defenderprockill32.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.yandex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
F2 — REG:system.ini: Shell=
F2 — REG:system.ini: UserInit=\.globalrootsystemrootsystem32userinit.exe,
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 — Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url(«http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif») no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 — Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 — Hosts: .services { font-size:116%; padding-bottom:20px }
O1 — Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 — Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 — Hosts: p {margin:20px;font-size:1em;}
O1 — Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 — Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 — Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:
O1 — Hosts:
O1 — Hosts: div#headerblock div{font-family:arial;}
O1 — Hosts:
O1 — Hosts:

• New User? Sign Up
• Sign In

O1 — Hosts:

• Help

O1 — Hosts:

Get Yahoo! Toolbar
O1 — Hosts:
O1 — Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 — Hosts: window.yzq_d=’&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1′;
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

• Yahoo!
• Mail

• <a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
  O1 — Hosts:
  O1 — Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
  O1 — Hosts: window.yzq_d=’&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1′;
  O1 — Hosts:
  O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

Sorry, the GeoCities web site you were trying to reach is no longer available.

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

GeoCities has closed, but there’s a lot more to explore on Yahoo!

O1 — Hosts:

Visit one of these popular Yahoo! sites:

O1 — Hosts:

O1 — Hosts:
• Yahoo! Mail

O1 — Hosts:

• Web Hosting

O1 — Hosts:

• News

O1 — Hosts:

• Games

O1 — Hosts:

• Sports

O1 — Hosts:

• Movies

O1 — Hosts:

• Finance

O1 — Hosts:

• Maps

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

[Helper]

Пуск-выполнить:

C:Program Filestrend microAdmin.exe

Нажать OK.
В главном окне программы нужно нажать «Do a system scan only»
В открывшемся логе сканирования поставить галочки напротив указанных строк и нажать кнопку «Fix Checked»

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: Shell=

F2 - REG:system.ini: UserInit=\.globalrootsystemrootsystem32userinit.exe,

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}

O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}

O1 - Hosts: .services { font-size:116%; padding-bottom:20px }

O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}

O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}

O1 - Hosts: p {margin:20px;font-size:1em;}

O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}

O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}

O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: div#headerblock div{font-family:arial;}

O1 - Hosts: 

O1 - Hosts: 
New User? Sign Up
Sign In


O1 - Hosts: 
Help


O1 - Hosts: 
Get Yahoo! Toolbar

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 
Yahoo!
Mail
<a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
Sorry, the GeoCities web site you were trying to reach is no longer available.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
 GeoCities has closed, but there's a lot more to explore on Yahoo!


O1 - Hosts: 
Visit one of these popular Yahoo! sites:


O1 - Hosts: 


O1 - Hosts: 
Yahoo! Mail


O1 - Hosts: 
Web Hosting


O1 - Hosts: 
News


O1 - Hosts: 
Games


O1 - Hosts: 
Sports 


O1 - Hosts: 
Movies


O1 - Hosts: 
Finance


O1 - Hosts: 
Maps


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, visit Archive.org and enter the site's web address in the field provided.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: Copyright © 2009 Yahoo! Inc. All rights reserved.

O1 - Hosts: 


O1 - Hosts: 
Privacy Policy
 -

O1 - Hosts: 
Copyright Policy
 -

O1 - Hosts: 
Guidelines</a

O1 - Hosts: >
 -

O1 - Hosts: 
Terms of Service

O1 - Hosts: 
 -

O1 - Hosts: 
Help


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 

O4 - HKLM..Run: [PC Defender] C:Program FilesDef GroupPC Defenderpcdef.exe

O4 - HKCU..Run: [wsctf.exe] wsctf.exe

Перезагрузите компьютер.
wwww.spyware-ru.com/combofix
combofix лог сделайте и лог RSIT повторите.

[SmokyMo]

Большое спасибо за оперативный ответ и помощь, но уже разобрался. Суть в том что USB клавиатура не работала при загрузке, именно поэтому не мог зайти в безопасном режиме. Сходил к старичку соседу и одолжил клавиатуру с PS/2 разъемом, и в безопасном режиме почистил компьютер MalwareBytes Anti-malware’ом. PC Defender пропал, но почему то при удалении мне сообщили что удалено не все, но, в принципе, все работает замечательно =)
Приношу свои извинения за то что потратил Ваше время а не сообразил сразу найти старую клавиатуру и сделать все в безопасном режиме 🙂
И, напоследок, такой вопрос- существуют ли бесплатные программы защищающие от подобного рода гадости? 🙂
И немного оффтопа- считаете ли Вы что надо вводить уголовное наказание за агрессивную рекламу в интернете? 😀 😆

[CERBER]

Сделайте повторно лог от RSIT.

[SmokyMo]

Пожалуйста 🙂
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Admin at 2010-08-31 17:37:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (31%) free of 20 GB
Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:55, on 31.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.yandex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 — Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url(«http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif&#187;) no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 — Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 — Hosts: .services { font-size:116%; padding-bottom:20px }
O1 — Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 — Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 — Hosts: p {margin:20px;font-size:1em;}
O1 — Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 — Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 — Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:
O1 — Hosts:
O1 — Hosts: div#headerblock div{font-family:arial;}
O1 — Hosts:
O1 — Hosts:

• New User? Sign Up
• Sign In

O1 — Hosts:

• Help

O1 — Hosts:

Get Yahoo! Toolbar
O1 — Hosts:
O1 — Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 — Hosts: window.yzq_d=’&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1′;
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

• Yahoo!
• Mail

• <a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
  O1 — Hosts:
  O1 — Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
  O1 — Hosts: window.yzq_d=’&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1′;
  O1 — Hosts:
  O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

Sorry, the GeoCities web site you were trying to reach is no longer available.

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

GeoCities has closed, but there’s a lot more to explore on Yahoo!

O1 — Hosts:

Visit one of these popular Yahoo! sites:

O1 — Hosts:

O1 — Hosts:
• Yahoo! Mail

O1 — Hosts:

• Web Hosting

O1 — Hosts:

• News

O1 — Hosts:

• Games

O1 — Hosts:

• Sports

O1 — Hosts:

• Movies

O1 — Hosts:

• Finance

O1 — Hosts:

• Maps

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

The GeoCities site you were looking for may have been preserved in the Internet Archive’s Wayback Machine. To find out, visit Archive.org and enter the site’s web address in the field provided.

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts: Copyright © 2009 Yahoo! Inc. All rights reserved.
O1 — Hosts:

O1 — Hosts:
• Privacy Policy

—
O1 — Hosts:

• Copyright Policy

—
O1 — Hosts:

• Guidelines</a
  O1 — Hosts: >

—
O1 — Hosts:

• Terms of Service
  O1 — Hosts:

—
O1 — Hosts:

• Help

O1 — Hosts:

O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: SkypeIEPluginBHO — {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
O4 — HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKCU..Run: [JPGSaver] C:Program FilesJPG Saverjpgsaver.exe
O4 — HKCU..Run: [Pando Media Booster] C:Program FilesPando NetworksMedia BoosterPMB.exe
O4 — HKCU..Run: [QIP Internet Guardian] C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «S:ProgramsDAEMON Tools LiteDTLite.exe» -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O9 — Extra button: Skype add-on for Internet Explorer — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{7B74982C-33F9-4B5A-966B-9031D5E8A4D7}: NameServer = 10.30.1.11,217.26.9.2
O17 — HKLMSystemCCSServicesTcpip..{D1D1D5F2-1C73-41E6-B508-5FCB9571CA9C}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: skype-ie-addon-data — {91774881-D725-4E58-B298-07617B9B86A8} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Unknown owner — C:Program FilesiPodbiniPodService.exe (file missing)
O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:WINDOWSsystem32GameMon.des.exe (file missing)
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 18594 bytes

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2010-01-07 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2010-04-21 149968]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-01-07 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-01-07 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-12-24 8729864]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-17 577536]
«C-Media Mixer»=Mixer.exe /startup []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2009-11-11 417792]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe []
«NeroCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-10-25 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-03-20 1312256]
«JPGSaver»=C:Program FilesJPG Saverjpgsaver.exe [2005-12-23 188416]
«Pando Media Booster»=C:Program FilesPando NetworksMedia BoosterPMB.exe [2010-02-20 2937528]
«QIP Internet Guardian»=C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe [2010-04-21 184272]
«DAEMON Tools Lite»=S:ProgramsDAEMON Tools LiteDTLite.exe [2010-04-01 357696]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-08-21 143360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoFolderOptions»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesPando NetworksMedia BoosterPMB.exe»=»C:Program FilesPando NetworksMedia BoosterPMB.exe:*:Enabled:Pando Media Booster»
«C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe»=»C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe:*:Enabled:Nexon Game Manager»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Allods OnlinebinLauncher.exe»=»C:Allods OnlinebinLauncher.exe:*:Enabled:Allods Launcher»
«S:Allods OnlinebinLauncher.exe»=»S:Allods OnlinebinLauncher.exe:*:Enabled:Allods Launcher»
«S:League of LegendsAirLolClient.exe»=»S:League of LegendsAirLolClient.exe:*:Enabled:League of Legends Lobby»
«S:League of LegendsGameLeague of Legends.exe»=»S:League of LegendsGameLeague of Legends.exe:*:Enabled:League of Legends Game Client»
«S:CIV IV ColonizationColonization.exe»=»S:CIV IV ColonizationColonization.exe:*:Enabled:Sid Meier’s Civilization IV: Колонизация»
«C:Documents and SettingsAdminМои документыЗагрузкиhomm_v1000.exe»=»C:Documents and SettingsAdminМои документыЗагрузкиhomm_v1000.exe:*:Enabled:homm_v1000.exe»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«S:CIV IV ColonizationColonization.exe»=»S:CIV IV ColonizationColonization.exe:*:Enabled:Sid Meier’s Civilization IV: Колонизация»

======List of files/folders created in the last 1 months======

2010-08-31 16:25:25 —-ASH—- C:hiberfil.sys
2010-08-31 16:07:01 —-A—- C:WINDOWSntbtlog.txt
2010-08-31 10:18:50 —-D—- C:Program FilesCommon FilesNero
2010-08-31 04:41:03 —-D—- C:Program Filestrend micro
2010-08-31 04:41:01 —-D—- C:rsit
2010-08-31 03:59:39 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
2010-08-31 03:59:33 —-A—- C:WINDOWSsystem32driversmbamswissarmy.sys
2010-08-31 03:59:32 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-08-31 03:59:32 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-08-31 03:59:32 —-A—- C:WINDOWSsystem32driversmbam.sys
2010-08-31 03:44:32 —-D—- C:Program FilesDef Group
2010-08-27 19:29:17 —-D—- C:Program FilesCommon FilesINCA Shared
2010-08-27 19:29:17 —-A—- C:WINDOWSsystem32npptNT2.sys
2010-08-16 09:10:16 —-D—- C:Program FilesD-Link
2010-08-06 04:40:25 —-D—- C:Documents and SettingsAdminApplication DataMp3 Music Editor
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTWMAFile2.dll
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioVisualization2.dll
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioTransform2.dll
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioRecord2.dll
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioPlayer2.dll
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioInformation2.dll
2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioFile2.dll
2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioEditor2.dll
2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioDisplay2.dll
2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioDesign2.dll
2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioCDGrabber2.dll
2010-08-06 04:40:05 —-D—- C:Program FilesMp3 Music Editor

======List of files/folders modified in the last 1 months======

2010-08-31 16:23:10 —-D—- C:WINDOWSsystem32drivers
2010-08-31 16:21:28 —-AD—- C:WINDOWSsystem32
2010-08-31 16:07:38 —-D—- C:WINDOWSsystem32CatRoot2
2010-08-31 16:07:01 —-D—- C:WINDOWS
2010-08-31 16:02:00 —-A—- C:WINDOWSSchedLgU.Txt
2010-08-31 15:46:34 —-D—- C:WINDOWSTemp
2010-08-31 10:47:58 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-08-31 10:18:50 —-AD—- C:Program FilesCommon Files
2010-08-31 04:41:21 —-D—- C:WINDOWSsystem32driversetc
2010-08-31 04:41:03 —-AD—- C:Program Files
2010-08-31 03:44:34 —-SHD—- C:WINDOWSInstaller
2010-08-27 01:22:23 —-HD—- C:Program FilesInstallShield Installation Information
2010-08-21 23:40:11 —-D—- C:Documents and SettingsAdminApplication DataApple Computer
2010-08-19 13:45:47 —-D—- C:Program FilesCommon FilesInstallShield
2010-08-16 09:10:20 —-HD—- C:WINDOWSinf
2010-08-16 09:10:20 —-D—- C:WINDOWSsystem32CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel — фильтр шины AGP; C:WINDOWSsystem32DRIVERSagp440.sys [2008-04-14 42368]
R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2009-04-29 44944]
R0 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2010-05-08 691696]
R0 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-15 76544]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-01-25 4127488]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-08-21 3299840]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmaudio.sys [2001-12-10 357070]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:WINDOWSsystem32DRIVERSm4cxw2k3.sys [2005-03-10 227584]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 nvmpu401;Service for NVIDIA(R) nForce(TM) MIDI UART; C:WINDOWSsystem32driversnvmpu401.sys [2006-02-26 10240]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
S3 af1qlbci;af1qlbci; C:WINDOWSsystem32driversaf1qlbci.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 EagleNT;EagleNT; ??C:WINDOWSsystem32driversEagleNT.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C, драйвер адаптера; C:WINDOWSsystem32DRIVERSel90xbc5.sys [2001-08-17 66591]
S3 FilterService;UVC Filter Service; C:WINDOWSsystem32DRIVERSlvuvcflt.sys []
S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~1AdminLOCALS~1TempHVK3F.tmp []
S3 lvpopflt;Logitech POP Suppression Filter; C:WINDOWSsystem32DRIVERSlvpopflt.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys []
S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:WINDOWSsystem32DRIVERSlvuvc.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-08-28 40448]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S3 XDva309;XDva309; ??C:WINDOWSsystem32XDva309.sys []
S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver; C:WINDOWSsystem32DRIVERSWlanUZXP.sys [2007-06-14 437760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-08-21 573440]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []
S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2010-06-06 3819912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S4 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-01-07 152984]

---

EOF

---

[CERBER]

Извините конечно, дело ваше, но зараза на вашем компьютере осталась.

[SmokyMo]

хм, тогда будьте добры, подскажите как избавиться 🙂

[Helper]

Пуск-выполнить:

C:Program Filestrend microAdmin.exe

Нажать OK.
В главном окне программы нужно нажать «Do a system scan only»
В открывшемся логе сканирования поставить галочки напротив указанных строк и нажать кнопку «Fix Checked»

R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}

O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}

O1 - Hosts: .services { font-size:116%; padding-bottom:20px }

O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}

O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}

O1 - Hosts: p {margin:20px;font-size:1em;}

O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}

O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}

O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: div#headerblock div{font-family:arial;}

O1 - Hosts: 

O1 - Hosts: 
New User? Sign Up
Sign In


O1 - Hosts: 
Help


O1 - Hosts: 
Get Yahoo! Toolbar

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 
Yahoo!
Mail
<a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
Sorry, the GeoCities web site you were trying to reach is no longer available.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
 GeoCities has closed, but there's a lot more to explore on Yahoo!


O1 - Hosts: 
Visit one of these popular Yahoo! sites:


O1 - Hosts: 


O1 - Hosts: 
Yahoo! Mail


O1 - Hosts: 
Web Hosting


O1 - Hosts: 
News


O1 - Hosts: 
Games


O1 - Hosts: 
Sports 


O1 - Hosts: 
Movies


O1 - Hosts: 
Finance


O1 - Hosts: 
Maps


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, visit Archive.org and enter the site's web address in the field provided.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: Copyright © 2009 Yahoo! Inc. All rights reserved.

O1 - Hosts: 


O1 - Hosts: 
Privacy Policy
 -

O1 - Hosts: 
Copyright Policy
 -

O1 - Hosts: 
Guidelines</a

O1 - Hosts: >
 -

O1 - Hosts: 
Terms of Service

O1 - Hosts: 
 -

O1 - Hosts: 
Help


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 

Перезагрузите компьютер и лог RSIT повторите.

[SmokyMo]

Все сделал как Вы сказали 🙂

Logfile of random's system information tool 1.08 (written by random/random)

Run by Admin at 2010-08-31 22:44:15

Microsoft Windows XP Professional Service Pack 3

System drive C: has 6 GB (31%) free of 20 GB

Total RAM: 1535 MB (73% free)



Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:44:28, on 31.08.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesVistaDriveIconVistaDrv.exe

C:Program FilesPando NetworksMedia BoosterPMB.exe

C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe

C:Program FilesPC Connectivity SolutionServiceLayer.exe

C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe

C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsAdminРабочий столRSIT.exe

C:Program Filestrend microAdmin.exe



R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://qip.ru

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://qip.ru

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.yandex.ru/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки

O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}

O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}

O1 - Hosts: .services { font-size:116%; padding-bottom:20px }

O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}

O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}

O1 - Hosts: p {margin:20px;font-size:1em;}

O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}

O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}

O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: div#headerblock div{font-family:arial;}

O1 - Hosts: 

O1 - Hosts: 
New User? Sign Up
Sign In


O1 - Hosts: 
Help


O1 - Hosts: 
Get Yahoo! Toolbar

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 
Yahoo!
Mail
<a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
Sorry, the GeoCities web site you were trying to reach is no longer available.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
 GeoCities has closed, but there's a lot more to explore on Yahoo!


O1 - Hosts: 
Visit one of these popular Yahoo! sites:


O1 - Hosts: 


O1 - Hosts: 
Yahoo! Mail


O1 - Hosts: 
Web Hosting


O1 - Hosts: 
News


O1 - Hosts: 
Games


O1 - Hosts: 
Sports 


O1 - Hosts: 
Movies


O1 - Hosts: 
Finance


O1 - Hosts: 
Maps


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, visit Archive.org and enter the site's web address in the field provided.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: Copyright © 2009 Yahoo! Inc. All rights reserved.

O1 - Hosts: 


O1 - Hosts: 
Privacy Policy
 -

O1 - Hosts: 
Copyright Policy
 -

O1 - Hosts: 
Guidelines</a

O1 - Hosts: >
 -

O1 - Hosts: 
Terms of Service

O1 - Hosts: 
 -

O1 - Hosts: 
Help


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll

O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:Program FilesYandexYandexBarIEyndbar.dll

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe

O4 - HKCU..Run: [PC Suite Tray] "C:Program FilesNokiaNokia PC Suite 7PCSuite.exe" -onlytray

O4 - HKCU..Run: [JPGSaver] C:Program FilesJPG Saverjpgsaver.exe

O4 - HKCU..Run: [Pando Media Booster] C:Program FilesPando NetworksMedia BoosterPMB.exe

O4 - HKCU..Run: [QIP Internet Guardian] C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe

O4 - HKCU..Run: [DAEMON Tools Lite] "S:ProgramsDAEMON Tools LiteDTLite.exe" -autorun

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O17 - HKLMSystemCCSServicesTcpip..{7B74982C-33F9-4B5A-966B-9031D5E8A4D7}: NameServer = 10.30.1.11,217.26.9.2

O17 - HKLMSystemCCSServicesTcpip..{D1D1D5F2-1C73-41E6-B508-5FCB9571CA9C}: NameServer = 213.234.192.7 85.21.192.5

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll

O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:WINDOWSsystem32services.exe

O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:WINDOWSsystem32imapi.exe

O23 - Service: Сервис iPod (iPod Service) - Unknown owner - C:Program FilesiPodbiniPodService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:WINDOWSsystem32GameMon.des.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:WINDOWSsystem32services.exe

O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:WINDOWSsystem32sessmgr.exe

O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:WINDOWSSystem32SCardSvr.exe

O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:WINDOWSsystem32smlogsvc.exe

O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:WINDOWSSystem32vssvc.exe

O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:WINDOWSsystem32wbemwmiapsrv.exe



--

End of file - 17529 bytes



======Scheduled tasks folder======



C:WINDOWStasksAppleSoftwareUpdate.job



======Registry dump======



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:Program FilesJavajre6binssv.dll [2010-01-07 320920]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

QIPBHO Class - C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2010-04-21 149968]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll []



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:Program FilesJavajre6binjp2ssv.dll [2010-01-07 34816]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-01-07 73728]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]

{91397D20-1446-11D4-8AF4-0040CA1127B6} - Яндекс.Бар - C:Program FilesYandexYandexBarIEyndbar.dll [2009-12-24 8729864]



[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]

"SoundMan"=C:WINDOWSSOUNDMAN.EXE [2007-04-17 577536]

"C-Media Mixer"=Mixer.exe /startup []

"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2009-11-11 417792]

"iTunesHelper"=C:Program FilesiTunesiTunesHelper.exe []

"NeroCheck"=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"=C:WINDOWSsystem32ctfmon.exe [2008-10-25 30208]

"VistaIcon"=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]

"PC Suite Tray"=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-03-20 1312256]

"JPGSaver"=C:Program FilesJPG Saverjpgsaver.exe [2005-12-23 188416]

"Pando Media Booster"=C:Program FilesPando NetworksMedia BoosterPMB.exe [2010-02-20 2937528]

"QIP Internet Guardian"=C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe [2010-04-21 184272]

"DAEMON Tools Lite"=S:ProgramsDAEMON Tools LiteDTLite.exe [2010-04-01 357696]



C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка

Microsoft Office.lnk - C:Program FilesMicrosoft OfficeOffice10OSA.EXE



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]

C:WINDOWSsystem32Ati2evxx.dll [2008-08-21 143360]



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]



[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]



[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]

"DisableCMD"=0



[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]

"NoDriveTypeAutoRun"=145

"NoSharedDocuments"=1

"NoSMConfigurePrograms"=1

"NoFolderOptions"=1



[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:Program FilesOperaopera.exe"="C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser"

"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent"

"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"

"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"

"C:Program FilesPando NetworksMedia BoosterPMB.exe"="C:Program FilesPando NetworksMedia BoosterPMB.exe:*:Enabled:Pando Media Booster"

"C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe"="C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe:*:Enabled:Nexon Game Manager"

"C:Program FilesSkypePlugin ManagerskypePM.exe"="C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager"

"C:Allods OnlinebinLauncher.exe"="C:Allods OnlinebinLauncher.exe:*:Enabled:Allods Launcher"

"S:Allods OnlinebinLauncher.exe"="S:Allods OnlinebinLauncher.exe:*:Enabled:Allods Launcher"

"S:League of LegendsAirLolClient.exe"="S:League of LegendsAirLolClient.exe:*:Enabled:League of Legends Lobby"

"S:League of LegendsGameLeague of Legends.exe"="S:League of LegendsGameLeague of Legends.exe:*:Enabled:League of Legends Game Client"

"S:CIV IV ColonizationColonization.exe"="S:CIV IV ColonizationColonization.exe:*:Enabled:Sid Meier's Civilization IV: Колонизация"

"C:Documents and SettingsAdminМои документыЗагрузкиhomm_v1000.exe"="C:Documents and SettingsAdminМои документыЗагрузкиhomm_v1000.exe:*:Enabled:homm_v1000.exe"

"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"



[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"S:CIV IV ColonizationColonization.exe"="S:CIV IV ColonizationColonization.exe:*:Enabled:Sid Meier's Civilization IV: Колонизация"



======List of files/folders created in the last 1 months======



2010-08-31 16:25:25 ----ASH---- C:hiberfil.sys

2010-08-31 16:07:01 ----A---- C:WINDOWSntbtlog.txt

2010-08-31 10:18:50 ----D---- C:Program FilesCommon FilesNero

2010-08-31 04:41:03 ----D---- C:Program Filestrend micro

2010-08-31 04:41:01 ----D---- C:rsit

2010-08-31 03:59:39 ----D---- C:Documents and SettingsAdminApplication DataMalwarebytes

2010-08-31 03:59:33 ----A---- C:WINDOWSsystem32driversmbamswissarmy.sys

2010-08-31 03:59:32 ----D---- C:Program FilesMalwarebytes' Anti-Malware

2010-08-31 03:59:32 ----D---- C:Documents and SettingsAll UsersApplication DataMalwarebytes

2010-08-31 03:59:32 ----A---- C:WINDOWSsystem32driversmbam.sys

2010-08-31 03:44:32 ----D---- C:Program FilesDef Group

2010-08-27 19:29:17 ----D---- C:Program FilesCommon FilesINCA Shared

2010-08-27 19:29:17 ----A---- C:WINDOWSsystem32npptNT2.sys

2010-08-16 09:10:16 ----D---- C:Program FilesD-Link

2010-08-06 04:40:25 ----D---- C:Documents and SettingsAdminApplication DataMp3 Music Editor

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTWMAFile2.dll

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTAudioVisualization2.dll

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTAudioTransform2.dll

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTAudioRecord2.dll

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTAudioPlayer2.dll

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTAudioInformation2.dll

2010-08-06 04:40:08 ----A---- C:WINDOWSsystem32NCTAudioFile2.dll

2010-08-06 04:40:07 ----A---- C:WINDOWSsystem32NCTAudioEditor2.dll

2010-08-06 04:40:07 ----A---- C:WINDOWSsystem32NCTAudioDisplay2.dll

2010-08-06 04:40:07 ----A---- C:WINDOWSsystem32NCTAudioDesign2.dll

2010-08-06 04:40:07 ----A---- C:WINDOWSsystem32NCTAudioCDGrabber2.dll

2010-08-06 04:40:05 ----D---- C:Program FilesMp3 Music Editor



======List of files/folders modified in the last 1 months======



2010-08-31 22:38:10 ----A---- C:WINDOWSSchedLgU.Txt

2010-08-31 22:37:36 ----D---- C:WINDOWSsystem32driversetc

2010-08-31 18:29:35 ----D---- C:Documents and SettingsAdminApplication DatauTorrent

2010-08-31 16:26:07 ----D---- C:WINDOWSTemp

2010-08-31 16:23:10 ----D---- C:WINDOWSsystem32drivers

2010-08-31 16:21:28 ----AD---- C:WINDOWSsystem32

2010-08-31 16:07:38 ----D---- C:WINDOWSsystem32CatRoot2

2010-08-31 16:07:01 ----D---- C:WINDOWS

2010-08-31 10:18:50 ----AD---- C:Program FilesCommon Files

2010-08-31 04:41:03 ----AD---- C:Program Files

2010-08-31 03:44:34 ----SHD---- C:WINDOWSInstaller

2010-08-27 01:22:23 ----HD---- C:Program FilesInstallShield Installation Information

2010-08-21 23:40:11 ----D---- C:Documents and SettingsAdminApplication DataApple Computer

2010-08-19 13:45:47 ----D---- C:Program FilesCommon FilesInstallShield

2010-08-16 09:10:20 ----HD---- C:WINDOWSinf

2010-08-16 09:10:20 ----D---- C:WINDOWSsystem32CatRoot



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R0 agp440;Intel - фильтр шины AGP; C:WINDOWSsystem32DRIVERSagp440.sys [2008-04-14 42368]

R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2009-04-29 44944]

R0 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2010-05-08 691696]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-15 76544]

R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]

R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]

R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-01-25 4127488]

R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-08-21 3299840]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmaudio.sys [2001-12-10 357070]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]

R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]

R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:WINDOWSsystem32DRIVERSm4cxw2k3.sys [2005-03-10 227584]

R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]

R3 nvmpu401;Service for NVIDIA(R) nForce(TM) MIDI UART; C:WINDOWSsystem32driversnvmpu401.sys [2006-02-26 10240]

R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]

S3 a8tq5vcs;a8tq5vcs; C:WINDOWSsystem32driversa8tq5vcs.sys []

S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]

S3 EagleNT;EagleNT; ??C:WINDOWSsystem32driversEagleNT.sys []

S3 EL90XBC;3Com EtherLink XL 90XB/C, драйвер адаптера; C:WINDOWSsystem32DRIVERSel90xbc5.sys [2001-08-17 66591]

S3 FilterService;UVC Filter Service; C:WINDOWSsystem32DRIVERSlvuvcflt.sys []

S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~1AdminLOCALS~1TempHVK3F.tmp []

S3 lvpopflt;Logitech POP Suppression Filter; C:WINDOWSsystem32DRIVERSlvpopflt.sys []

S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys []

S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:WINDOWSsystem32DRIVERSlvuvc.sys []

S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]

S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]

S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]

S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]

S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]

S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]

S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-08-28 40448]

S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]

S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]

S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]

S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-14 26112]

S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]

S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]

S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]

S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]

S3 XDva309;XDva309; ??C:WINDOWSsystem32XDva309.sys []

S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver; C:WINDOWSsystem32DRIVERSWlanUZXP.sys [2007-06-14 437760]



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-08-28 144672]

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-08-21 573440]

R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]

R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]

S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]

S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []

S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2010-06-06 3819912]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]

S4 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-01-07 152984]



EOF

[Helper]

wwww.spyware-ru.com/combofix
combofix лог сделайте
В хостс файле очень странные записи так и остались.

O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}

O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}

O1 - Hosts: .services { font-size:116%; padding-bottom:20px }

O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}

O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}

O1 - Hosts: p {margin:20px;font-size:1em;}

O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}

O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}

O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: div#headerblock div{font-family:arial;}

O1 - Hosts: 

O1 - Hosts: 
New User? Sign Up
Sign In


O1 - Hosts: 
Help


O1 - Hosts: 
Get Yahoo! Toolbar

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 
Yahoo!
Mail
<a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252

O1 - Hosts: 

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
Sorry, the GeoCities web site you were trying to reach is no longer available.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
 GeoCities has closed, but there's a lot more to explore on Yahoo!


O1 - Hosts: 
Visit one of these popular Yahoo! sites:


O1 - Hosts: 


O1 - Hosts: 
Yahoo! Mail


O1 - Hosts: 
Web Hosting


O1 - Hosts: 
News


O1 - Hosts: 
Games


O1 - Hosts: 
Sports 


O1 - Hosts: 
Movies


O1 - Hosts: 
Finance


O1 - Hosts: 
Maps


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 
The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, visit Archive.org and enter the site's web address in the field provided.


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: Copyright © 2009 Yahoo! Inc. All rights reserved.

O1 - Hosts: 


O1 - Hosts: 
Privacy Policy
 -

O1 - Hosts: 
Copyright Policy
 -

O1 - Hosts: 
Guidelines</a

O1 - Hosts: >
 -

O1 - Hosts: 
Terms of Service

O1 - Hosts: 
 -

O1 - Hosts: 
Help


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 


O1 - Hosts: 

O1 - Hosts: 

O1 - Hosts: 


O1 - Hosts: 

[Автор]

Сообщения