Помогите с "Antispyware Vista" не 2010!

[Tyzz]

Почитал ваш саит,поставил «SuperAntiSpyware» он не помог..»mbam» даже не устанавлевается. «Antispyware Vista» отключил «Firewall»,пытается блокировать все браузеры.Помогите пожалуйста — ето невыносимо..

[Tyzz]

Да еще,при первом сканировании «SuperAntiSpywarom» обнаружил 7 -Adware,2-Trojan.Agent/Gen-RogueAV и 1 -antivirus.soft. После завершения процедуры удаления — restart. «Antispyware Vista» не пропал, я запустил по новой и он сра обнаружил 2-Trojan.Agent/Gen-RogueAV,хот должен был удалить их впрошлый раз.

[Tyzz]

После 2й проверки ничего не изменилось..Забыл добавить при загрузке компа на рабочем столе появляется две табличьки: «Error louding C:Windowssystem32NvCpl.dll The specified module could not be found. и «Error louding C:Windowssystem32NvMcTray.dll The specified module could not be found. Вобсчем ето кокраз те файлы.Как их удолить.Прошу подскажите..

[CERBER]

Здравствуйте!
Добро пожаловать на Spyware-ru форум.
Выложите пожалуйста логи как показано в этой теме:
Как вылечить компьютер, первые шаги.

[Tyzz]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by PIONER at 2010-03-17 10:34:03
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 339 GB (48%) free of 700 GB
Total RAM: 6077 MB (53% free)

======Scheduled tasks folder======

C:WindowstasksGoogleUpdateTaskMachineCore.job
C:WindowstasksGoogleUpdateTaskMachineUA.job
C:WindowstasksSpyHunter Scanner.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — c:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper — C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program files (x86)mail.rusputnikMailRuSputnik.dll [2009-09-17 826032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program Files (x86)GoogleGoogleToolbarNotifier5.5.4723.1820swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper — C:Program Files (x86)MSNToolbar3.0.1125.0msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program Files (x86)Javajre6binjp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper — C:Program Files (x86)Windows LiveToolbarwltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar — C:Program Files (x86)BS_PlayertbBS_0.dll [2010-02-20 2349080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} — &Windows Live Toolbar — C:Program Files (x86)Windows LiveToolbarwltcore.dll [2008-12-08 1067352]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} — BS Player Toolbar — C:Program Files (x86)BS_PlayertbBS_0.dll [2010-02-20 2349080]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program Files (x86)YandexYandexBarIEyndbar.dll [2009-04-20 3701024]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} — MSN Toolbar — C:Program Files (x86)MSNToolbar3.0.1125.0msneshellx.dll [2009-02-09 82768]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program files (x86)mail.rusputnikMailRuSputnik.dll [2009-09-17 826032]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«StartCCC»=C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-01-21 61440]
«Adobe Reader Speed Launcher»=c:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«LogitechQuickCamRibbon»=C:Program Files (x86)LogitechQuickCamQuickcam.exe [2008-12-20 2656528]
«SunJavaUpdateSched»=C:Program Files (x86)Javajre6binjusched.exe [2009-05-21 148888]
«Microsoft Default Manager»=C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe [2009-02-03 233304]
«avast5″=C:Program FilesAlwil SoftwareAvast5avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-20 1555968]
«Steam»=c:program files (x86)steamsteam.exe [2010-02-20 1217872]
«DAEMON Tools Lite»=C:Program Files (x86)DAEMON Tools Litedaemon.exe [2008-12-29 687560]
«RGSC»=C:GamesGTA gameRockstar Games Social ClubRGSCLauncher.exe /silent []
«EA Core»=C:Program Files (x86)Electronic ArtsEADMCore.exe [2008-07-22 2772992]
«swg»=C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-04-04 39408]
«Comrade.exe»=C:Program Files (x86)GameSpyComradeComrade.exe [2008-12-09 800256]
«PlayNC Launcher»= []
«msnmsgr»=C:Program Files (x86)Windows LiveMessengermsnmsgr.exe [2008-12-02 3882312]
«Skype»=C:Program Files (x86)SkypePhoneSkype.exe [2009-10-09 25623336]
«WMPNSCFG»=C:Program Files (x86)Windows Media PlayerWMPNSCFG.exe []
«SUPERAntiSpyware»=C:Program Files (x86)SUPERAntiSpywareSUPERAntiSpyware.exe [2010-02-18 2012912]

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Digital Line Detect.lnk — C:Program Files (x86)Digital Line DetectDLG.exe
Logitech Desktop Messenger.lnk — C:Program Files (x86)LogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe

C:UsersPIONERAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Dell Dock.lnk — C:Program Files (x86)DellDellDockDellDock.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
C:Program Files (x86)SUPERAntiSpywareSASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoActiveDesktop»=
«NoActiveDesktopChanges»=
«ForceActiveDesktopOn»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c71679e1-fd6b-11de-8522-0022191d86fd}]
shellAutoRuncommand — RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013keygen.exe
shellopencommand — RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013keygen.exe

======File associations======

.exe — open — «C:UsersPIONERAppDataLocalave.exe» /START «%1» %*
.js — edit — C:WindowsSysWOW64Notepad.exe %1
.js — open — C:WindowsSysWOW64WScript.exe «%1» %*

======List of files/folders created in the last 1 months======

2010-03-17 10:34:03 —-D—- C:rsit
2010-03-17 10:34:03 —-D—- C:Program Files (x86)trend micro
2010-03-16 23:31:56 —-D—- C:ProgramDataSUPERAntiSpyware.com
2010-03-16 23:31:39 —-D—- C:UsersPIONERAppDataRoamingSUPERAntiSpyware.com
2010-03-16 23:31:39 —-D—- C:Program Files (x86)SUPERAntiSpyware
2010-03-16 22:04:01 —-D—- C:Program Files (x86)Enigma Software Group
2010-03-16 20:34:20 —-D—- C:ProgramDataAlwil Software
2010-03-10 04:01:38 —-A—- C:Windowssystem32nshhttp.dll
2010-03-10 04:01:28 —-A—- C:Windowssystem32httpapi.dll
2010-03-05 11:35:15 —-D—- C:Program Files (x86)Runes of Magic
2010-03-04 16:12:53 —-D—- C:UsersPIONERAppDataRoamingFOG Downloader
2010-02-28 12:42:19 —-A—- C:Windowssystem32XAudio2_5.dll
2010-02-28 12:42:19 —-A—- C:Windowssystem32xactengine3_5.dll
2010-02-28 12:42:18 —-A—- C:Windowssystem32d3dx11_42.dll
2010-02-28 12:42:18 —-A—- C:Windowssystem32d3dcsx_42.dll
2010-02-28 12:42:18 —-A—- C:Windowssystem32D3DCompiler_42.dll
2010-02-28 12:42:17 —-A—- C:Windowssystem32D3DX9_42.dll
2010-02-28 12:42:17 —-A—- C:Windowssystem32d3dx10_42.dll
2010-02-28 12:42:15 —-A—- C:Windowssystem32d3dx10_41.dll
2010-02-28 12:42:15 —-A—- C:Windowssystem32D3DCompiler_41.dll
2010-02-28 12:42:13 —-A—- C:Windowssystem32D3DX9_41.dll
2010-02-28 12:42:12 —-A—- C:Windowssystem32XAudio2_4.dll
2010-02-28 12:42:12 —-A—- C:Windowssystem32XAPOFX1_3.dll
2010-02-28 12:42:12 —-A—- C:Windowssystem32xactengine3_4.dll
2010-02-28 12:42:12 —-A—- C:Windowssystem32X3DAudio1_6.dll
2010-02-28 12:42:11 —-A—- C:Windowssystem32d3dx10_40.dll
2010-02-28 12:42:11 —-A—- C:Windowssystem32D3DCompiler_40.dll
2010-02-28 12:42:09 —-A—- C:Windowssystem32D3DX9_40.dll
2010-02-28 12:42:08 —-A—- C:Windowssystem32XAudio2_3.dll
2010-02-28 12:42:08 —-A—- C:Windowssystem32XAPOFX1_2.dll
2010-02-28 12:42:07 —-A—- C:Windowssystem32xactengine3_3.dll
2010-02-28 12:42:07 —-A—- C:Windowssystem32X3DAudio1_5.dll
2010-02-28 12:42:06 —-A—- C:Windowssystem32XAudio2_2.dll
2010-02-28 12:42:06 —-A—- C:Windowssystem32XAPOFX1_1.dll
2010-02-28 12:42:06 —-A—- C:Windowssystem32xactengine3_2.dll
2010-02-28 12:42:03 —-A—- C:Windowssystem32XAudio2_1.dll
2010-02-28 12:42:03 —-A—- C:Windowssystem32XAPOFX1_0.dll
2010-02-28 12:42:02 —-A—- C:Windowssystem32xactengine3_1.dll
2010-02-28 12:42:02 —-A—- C:Windowssystem32X3DAudio1_4.dll
2010-02-28 12:42:01 —-A—- C:Windowssystem32d3dx10_38.dll
2010-02-28 12:42:01 —-A—- C:Windowssystem32D3DCompiler_38.dll
2010-02-28 12:41:59 —-A—- C:Windowssystem32XAudio2_0.dll
2010-02-28 12:41:59 —-A—- C:Windowssystem32D3DX9_38.dll
2010-02-28 12:41:58 —-A—- C:Windowssystem32xactengine3_0.dll
2010-02-28 12:41:58 —-A—- C:Windowssystem32X3DAudio1_3.dll
2010-02-28 12:41:57 —-A—- C:Windowssystem32d3dx10_37.dll
2010-02-28 12:41:57 —-A—- C:Windowssystem32D3DCompiler_37.dll
2010-02-28 12:41:54 —-A—- C:Windowssystem32D3DX9_37.dll
2010-02-28 12:41:53 —-A—- C:Windowssystem32xactengine2_10.dll
2010-02-28 12:41:50 —-A—- C:Windowssystem32d3dx10_36.dll
2010-02-28 12:41:50 —-A—- C:Windowssystem32D3DCompiler_36.dll
2010-02-28 12:41:49 —-A—- C:Windowssystem32d3dx9_36.dll
2010-02-28 12:41:48 —-A—- C:Windowssystem32xactengine2_9.dll
2010-02-28 12:41:47 —-A—- C:Windowssystem32d3dx10_35.dll
2010-02-28 12:41:47 —-A—- C:Windowssystem32D3DCompiler_35.dll
2010-02-28 12:41:46 —-A—- C:Windowssystem32d3dx9_35.dll
2010-02-28 12:41:45 —-A—- C:Windowssystem32xactengine2_8.dll
2010-02-28 12:41:45 —-A—- C:Windowssystem32X3DAudio1_2.dll
2010-02-28 12:41:43 —-A—- C:Windowssystem32d3dx10_34.dll
2010-02-28 12:41:43 —-A—- C:Windowssystem32D3DCompiler_34.dll
2010-02-28 12:41:42 —-A—- C:Windowssystem32xinput1_3.dll
2010-02-28 12:41:42 —-A—- C:Windowssystem32d3dx9_34.dll
2010-02-28 12:41:41 —-A—- C:Windowssystem32xactengine2_7.dll
2010-02-28 12:41:40 —-A—- C:Windowssystem32d3dx10_33.dll
2010-02-28 12:41:40 —-A—- C:Windowssystem32D3DCompiler_33.dll
2010-02-28 12:41:38 —-A—- C:Windowssystem32d3dx9_33.dll
2010-02-28 12:41:37 —-A—- C:Windowssystem32xactengine2_6.dll
2010-02-28 12:41:37 —-A—- C:Windowssystem32xactengine2_5.dll
2010-02-28 12:41:36 —-A—- C:Windowssystem32d3dx10.dll
2010-02-28 12:41:35 —-A—- C:Windowssystem32d3dx9_32.dll
2010-02-28 12:41:34 —-A—- C:Windowssystem32xactengine2_4.dll
2010-02-28 12:41:34 —-A—- C:Windowssystem32x3daudio1_1.dll
2010-02-28 12:41:31 —-A—- C:Windowssystem32d3dx9_31.dll
2010-02-28 12:41:30 —-A—- C:Windowssystem32xactengine2_3.dll
2010-02-28 12:41:29 —-A—- C:Windowssystem32xinput1_2.dll
2010-02-28 12:41:28 —-A—- C:Windowssystem32xactengine2_2.dll
2010-02-28 12:41:27 —-A—- C:Windowssystem32xinput1_1.dll
2010-02-28 12:41:26 —-A—- C:Windowssystem32xactengine2_1.dll
2010-02-28 12:41:15 —-A—- C:Windowssystem32d3dx9_30.dll
2010-02-28 12:41:14 —-A—- C:Windowssystem32xactengine2_0.dll
2010-02-28 12:41:14 —-A—- C:Windowssystem32x3daudio1_0.dll
2010-02-28 12:41:12 —-A—- C:Windowssystem32d3dx9_29.dll
2010-02-28 12:41:11 —-A—- C:Windowssystem32d3dx9_28.dll
2010-02-28 12:41:08 —-A—- C:Windowssystem32d3dx9_27.dll
2010-02-28 12:41:06 —-A—- C:Windowssystem32d3dx9_26.dll
2010-02-28 12:41:04 —-A—- C:Windowssystem32d3dx9_25.dll
2010-02-28 12:41:01 —-A—- C:Windowssystem32d3dx9_24.dll
2010-02-27 20:02:23 —-D—- C:Klipbl
2010-02-27 01:43:22 —-A—- C:Windowsntbtlog.txt
2010-02-26 23:16:17 —-A—- C:Windowssystem32unicows.dll
2010-02-26 17:16:14 —-D—- C:UsersPIONERAppDataRoamingGetRightToGo
2010-02-23 22:18:56 —-A—- C:Windowssystem32jscript.dll
2010-02-23 22:18:46 —-A—- C:Windowssystem32tzres.dll
2010-02-23 22:18:32 —-A—- C:Windowssystem32RMActivate_isv.exe
2010-02-23 22:18:32 —-A—- C:Windowssystem32RMActivate.exe
2010-02-23 22:18:31 —-A—- C:Windowssystem32secproc.dll
2010-02-23 22:18:31 —-A—- C:Windowssystem32RMActivate_ssp_isv.exe
2010-02-23 22:18:31 —-A—- C:Windowssystem32RMActivate_ssp.exe
2010-02-23 22:18:30 —-A—- C:Windowssystem32secproc_isv.dll
2010-02-23 22:18:29 —-A—- C:Windowssystem32secproc_ssp_isv.dll
2010-02-23 22:18:29 —-A—- C:Windowssystem32secproc_ssp.dll
2010-02-23 22:18:29 —-A—- C:Windowssystem32msdrm.dll

======List of files/folders modified in the last 1 months======

2010-03-17 10:34:03 —-RD—- C:Program Files (x86)
2010-03-17 10:34:03 —-D—- C:WindowsTemp
2010-03-17 10:34:03 —-D—- C:WindowsPrefetch
2010-03-17 10:31:58 —-D—- C:Program Files (x86)Mozilla Firefox
2010-03-17 10:30:25 —-D—- C:UsersPIONERAppDataRoamingSkype
2010-03-17 10:30:16 —-D—- C:WindowsSysWOW64
2010-03-17 10:29:58 —-D—- C:UsersPIONERAppDataRoamingskypePM
2010-03-17 01:42:49 —-D—- C:WindowsSystem32
2010-03-17 01:42:49 —-D—- C:Windowsinf
2010-03-17 01:36:08 —-D—- C:Program Files (x86)Steam
2010-03-16 23:53:14 —-SHD—- C:System Volume Information
2010-03-16 23:31:56 —-HD—- C:ProgramData
2010-03-16 23:31:45 —-SHD—- C:WindowsInstaller
2010-03-16 23:30:48 —-D—- C:Program Files (x86)Common FilesWise Installation Wizard
2010-03-16 22:33:43 —-D—- C:WindowsTasks
2010-03-16 20:36:13 —-D—- C:Windowswinsxs
2010-03-16 16:42:37 —-D—- C:Program Files (x86)Common FilesSteam
2010-03-15 19:04:56 —-D—- C:UsersPIONERAppDataRoaminguTorrent
2010-03-10 04:20:28 —-D—- C:Program Files (x86)Windows Mail
2010-03-09 05:24:05 —-A—- C:Windowssystem32aswBoot.exe
2010-03-04 16:12:53 —-D—- C:Games
2010-03-04 13:30:55 —-D—- C:Music
2010-02-28 12:41:26 —-RSD—- C:Windowsassembly
2010-02-28 00:37:51 —-D—- C:Program Files (x86)ArtMoney
2010-02-27 19:09:30 —-RSD—- C:WindowsFonts
2010-02-27 01:43:22 —-D—- C:Windows
2010-02-24 04:35:48 —-D—- C:Windowsrescache
2010-02-24 04:17:58 —-D—- C:Windowssystem32en-US
2010-02-20 11:21:21 —-D—- C:Program Files (x86)BS_Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:WindowsSystem32Driversappdrv01.sys []
R1 aswRdr;aswRdr; C:Windowssystem32driversaswRdr.sys []
R1 aswSP;aswSP; C:Windowssystem32driversaswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:Windowssystem32driversaswTdi.sys []
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:Windowssystem32DRIVERStmlwf.sys []
R1 tmtdi;Trend Micro TDI Driver; C:Windowssystem32DRIVERStmtdi.sys []
R2 aswFsBlk;aswFsBlk; C:Windowssystem32driversaswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; ??C:Windowssystem32driversaswMonFlt.sys []
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys []
R2 tmpreflt;tmpreflt; C:Windowssystem32DRIVERStmpreflt.sys []
R2 tmwfp;Trend Micro WFP Callout Driver; C:Windowssystem32DRIVERStmwfp.sys []
R2 tmxpflt;tmxpflt; C:Windowssystem32DRIVERStmxpflt.sys []
R2 vsapint;vsapint; C:Windowssystem32DRIVERSvsapint.sys []
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio64.sys []
R3 CAXHWBS2;CAXHWBS2; C:Windowssystem32DRIVERSCAXHWBS2.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:Windowssystem32DRIVERSe1e6032e.sys []
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:Windowssystem32driversHCW85BDA.sys []
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSCAX_DPV.sys []
R3 ksthunk;Kernel Streaming Thunks; C:Windowssystem32driversksthunk.sys []
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:Windowssystem32DRIVERSLVPr2M64.sys []
R3 LVRS64;Logitech RightSound Filter Driver; C:Windowssystem32DRIVERSlvrs64.sys []
R3 lvsels64;Logitech Selective Suspend Filter; C:Windowssystem32DRIVERSlvsels64.sys []
R3 LVUSBS64;Logitech USB Monitor Filter; C:Windowssystem32driversLVUSBS64.sys []
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC); C:Windowssystem32DRIVERSlvuvc64.sys []
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys []
R3 pmxmouse;PMXMOUSE; C:Windowssystem32DRIVERSpmxmouse.sys []
R3 pmxusblf;PMXUSBLF; C:Windowssystem32DRIVERSpmxusblf.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:Windowssystem32DRIVERSstwrt64.sys []
R3 usbaudio;USB Audio Driver (WDM); C:Windowssystem32driversusbaudio.sys []
R3 winachsf;winachsf; C:Windowssystem32DRIVERSCAX_CNXT.sys []
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys []
S1 aswSnx;aswSnx; C:Windowssystem32driversaswSnx.sys []
S1 SASDIFSV;SASDIFSV; ??C:Program Files (x86)SUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL; ??C:Program Files (x86)SUPERAntiSpywareSASKUTIL.SYS [2010-02-17 66632]
S3 atikmdag;atikmdag; C:Windowssystem32DRIVERSatikmdag.sys []
S3 awt3vnsx;awt3vnsx; C:Windowssystem32driversawt3vnsx.sys []
S3 btwavdt;Bluetooth AVDT; C:Windowssystem32driversbtwavdt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:Windowssystem32driversdrmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; ??C:Program Files (x86)Steamsteamappscommonaionbin32GameGuarddump_wmimmc.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:Windowssystem32driversHdAudio.sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:Windowssystem32DRIVERSLVPr2M64.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:Windowssystem32driversMSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:Windowssystem32driversMSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:Windowssystem32driversMSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:Windowssystem32driversMSTEE.sys []
S3 NPPTNT2;NPPTNT2; ??C:Windowssystem32npptNT2.sys [2009-04-08 4682]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys []
S3 SASENUM;SASENUM; ??C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS [2010-02-17 12872]
S3 usbvideo;USB Video Device (WDM); C:WindowsSystem32Driversusbvideo.sys []
S4 btwrchid;btwrchid; C:Windowssystem32driversbtwrchid.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys []
S4 hcw85cir;Hauppauge Consumer Infrared Receiver; C:Windowssystem32drivershcw85cir.sys []
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:Windowssystem32Ati2evxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-03-09 40384]
R2 DockLoginService;Dock Login Service; C:Program FilesDellDellDockDockLogin.exe [2008-09-23 155648]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe [2008-04-15 354840]
R2 LVPrcS64;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2008-12-16 187416]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2009-04-05 66872]
R2 SeaPort;SeaPort; C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe [2009-01-14 226656]
R2 SfCtlCom;Trend Micro Central Control Component; C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe [2009-08-12 820488]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:Program FilesTrend MicroBMTMBMSRV.exe [2009-08-12 563464]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio64.exe []
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [2010-03-09 40384]
R3 Steam Client Service;Steam Client Service; C:Program Files (x86)Common FilesSteamSteamService.exe [2010-03-10 332720]
R3 TmPfw;Trend Micro Personal Firewall; C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe [2009-08-12 587696]
R3 tmproxy;Trend Micro Proxy Service; C:Program FilesTrend MicroInternet SecurityTmProxy.exe [2009-08-12 854280]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WindowsSystem32appdrvrem01.exe svc []
S2 gupdate;Google Update Service (gupdate); C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-01-30 135664]
S2 STacSV;Audio Service; C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_f86438beSTacSV64.exe []
S3 aspnet_state;ASP.NET State Service; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2008-07-27 93184]
S3 DAUpdaterSvc;Dragon Age: Origins — Content Updater; C:Program Files (x86)Dragon Agebin_shipDAUpdaterSvc.Service.exe []
S3 gusvc;Google Software Updater; C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-25 182768]
S3 IDriverT;InstallDriver Table Manager; C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 npggsvc;nProtect GameGuard Service; C:Windowssystem32GameMon.des [2009-08-30 3407412]
S3 PerfHost;@%systemroot%sysWow64perfhost.exe,-2; C:WindowsSysWow64perfhost.exe [2008-01-20 19968]

---

EOF

---

nfo.txt logfile of random’s system information tool 1.06 2010-03-17 10:34:06

======Uninstall list======

—>MsiExec /X{506DDFBE-983F-4BC3-84B8-65F423B2D798}
Acrobat.com—>C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com—>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR—>C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX—>C:WindowsSysWOW64MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WindowsSysWOW64MacromedFlashuninstall_plugin.exe
Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Aion — Collector’s Edition—>»C:Program Files (x86)Steamsteam.exe» steam://uninstall/29650
ArtMoney SE v7.31—>»C:Program Files (x86)ArtMoneyUninstallunins000.exe»
ATI Catalyst Control Center—>RunDll32 C:PROGRA~2COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program Files (x86)InstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x9
AutoCombats.info—>»C:Program Files (x86)AutoCombats.infounins000.exe»
avast! Pro Antivirus—>C:Program FilesAlwil SoftwareAvast5aswRunDll.exe «C:Program FilesAlwil SoftwareAvast5Setupsetiface.dll» RunSetup
BS.Player FREE—>»C:Program Files (x86)WebtehBSplayeruninstall.exe»
BS_Player Toolbar—>C:PROGRA~2BS_PLA~1UNWISE.EXE /U C:PROGRA~2BS_PLA~1INSTALL.LOG
Call of Duty(R) 4 — Modern Warfare(TM) 1.1 Patch—>C:Program Files (x86)InstallShield Installation Information{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM) 1.2 Patch—>C:Program Files (x86)InstallShield Installation Information{E5141379-B2D9-4BBC-BB2A-5805541571DD}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM) 1.3 Patch—>C:Program Files (x86)InstallShield Installation Information{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM) 1.4 Patch—>C:Program Files (x86)InstallShield Installation Information{3BD633E0-4BF8-4499-9149-88F0767D449C}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM) 1.5 Singleplayer Patch—>C:Program Files (x86)InstallShield Installation Information{D1B7EF59-A3E2-452A-882E-076E1A18D94A}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM) 1.6 Patch—>C:Program Files (x86)InstallShield Installation Information{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM) 1.7 Patch—>C:Program Files (x86)InstallShield Installation Information{931C37FC-594D-43A9-B10F-A2F2B1F03498}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM)—>C:Program Files (x86)InstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0409
Choice Guard—>MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system—>MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Consumer In-Home Service Agreement—>MsiExec.exe /I{F47C37A4-7189-430A-B81D-739FF8A7A554}
Crysis WARHEAD(R)—>»C:ProgramData{0691F710-1ECA-4B5A-9727-25554F1BFDC6}setup.exe» REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)—>C:ProgramData{0691F710-1ECA-4B5A-9727-25554F1BFDC6}setup.exe
Crysis—>»C:Program Files (x86)Steamsteam.exe» steam://uninstall/17300
Dell Getting Started Guide—>MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Digital Line Detect—>C:Program Files (x86)InstallShield Installation Information{E646DCF0-5A68-11D5-B229-002078017FBF}setup.exe -runfromtemp -l0x0009 -removeonly
Dragon Age: Origins—>C:Program Files (x86)Common FilesBioWareUninstall Dragon Age.exe
EA Download Manager—>C:PROGRA~2COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1049
EDocs—>RunDll32 C:PROGRA~2COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program Files (x86)InstallShield Installation Information{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}setup.exe»
F.E.A.R. 2 — Project Origin v1.0 R-E—>»C:GamesFEAR 2 Project Originunins000.exe»
GameSpy Comrade—>MsiExec.exe /X{894084B6-BC69-43B7-BF06-B93AECFEA520}
Google Toolbar for Internet Explorer—>»C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarManager_E85CDE7661A53A6A.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>c:WindowsSysWOW64msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>c:WindowsSysWOW64msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=»»
InstallMgr—>MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
Java(TM) 6 Update 14—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update—>MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Left 4 Dead 2—>»C:Program Files (x86)Steamsteam.exe» steam://uninstall/550
Left 4 Dead—>»C:Program Files (x86)Steamsteam.exe» steam://uninstall/500
Legend — Hand Of God—>»C:Program Files (x86)Legend — Hand Of Godunins000.exe»
Lineage II — PTS—>C:Program Files (x86)InstallShield Installation Information{5C26ABF3-B560-42CD-9144-6422595C5943}setup.exe -runfromtemp -l0x0009 -removeonly
Lineage II—>C:Program Files (x86)InstallShield Installation Information{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}setup.exe -runfromtemp -l0x0009 -removeonly
Logitech Desktop Messenger—>RunDll32 C:PROGRA~2COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program Files (x86)InstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}Setup.exe» -l0x9 UNINSTALL
Mail.Ru Агент 5.5 (сборка 2842, для всех пользователей)—>C:Program Files (x86)Mail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.1.0.4—>c:program files (x86)mail.rusputnikSputnikInstaller.exe -uninstall
Microsoft .NET Framework 1.1 Security Update (KB953297)—>»C:WindowsMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WindowsMicrosoft.NETFrameworkv1.1.4322UpdatesM953297M953297Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Default Manager—>MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft Games for Windows — LIVE —>MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office PowerPoint Viewer 2007 (English)—>MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack—>MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]—>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)—>MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)—>MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WindowsINFwmv9vcm.inf, Uninstall
Microsoft Works—>MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mouse Suite for Desktop Computers—>C:Program Files (x86)InstallShield Installation Information{448E2D77-E504-4221-B2C2-93646B344729}setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.5.8)—>C:Program Files (x86)Mozilla Firefoxuninstallhelper.exe
MSN Toolbar—>»C:Program Files (x86)MicrosoftSearch Enhancement PackInstallMgrInstallMgr.exe»
MSN Toolbar—>MsiExec.exe /X{D0E604A0-5C90-4212-88B5-2AFCFF134FB5}
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NCsoft Launcher—>»C:Program Files (x86)InstallShield Installation Information{30349EFD-29C6-471B-B720-10D805B2D9F3}setup.exe» -runfromtemp -l0x0009 -removeonly
NetWaiting—>C:Program Files (x86)InstallShield Installation Information{3F92ABBB-6BBF-11D5-B229-002078017FBF}setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA PhysX—>MsiExec.exe /X{506DDFBE-983F-4BC3-84B8-65F423B2D798}
OpenAL—>»C:Program Files (x86)OpenALOpenALwEAX.exe» /U /S
PunkBuster Services—>C:Windowssystem32pbsvc.exe -u
Runes of Magic—>»C:Program Files (x86)Runes of Magicunins000.exe»
Sacred 2—>MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Skype web features—>MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SpyHunter—>»C:Program Files (x86)Enigma Software GroupSpyHunterUninstall.exe» «C:Program Files (x86)Enigma Software GroupSpyHunterinstall.log» -u
?iaaen.Aa? aey Internet Explorer 3.5.4—>»C:Program Files (x86)YandexYandexBarIEunins000.exe»
STALKER: Clear Sky—>»C:Program Files (x86)Steamsteam.exe» steam://uninstall/20510
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition—>MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2—>»C:Program Files (x86)Steamsteam.exe» steam://uninstall/440
TimeZero client 7.0.0—>»C:Program Files (x86)TimeZerounins000.exe»
Trophy Bass 2007—>»C:Program Files (x86)Trophy Bass 2007unins000.exe»
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>c:WindowsSysWOW64msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Windows Live Call—>MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform—>MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials—>C:Program Files (x86)Windows LiveInstallerwlarp.exe
Windows Live Essentials—>MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail—>MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger—>MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery—>MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant—>MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Sync—>MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar—>MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool—>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer—>MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
WinRAR archiver—>C:Program Files (x86)WinRARuninstall.exe
Яндекс.Бар для Internet Explorer 4.2.0—>»C:Program Files (x86)YandexYandexBarIEunins000.exe»

======Hosts File======

127.0.0.1 localhost
::1 localhost
127.0.0.1 preymaster.humanhead.com

======Security center information======

AV: Trend Micro Internet Security
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: PIONER-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user PIONER-PCPIONER SID (S-1-5-21-1049547293-2946452347-4184033027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 42622
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090930020938.000000-000
Event Type: Error
User: PIONER-PCPIONER

Computer Name: PIONER-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 42627
Source Name: Tcpip
Time Written: 20090930045902.047000-000
Event Type: Warning
User:

Computer Name: PIONER-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user PIONER-PCPIONER SID (S-1-5-21-1049547293-2946452347-4184033027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 42634
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090930071910.000000-000
Event Type: Error
User: PIONER-PCPIONER

Computer Name: PIONER-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user PIONER-PCPIONER SID (S-1-5-21-1049547293-2946452347-4184033027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 42637
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090930072210.000000-000
Event Type: Error
User: PIONER-PCPIONER

Computer Name: PIONER-PC
Event Code: 6008
Message: The previous system shutdown at 11:22:15 on 30.09.2009 was unexpected.
Record Number: 42665
Source Name: EventLog
Time Written: 20090930192728.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: PIONER-PC
Event Code: 10
Message: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 6617
Source Name: Microsoft-Windows-WMI
Time Written: 20100317063144.000000-000
Event Type: Error
User:

Computer Name: PIONER-PC
Event Code: 6000
Message: The winlogon notification subscriber was unavailable to handle a notification event.
Record Number: 6618
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100317063236.000000-000
Event Type: Warning
User:

Computer Name: PIONER-PC
Event Code: 6000
Message: The winlogon notification subscriber was unavailable to handle a notification event.
Record Number: 6621
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100317063237.000000-000
Event Type: Warning
User:

Computer Name: PIONER-PC
Event Code: 10
Message: Event filter with query «SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA «Win32_Processor» AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace «//./root/CIMV2» because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 6640
Source Name: Microsoft-Windows-WMI
Time Written: 20100317063651.000000-000
Event Type: Error
User:

Computer Name: PIONER-PC
Event Code: 1000
Message: Faulting application STacSV64.exe, version 1.0.6017.1, time stamp 0x4835e75e, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791ad6b, exception code 0xc0000005, fault offset 0x0000000000003237, process id 0xc, application start time 0x01cac59c0260dfdc.
Record Number: 6650
Source Name: Application Error
Time Written: 20100317091329.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: PIONER-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-1049547293-2946452347-4184033027-1000
Account Name: PIONER
Account Domain: PIONER-PC
Logon ID: 0x27c3d14

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 29415
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100317153004.983600-000
Event Type: Audit Success
User:

Computer Name: PIONER-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PIONER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-1049547293-2946452347-4184033027-1000
Account Name: PIONER
Account Domain: PIONER-PC
Logon ID: 0x27c3d07
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x384
Process Name: C:WindowsSystem32winlogon.exe

Network Information:
Workstation Name: PIONER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: —
Package Name (NTLM only): —
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
— Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
— Transited services indicate which intermediate services have participated in this logon request.
— Package name indicates which sub-protocol was used among the NTLM protocols.
— Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 29416
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100317153004.983600-000
Event Type: Audit Success
User:

Computer Name: PIONER-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-1049547293-2946452347-4184033027-1000
Account Name: PIONER
Account Domain: PIONER-PC
Logon ID: 0x27c3d07

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 29417
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100317153004.983600-000
Event Type: Audit Success
User:

Computer Name: PIONER-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PIONER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-1049547293-2946452347-4184033027-1000
Account Name: PIONER
Account Domain: PIONER-PC
Logon ID: 0x27c3d14
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x384
Process Name: C:WindowsSystem32winlogon.exe

Network Information:
Workstation Name: PIONER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: —
Package Name (NTLM only): —
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
— Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
— Transited services indicate which intermediate services have participated in this logon request.
— Package name indicates which sub-protocol was used among the NTLM protocols.
— Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 29418
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100317153004.983600-000
Event Type: Audit Success
User:

Computer Name: PIONER-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-1049547293-2946452347-4184033027-1000
Account Name: PIONER
Account Domain: PIONER-PC
Logon ID: 0x27c3d07

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 29419
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100317153004.983600-000
Event Type: Audit Success
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program Files (x86)ATI TechnologiesATI.ACECore-Static
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=AMD64
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
«PROCESSOR_REVISION»=170a
«NUMBER_OF_PROCESSORS»=4
«TRACE_FORMAT_SEARCH_PATH»=\NTREL202.ntdev.corp.microsoft.com34FB5F65-FFEB-4B61-BF0E-A6A76C450FAATraceFormat
«DFSTRACINGON»=FALSE

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Для начала, пришлите нам файл ave.exe, который находится в папке C:UsersPIONERAppDataLocal для анализа.
Кликните Пуск, Выполнить, Введите

C:UsersPIONERAppDataLocal

Откроется содержимое калога Local.
Найдите файл ave.exe и добавьте его в ахив (Клик правой клавишей, Отправить).
Получившийся архив присоедините к вашему сообщению исползуя функцию Добавить вложения.

Далее.
Кликните Пуск, Выполнить.
Введите command и нажмите Enter.
Откроется командная консоль.
Введите notepad и нажмите Enter.
Вставьте в блокнот следующий текст:

[Version]
Signature=»$Chicago$»
Provider=spyware-ru.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, SoftwareClasses.exe
HKCU, SoftwareClassessecfile
HKCR, secfile
HKCR, .exeshellopencommand

[regsec1]
HKCR, exefileshellopencommand,,,»»»%1″» %*»
HKCR, .exe,,,»exefile»
HKCR, .exe,»Content Type»,,»application/x-msdownload»

Запишите получившийся файл на ваш рабочий стол под именем fix.inf. При этом в диалоге Сохранить как, не забудьте выбрать тип файлов Все файлы.
Закройте блокнот.
Кликните правой клавишей по созданному нами файлу и выберите Установить.
Перезапустите компьютер.

Жду от вас свежий RSIT лог.

[Tyzz]

Спасибо огромнейшое!! Если вам чтонебудь понадобится,вседа можете на меня расчитовать.

[Gubachanus]

Файл однозначно заражён))))
Док-во:
http://www.virustotal.com/ru/analisis/0c7b8dfe777daf78cf1968899d358bea24cce261f574d7ee07088ccf2e0ca526-1268862864

[Admin]

Спасибо огромнейшое!!

Рад вам помочь 🙂
Только не вижу свежий RSIT лог, который необходим для проверки.

[Автор]

Сообщения