taskmgr.exe Грузит процессор под 40-50% Помогите..

[Аноним]

taskmgr.exe процесс жутко нагружает процессор до этого explorer.exe еще нагружал проц. но применив Dr.Web CureIt! проблема вроде как отпала.комп виснет на элементарнейших операциях.в безопасном режиме все работает на ура.подскажите что делать?

Logfile of random’s system information tool 1.08 (written by random/random)
Run by Мама at 2011-01-06 14:38:21
Microsoft Windows 7 Максимальная
System drive C: has 20 GB (41%) free of 50 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:38:56, on 06.01.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:Windowssystem32taskhost.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesIObitAdvanced SystemCare 3AWC.exe
C:Program FilesConexantAdsldslstat.exe
C:Program FilesConexantAdsldslagent.exe
C:Program FilesVKSaverVKSaverUpdater.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesApoint2KApMsgFwd.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesApoint2KApntex.exe
C:Windowssystem32conhost.exe
C:Program FilesOperaopera.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:UsersМамаDesktopRSIT.exe
C:Program Filestrend microМама.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office14GROOVEEX.DLL
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: URLRedirectionBHO — {B4F3A835-0E21-4959-BA22-42B3008E02FF} — C:PROGRA~1MICROS~2Office14URLREDIR.DLL
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: link filter bho — {E33CF602-D945-461A-83F0-819F76A199F8} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O4 — HKLM..Run: [DSLSTATEXE] C:Program FilesConexantAdsldslstat.exe icon
O4 — HKLM..Run: [DSLAGENTEXE] C:Program FilesConexantAdsldslagent.exe
O4 — HKLM..Run: [VKSaverUpdater] C:Program FilesVKSaverVKSaverUpdater.exe
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [BCSSync] «C:Program FilesMicrosoft OfficeOffice14BCSSync.exe» /DelayServices
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [Google Update] «C:UsersМамаAppDataLocalGoogleUpdateGoogleUpdate.exe» /c
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: &Отправить в OneNote — res://C:PROGRA~1MICROS~2Office14ONBttnIE.dll/105
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office14EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2010ie_banner_deny.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program FilesMicrosoft OfficeOffice14ONBttnIE.dll
O9 — Extra button: &Виртуальная клавиатура — {4248FE82-7FCB-46AC-B270-339F08212110} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: &Связанные заметки OneNote — {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 — Extra ‘Tools’ menuitem: &Связанные заметки OneNote — {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Проверка ссы&лок — {CCF151D8-D089-449F-A5A4-D9909053F20F} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O16 — DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) — file:///C:/Program%20Files/Windows%20Sidebar/Shared%20Gadgets/xplugCam.gadget/en-US/xplug.ocx
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{63AE48CC-E8E2-41BB-9F02-65AC1262B5B2}: NameServer = 217.20.80.40 212.96.192.1
O17 — HKLMSystemCS1ServicesTcpip..{63AE48CC-E8E2-41BB-9F02-65AC1262B5B2}: NameServer = 217.20.80.40 212.96.192.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter hijack: text/xml — {807573E5-5146-11D5-A672-00B0D022E945} — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O20 — AppInit_DLLs: c:windowssystem32vksaver.dll,c:progra~1kasper~1kasper~2mzvkbd3.dll,c:progra~1kasper~1kasper~2kloehk.dll
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: ServiceLayer — Nokia — C:Program FilesPC Connectivity SolutionServiceLayer.exe

—
End of file — 7448 bytes

======Scheduled tasks folder======

C:WindowstasksAWC AutoSweep.job
C:WindowstasksAWC Startup.job
C:WindowstasksAWC Update.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-71602154-1106296546-44596729-1000Core.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-71602154-1106296546-44596729-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office14GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2010-08-28 165184]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler — C:PROGRA~1MICROS~2Office14URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«DSLSTATEXE»=C:Program FilesConexantAdsldslstat.exe [2005-08-25 344064]
«DSLAGENTEXE»=C:Program FilesConexantAdsldslagent.exe [2005-08-25 65536]
«VKSaverUpdater»=C:Program FilesVKSaverVKSaverUpdater.exe [2010-03-06 56832]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-10-20 340456]
«Apoint»=C:Program FilesApoint2KApoint.exe [2010-09-15 233472]
«BCSSync»=C:Program FilesMicrosoft OfficeOffice14BCSSync.exe [2010-03-13 91520]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-05-14 248552]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-09-23 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-09-20 932288]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2010-11-29 421888]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2009-07-14 1173504]
«Google Update»=C:UsersМамаAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-10-14 136176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccleaner]
C:Program FilesCCleanerccleaner.exe [2010-08-27 1779512]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInfium]
C:Program FilesQIP 2010qip.exe /autorun []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»c:windowssystem32vksaver.dll,c:progra~1kasper~1kasper~2mzvkbd3.dll,c:progra~1kasper~1kasper~2kloehk.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WebCheck — {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office14GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=credssp.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAFD]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«ConsentPromptBehaviorAdmin»=0
«ConsentPromptBehaviorUser»=3
«EnableLUA»=0
«EnableUIADesktopToggle»=0
«PromptOnSecureDesktop»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=60

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

======File associations======

.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*

======List of files/folders created in the last 1 months======

2011-01-06 14:38:21 —-D—- C:rsit
2011-01-06 05:52:24 —-A—- C:Windowssystem32driversavgntflt.sys
2011-01-06 05:52:17 —-D—- C:Program FilesAvira
2011-01-06 05:01:50 —-D—- C:Program FilesTrend Micro
2011-01-06 04:11:49 —-D—- C:Program FilesTrue Sword 5
2011-01-06 03:49:55 —-D—- C:Program FilesHeavenWard
2011-01-06 03:26:16 —-D—- C:ProgramDataSecTaskMan
2011-01-02 03:22:18 —-AD—- C:ProgramDataTEMP
2011-01-02 03:21:52 —-D—- C:UsersМамаAppDataRoamingwinxzip
2011-01-02 01:35:34 —-A—- C:Windowsntbtlog.txt
2010-12-24 20:29:31 —-D—- C:ProgramDataApple Computer
2010-12-19 16:44:57 —-D—- C:Program FilesCommon FilesAdobe
2010-12-19 16:44:56 —-D—- C:Program FilesAdobe
2010-12-19 14:21:03 —-D—- C:ProgramDataAdobe
2010-12-17 16:21:13 —-A—- C:Windowssystem32webio.dll
2010-12-17 16:20:59 —-A—- C:Windowssystem32tzres.dll
2010-12-17 16:19:50 —-A—- C:Windowssystem32iertutil.dll
2010-12-17 16:19:49 —-A—- C:Windowssystem32mstime.dll
2010-12-17 16:19:48 —-A—- C:Windowssystem32mshtml.dll
2010-12-17 16:19:47 —-A—- C:Windowssystem32ieframe.dll
2010-12-17 16:19:44 —-A—- C:Windowssystem32wininet.dll
2010-12-17 16:19:44 —-A—- C:Windowssystem32urlmon.dll
2010-12-17 16:19:44 —-A—- C:Windowssystem32msfeeds.dll
2010-12-17 16:19:44 —-A—- C:Windowssystem32iedkcs32.dll
2010-12-17 16:19:43 —-A—- C:Windowssystem32mshtmled.dll
2010-12-17 16:19:43 —-A—- C:Windowssystem32msfeedssync.exe
2010-12-17 16:19:43 —-A—- C:Windowssystem32msfeedsbs.dll
2010-12-17 16:19:43 —-A—- C:Windowssystem32licmgr10.dll
2010-12-17 16:19:43 —-A—- C:Windowssystem32ieui.dll
2010-12-17 16:19:43 —-A—- C:Windowssystem32iepeers.dll
2010-12-17 16:19:42 —-A—- C:Windowssystem32jsproxy.dll
2010-12-17 16:19:36 —-A—- C:Windowssystem32wmicmiplugin.dll
2010-12-17 16:19:36 —-A—- C:Windowssystem32taskschd.dll
2010-12-17 16:19:36 —-A—- C:Windowssystem32schedsvc.dll
2010-12-17 16:19:35 —-A—- C:Windowssystem32taskeng.exe
2010-12-17 16:19:35 —-A—- C:Windowssystem32taskcomp.dll
2010-12-17 16:19:35 —-A—- C:Windowssystem32schtasks.exe
2010-12-17 16:19:24 —-A—- C:Windowssystem32atmlib.dll
2010-12-17 16:19:24 —-A—- C:Windowssystem32atmfd.dll
2010-12-17 16:19:21 —-A—- C:Windowssystem32consent.exe
2010-12-17 16:19:20 —-A—- C:Windowssystem32win32k.sys
2010-12-16 07:01:26 —-A—- C:Windowssystem32javaws.exe
2010-12-16 07:01:26 —-A—- C:Windowssystem32javaw.exe
2010-12-16 07:01:26 —-A—- C:Windowssystem32java.exe
2010-12-13 00:28:43 —-D—- C:Program FilesVeetle

======List of files/folders modified in the last 1 months======

2011-01-06 14:38:56 —-D—- C:WindowsPrefetch
2011-01-06 14:38:46 —-D—- C:WindowsTemp
2011-01-06 14:38:27 —-SHD—- C:System Volume Information
2011-01-06 14:11:47 —-HD—- C:ProgramData
2011-01-06 14:11:42 —-D—- C:Windowssystem32drivers
2011-01-06 14:11:12 —-D—- C:WindowsSystem32
2011-01-06 14:11:12 —-A—- C:Windowssystem32PerfStringBackup.INI
2011-01-06 14:11:11 —-D—- C:Windowsinf
2011-01-06 14:05:35 —-D—- C:Windowssystem32config
2011-01-06 14:03:55 —-D—- C:ProgramDataKaspersky Lab
2011-01-06 13:59:30 —-D—- C:Windows
2011-01-06 13:10:37 —-RASHD—- C:Windowsactofvl
2011-01-06 05:52:17 —-RD—- C:Program Files
2011-01-06 05:39:17 —-SHD—- C:WindowsInstaller
2011-01-06 05:39:15 —-HD—- C:Config.Msi
2011-01-06 05:37:02 —-D—- C:Windowssystem32Tasks
2011-01-06 05:37:01 —-D—- C:WindowsTasks
2011-01-06 05:01:52 —-SD—- C:UsersМамаAppDataRoamingMicrosoft
2011-01-06 03:18:21 —-D—- C:UsersМамаAppDataRoamingUniblue
2011-01-06 02:54:38 —-SD—- C:ProgramDataMicrosoft
2011-01-06 02:06:00 —-D—- C:Program FilesAsk.com
2011-01-05 13:24:37 —-D—- C:Program FilesOpera
2011-01-02 15:09:39 —-D—- C:Windowssystem32wfp
2011-01-02 15:09:39 —-D—- C:Windowssystem32DriverStore
2011-01-02 15:09:39 —-D—- C:Windowssystem32catroot2
2011-01-02 15:09:38 —-D—- C:Windowssystem32wbem
2011-01-02 15:09:38 —-D—- C:Windowsregistration
2011-01-02 14:33:54 —-RD—- C:Program FilesSkype
2011-01-02 14:33:54 —-D—- C:Program FilesCommon FilesSkype
2011-01-02 14:33:49 —-D—- C:UsersМамаAppDataRoamingSkype
2011-01-02 14:32:18 —-D—- C:Windowssystem32LogFiles
2011-01-02 05:23:06 —-D—- C:Program FilesVKSaver
2011-01-01 00:31:56 —-D—- C:UsersМамаAppDataRoamingskypePM
2010-12-24 20:35:54 —-D—- C:Program FilesQuickTime
2010-12-19 16:44:57 —-D—- C:Program FilesCommon Files
2010-12-19 09:26:09 —-D—- C:Program FilesMicrosoft Silverlight
2010-12-18 19:57:54 —-D—- C:Windowsdebug
2010-12-18 11:04:39 —-D—- C:Windowsrescache
2010-12-18 10:25:20 —-D—- C:Windowswinsxs
2010-12-18 06:53:21 —-D—- C:Program FilesWindows Mail
2010-12-18 06:53:20 —-D—- C:Windowssystem32en-US
2010-12-18 06:53:19 —-D—- C:Windowssystem32ru-RU
2010-12-18 06:53:17 —-D—- C:Program FilesInternet Explorer
2010-12-18 06:53:16 —-D—- C:Windowssystem32migration
2010-12-17 23:40:02 —-A—- C:Windowssystem32MRT.exe
2010-12-17 16:06:53 —-D—- C:Windowssystem32catroot
2010-12-17 08:26:32 —-D—- C:ProgramDataMicrosoft Help
2010-12-16 06:58:52 —-D—- C:Program FilesJava
2010-12-12 06:30:20 —-D—- C:Program FilesMozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 klbg;Kaspersky Lab Boot Guard Driver; C:Windowssystem32driversklbg.sys [2009-10-14 36880]
R0 pciide;pciide; C:Windowssystem32DRIVERSpciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:WindowsSystem32driversrdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%system32cscsvc.dll,-202; C:Windowssystem32driverscsc.sys [2009-07-14 387584]
R1 kl1;kl1; C:Windowssystem32DRIVERSkl1.sys [2009-09-01 128016]
R1 KLIF;Kaspersky Lab Driver; C:Windowssystem32DRIVERSklif.sys [2010-09-11 311312]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:Windowssystem32DRIVERSklim6.sys [2009-11-03 21520]
R2 Parvdm;Parvdm; C:Windowssystem32DRIVERSparvdm.sys [2009-07-14 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:Windowssystem32DRIVERSApfiltr.sys [2010-09-15 212528]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:Windowssystem32DRIVERSklmouflt.sys [2009-10-02 19472]
R3 LVRS;Logitech RightSound Filter Driver; C:Windowssystem32DRIVERSlvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:Windowssystem32driversLVUSBSta.sys [2008-07-26 41752]
R3 pepifilter;Volume Adapter; C:Windowssystem32DRIVERSlv302af.sys [2008-07-26 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:Windowssystem32DRIVERSLV302V32.SYS [2008-07-26 2570520]
R3 RTL8167;Realtek 8167 NT Driver; C:Windowssystem32DRIVERSRt86win7.sys [2010-06-23 275048]
R3 wanusb;Conexant USB ADSL WAN Modem; C:Windowssystem32DRIVERSgwausbV.sys [2007-05-05 159232]
R4 avgntflt;avgntflt; C:Windowssystem32DRIVERSavgntflt.sys [2009-11-25 56816]
S3 aic78xx;aic78xx; C:Windowssystem32DRIVERSdjsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:Windowssystem32DRIVERSamdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2009-07-14 229888]
S3 nmwcd;Nokia USB Phone Parent; C:Windowssystem32driversccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:Windowssystem32driversccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:WindowsSystem32driversrdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:Windowssystem32DRIVERSvms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:Windowssystem32DRIVERSsisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:Windowssystem32DRIVERSstorvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:Windowssystem32driversusbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:Windowssystem32DRIVERSusbser_lowerfltj.sys [2010-02-26 8192]
S3 viaagp;VIA AGP Bus Filter; C:Windowssystem32DRIVERSviaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:Windowssystem32DRIVERSviac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%system32vmbusres.dll,-1000; C:Windowssystem32DRIVERSvmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:Windowssystem32DRIVERSVMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-10-20 340456]
R2 CscService;@%systemroot%system32cscsvc.dll,-200; C:WindowsSystem32svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2010-07-09 129640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:Program FilesMicrosoft OfficeOffice14GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%system32peerdistsvc.dll,-9000; C:WindowsSystem32svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2010-06-14 615936]
S3 UmRdpService;@%SystemRoot%system32umrdp.dll,-1000; C:WindowsSystem32svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%system32WatWatUX.exe,-601; C:Windowssystem32WatWatAdminSvc.exe [2010-09-01 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:Windowssystem32svchost.exe [2009-07-14 20992]

---

EOF

---

[Helper]

Здравствуйте!
такой лог сделайте и прикрепите

[Аноним]

вот пожалуйста…. очень долго лог делал. около 36 часов((

ComboFix 11-01-07.01 — Мама 10.01.2011 3:09.3.2 — x86
Microsoft Windows 7 Максимальная 6.1.7600.0.1251.7.1049.18.2046.1344 [GMT 5:00]
Running from: c:usersМамаDesktopComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32vksaver.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 03:32 . 2011-01-11 04:21

---

d

---

w- c:usersМамаAppDataLocaltemp
2011-01-11 03:32 . 2011-01-11 03:45

---

d

---

w- c:usersСергейAppDataLocaltemp
2011-01-11 03:32 . 2011-01-11 03:32

---

d

---

w- c:usersDefaultAppDataLocaltemp
2011-01-09 21:46 . 2011-01-09 21:48

---

d

---

w- C:32788R22FWJFW
2011-01-07 21:24 . 2010-11-10 04:33 6273872 —-a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{401B4843-AB93-4D37-83F4-D4278237222D}mpengine.dll
2011-01-07 10:45 . 2011-01-07 10:45

---

d

---

w- c:windowsSun
2011-01-06 09:38 . 2011-01-06 09:38

---

d

---

w- C:rsit
2011-01-06 00:52 . 2009-11-25 07:19 56816 —-a-w- c:windowssystem32driversavgntflt.sys
2011-01-06 00:01 . 2011-01-06 00:01 388096 —-a-r- c:usersМамаAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2011-01-06 00:01 . 2011-01-06 09:38

---

d

---

w- c:program filesTrend Micro
2011-01-05 23:11 . 2011-01-06 00:35

---

d

---

w- c:program filesTrue Sword 5
2011-01-05 22:49 . 2011-01-05 22:49

---

d

---

w- c:program filesHeavenWard
2011-01-05 22:26 . 2011-01-05 22:26

---

d

---

w- c:programdataSecTaskMan
2011-01-05 22:15 . 2011-01-05 22:15

---

d

---

w- c:usersМамаAppDataLocalPackageAware
2011-01-01 23:11 . 2011-01-02 15:26

---

d

---

w- c:usersМамаDoctorWeb
2011-01-01 22:21 . 2011-01-06 08:10

---

d

---

w- c:usersМамаAppDataRoamingwinxzip
2011-01-01 21:16 . 2007-02-07 06:09 20480 —-a-w- c:program filesWindows SidebarShared GadgetsLenteAumento.gadgetLupa.dll
2011-01-01 21:16 . 2007-02-18 15:34 24576 —-a-w- c:program filesWindows SidebarShared GadgetsDesktopWallpaperv1.0.0.0.gadgetWallpaper.dll
2011-01-01 21:16 . 2007-02-21 18:17 36864 —-a-w- c:program filesWindows SidebarShared GadgetsClipboardHistory.gadgetClipboardHistoryAXCom.HonzaZeman.ClipboardHistory.dll
2011-01-01 21:16 . 2007-01-28 12:18 20480 —-a-w- c:program filesWindows SidebarShared GadgetsAsteroidsv1.0.0.0.gadgetDSXLib.dll
2010-12-24 15:29 . 2010-12-24 15:29

---

d

---

w- c:programdataApple Computer
2010-12-24 13:52 . 2010-12-24 13:52 176488 —-a-w- c:programdataMicrosoftWindowsSqmManifestSqm10136.bin
2010-12-19 11:44 . 2010-12-19 11:45

---

d

---

w- c:program filesCommon FilesAdobe
2010-12-19 09:35 . 2010-12-19 11:39

---

d

---

w- c:usersСергейAppDataLocalAdobe
2010-12-17 11:21 . 2010-10-16 04:36 314368 —-a-w- c:windowssystem32webio.dll
2010-12-17 11:21 . 2010-10-12 04:25 516096 —-a-w- c:program filesWindows Mailwab.exe
2010-12-17 11:20 . 2010-10-27 04:32 2048 —-a-w- c:windowssystem32tzres.dll
2010-12-12 19:28 . 2010-12-12 19:29

---

d

---

w- c:program filesVeetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 00:01 . 2011-01-06 00:01 388096 —-a-r- c:usersМамаAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2011-01-06 00:01 . 2011-01-06 00:01 388096 —-a-r- c:usersМамаAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-11-29 12:38 . 2010-11-29 12:38 94208 —-a-w- c:windowssystem32QuickTimeVR.qtx
2010-11-29 12:38 . 2010-11-29 12:38 69632 —-a-w- c:windowssystem32QuickTime.qts
2010-11-12 13:53 . 2010-10-28 06:23 472808 —-a-w- c:windowssystem32deployJava1.dll
2010-10-19 05:41 . 2010-08-31 13:37 222080 —-a-w- c:windowssystem32MpSigStub.exe
2010-10-01 20:15 2048 —sha-w- c:windowsactofvlclip.exe
2010-10-01 20:15 127232 —sha-w- c:windowsactofvlosppc.dll
2010-10-01 20:15 14176 —sha-w- c:windowsactofvlospprearm.exe
2010-10-01 20:16 72738 —sha-w- c:windowsactofvlUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2009-07-14 1173504]
«Google Update»=»c:usersМамаAppDataLocalGoogleUpdateGoogleUpdate.exe» [2010-10-14 136176]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«DSLSTATEXE»=»c:program filesConexantAdsldslstat.exe» [2005-08-25 344064]
«DSLAGENTEXE»=»c:program filesConexantAdsldslagent.exe» [2005-08-25 65536]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2010avp.exe» [2009-10-20 340456]
«Apoint»=»c:program filesApoint2KApoint.exe» [2010-09-15 233472]
«BCSSync»=»c:program filesMicrosoft OfficeOffice14BCSSync.exe» [2010-03-13 91520]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-05-14 248552]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-09-22 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-09-20 932288]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-11-29 421888]

c:users‘ҐаЈҐ©AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Auto Activate Office 2010 VL.lnk — c:windowsactofvlaaovl.exe [N/A]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«ConsentPromptBehaviorAdmin»= 0 (0x0)
«ConsentPromptBehaviorUser»= 3 (0x3)
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)
«PromptOnSecureDesktop»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~2mzvkbd3.dll c:progra~1KASPER~1KASPER~2kloehk.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccleaner]
2010-08-26 19:23 1779512 —-a-w- c:program filesCCleanerCCleaner.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2010-11-29 12:38 421888 —-a-w- c:program filesQuickTimeQTTask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:program filesMicrosoft OfficeOffice14GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Служба технологий активации Windows;c:windowssystem32WatWatAdminSvc.exe [2010-08-31 1343400]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2009-11-03 21520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32DRIVERSklmouflt.sys [2009-10-02 19472]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2010-06-23 275048]

.
Contents of the ‘Scheduled Tasks’ folder

2011-01-11 c:windowsTasksAWC AutoSweep.job
— c:program filesIObitAdvanced SystemCare 3AutoSweep.exe [2010-08-31 10:11]

2011-01-11 c:windowsTasksAWC Startup.job
— c:program filesIObitAdvanced SystemCare 3AWC.exe [2010-08-31 11:10]

2011-01-10 c:windowsTasksAWC Update.job
— c:program filesIObitAdvanced SystemCare 3IObitUpdate.exe [2010-08-31 07:08]
.
.

---

Supplementary Scan

---

.
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = about:blank
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Отправить в OneNote — c:progra~1MICROS~2Office14ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office14EXCEL.EXE/3000
IE: Добавить в Анти-Баннер — c:program filesKaspersky LabKaspersky Internet Security 2010ie_banner_deny.htm
TCP: {63AE48CC-E8E2-41BB-9F02-65AC1262B5B2} = 217.20.80.40 212.96.192.1
Filter: text/xml — {807573E5-5146-11D5-A672-00B0D022E945} — c:program filesCommon Filesmicrosoft sharedOFFICE14MSOXMLMF.DLL
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} — file:///C:/Program%20Files/Windows%20Sidebar/Shared%20Gadgets/xplugCam.gadget/en-US/xplug.ocx
FF — ProfilePath — c:usersМамаAppDataRoamingMozillaFirefoxProfilesu5ehjarq.default
FF — prefs.js: browser.startup.homepage — hxxp://www.smaxi.net
.
— — — — ORPHANS REMOVED — — — —

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)
MSConfigStartUp-Infium — c:program filesQIP 2010qip.exe

.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.

---

Other Running Processes

---

.
c:windowssystem32nvvsvc.exe
c:windowssystem32nvvsvc.exe
c:windowssystem32WUDFHost.exe
c:windowssystem32taskhost.exe
c:windowssystem32conhost.exe
c:program filesApoint2KApMsgFwd.exe
c:program filesApoint2KApntex.exe
c:windowssystem32conhost.exe
.
**************************************************************************
.
Completion time: 2011-01-11 09:42:58 — machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 04:42

Pre-Run: 21 919 752 192 байт свободно
Post-Run: 21 805 887 488 байт свободно

— — End Of File — — 5F70B6687837F19E5F06BFBC079AC0B6

[Helper]

Cкачайте Gmer или с зеркала. Запустите программу. После автоматической экспресс-проверки, отметьте галочкой все жесткие диски и нажмите на кнопку Scan. После окончания проверки сохраните его лог (нажмите на кнопку Save) под каким хотите именем, например Gmer.log и прикрепите лог сюда.

[Автор]

Сообщения