Выскакиевает порно банер на рабочем столе

[betalik]

Проблемма в следуйщем, у босса на компе выскакиевает порно банер на рабочем столе минут через пять полсе работы. А также заблокированы многие exe файлы. Ctrl+alt+del, не пашет также как и реестр.

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Администратор at 2009-11-28 10:30:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (49%) free of 50 GB
Total RAM: 2047 MB (79% free)

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_06binssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-12-07 8523776]
«nwiz»=nwiz.exe /install []
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2008-04-10 16861184]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2007-02-07 71216]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2007-02-07 54832]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-03-13 1443072]
«Logitech Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2007-04-11 56080]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-12-07 81920]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2009-09-05 417792]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2009-10-28 141600]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-06-25 17408]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-03-23 132096]
«LouderIt.exe»=C:Program FilesLouderItLouderIt.exe [2008-02-19 41472]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-07-01 3282432]
«AdobeUpdater»=C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe []
«BlazeServoTool»=C:Program FilesBlazeVideoBlazeDVDMediaDetector.exe [2006-06-29 286720]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech Desktop Messenger.lnk — C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exe

C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Mozilla Thunderbird.lnk — C:Program FilesMozilla Thunderbirdthunderbird.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32IqXlK.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2008-03-21 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-15 239616]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1
«DisableRegistryTools»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«SynchronousMachineGroupPolicy»=0
«SynchronousUserGroupPolicy»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoSMHelp»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil_.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil_.exe:*:Enabled:BlueSoleil»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»

======List of files/folders created in the last 1 months======

2009-11-28 10:30:55 —-D—- C:Program Filestrend micro
2009-11-28 10:30:54 —-D—- C:rsit
2009-11-28 10:21:17 —-D—- C:Avenger
2009-11-28 10:21:17 —-A—- C:avenger.txt
2009-11-28 10:20:39 —-A—- C:zip.exe
2009-11-28 10:20:39 —-A—- C:cleanup.exe
2009-11-28 10:20:39 —-A—- C:cleanup.bat
2009-11-28 10:20:39 —-A—- C:avexport.bat
2009-11-26 18:34:56 —-A—- C:WINDOWSntbtlog.txt
2009-11-24 08:36:54 —-A—- C:WINDOWSsvcoost.exe
2009-11-24 08:36:54 —-A—- C:WINDOWSexxploree.exe
2009-11-21 07:50:20 —-A—- C:WINDOWSModemLog_Bluetooth DUN Modem.txt
2009-11-19 18:49:34 —-D—- C:Documents and SettingsAll UsersApplication DataBluetooth
2009-11-19 18:47:24 —-D—- C:Program FilesIVT Corporation
2009-11-19 18:46:28 —-A—- C:WINDOWSsystem32ptpusd.dll
2009-11-19 18:46:28 —-A—- C:WINDOWSsystem32ptpusb.dll
2009-11-19 11:36:59 —-A—- C:WINDOWSsystem32hidserv.dll
2009-11-18 14:03:47 —-D—- C:Documents and SettingsАдминистраторApplication DataCyberLink
2009-11-18 14:03:45 —-D—- C:Documents and SettingsAll UsersApplication DataCyberLink
2009-11-17 15:26:12 —-A—- C:WINDOWSNeroDigital.ini
2009-11-17 15:26:11 —-D—- C:Documents and SettingsАдминистраторApplication DataMedia Player Classic
2009-11-14 16:50:44 —-D—- C:Documents and SettingsАдминистраторApplication DataApple Computer
2009-11-14 16:50:09 —-A—- C:WINDOWSsystem32GEARAspi.dll
2009-11-14 16:49:13 —-D—- C:Program FilesiPod
2009-11-14 16:49:09 —-D—- C:Program FilesiTunes
2009-11-14 16:49:09 —-D—- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 16:48:46 —-D—- C:Program FilesBonjour
2009-11-14 16:48:29 —-D—- C:Program FilesQuickTime
2009-11-14 16:48:27 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2009-11-14 16:48:20 —-D—- C:Program FilesApple Software Update
2009-11-14 16:46:54 —-D—- C:Program FilesCommon FilesApple
2009-11-14 16:46:54 —-D—- C:Documents and SettingsAll UsersApplication DataApple
2009-11-12 14:43:04 —-D—- C:Documents and SettingsАдминистраторApplication DataThunderbird
2009-11-12 14:42:58 —-D—- C:Program FilesMozilla Thunderbird
2009-11-10 13:45:20 —-A—- C:WINDOWSIsUn0419.exe

======List of files/folders modified in the last 1 months======

2009-11-28 10:30:55 —-RD—- C:Program Files
2009-11-28 10:28:51 —-A—- C:WINDOWSSchedLgU.Txt
2009-11-28 10:21:17 —-D—- C:WINDOWSsystem32drivers
2009-11-28 10:15:46 —-D—- C:WINDOWSTemp
2009-11-28 10:13:29 —-D—- C:WINDOWSPrefetch
2009-11-28 08:17:12 —-SHD—- C:System Volume Information
2009-11-28 08:17:12 —-D—- C:WINDOWSsystem32Restore
2009-11-27 20:23:02 —-D—- C:WINDOWSsystem32
2009-11-27 20:23:02 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-11-27 06:05:30 —-D—- C:11111
2009-11-27 02:08:22 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-26 18:34:56 —-D—- C:WINDOWS
2009-11-26 17:54:23 —-SHD—- C:WINDOWSInstaller
2009-11-26 17:54:10 —-D—- C:Documents and Settings
2009-11-26 17:20:18 —-A—- C:WINDOWSOEWABLog.txt
2009-11-24 08:36:55 —-D—- C:Program FilesICQ6.5
2009-11-21 16:29:34 —-HD—- C:WINDOWSinf
2009-11-19 19:26:36 —-D—- C:WINDOWSsystem32wbem
2009-11-19 10:23:09 —-D—- C:Program FilesUnlocker
2009-11-19 10:08:19 —-D—- C:Documents and SettingsАдминистраторApplication DataDesktopicon
2009-11-17 21:58:40 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-11-14 16:50:09 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-11-14 16:48:42 —-D—- C:Program FilesInternet Explorer
2009-11-14 16:48:21 —-SD—- C:WINDOWSTasks
2009-11-14 16:46:56 —-D—- C:WINDOWSWinSxS
2009-11-14 16:46:54 —-D—- C:Program FilesCommon Files
2009-11-12 14:43:05 —-D—- C:Documents and SettingsАдминистраторApplication DataMozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-03-13 33800]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; ??C:Program FilesCyberLinkPowerDVD00.fcl []
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-03-13 40456]
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-06-05 62336]
R3 akshasp;Aladdin HASP Key; C:WINDOWSsystem32DRIVERSakshasp.sys [2005-07-20 327808]
R3 aksusb;Aladdin USB Key; C:WINDOWSsystem32DRIVERSaksusb.sys [2005-07-20 100096]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:WINDOWSsystem32DRIVERSl251x86.sys [2007-12-21 30720]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2007-03-05 27792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-04-17 4707328]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:WINDOWSsystem32DRIVERSL8042Kbd.sys [2007-04-11 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042mou.Sys [2007-04-11 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouKE.Sys [2007-04-11 79376]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-12-07 7435648]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2008-04-15 5888]
R3 RTSTOR;USB Mass Stroage Device; C:WINDOWSsystem32driversRTSTOR.SYS [2007-09-18 44032]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-06-25 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2007-03-05 44304]
R3 vusb;Virtual Usb Bus Enumerator; C:WINDOWSsystem32driversvusb.sys [2005-11-15 12544]
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; ??C:Program FilesIVT CorporationBlueSoleilDeviceWin2kBTNetFilter.sys []
S3 FBAccess;FBAccess; ??C:DOCUME~19335~1LOCALS~1TempRar$EX00.094FBAccess.sys []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 PciCon;PciCon; ??G:PciCon.sys []
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-22 32384]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2008-03-21 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-21 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-15 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-03-13 472320]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-12-07 155716]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2009-10-28 545568]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2007-02-07 173616]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-23 70144]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-03-13 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2008-03-21 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]

---

EOF

---

[betalik]

info.txt logfile of random’s system information tool 1.06 2009-11-28 10:31:05

======Uninstall list======

—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
1C:Barcode scanner—>MsiExec.exe /I{EA5EB55A-7EEA-4B09-8752-AE5CFBCA7100}
1C:Предприятие 8.1—>MsiExec.exe /I{45FCC729-7789-479D-89A6-CE1AC809ADCA}
7-Zip 4.59 alpha 3—>»C:Program Files7-ZipUninstall.exe»
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee Pro 2—>MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81200000003}
Apple Application Support—>MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support—>MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Blaze DVD Player 6.52—>»C:Program FilesBlazeVideoBlazeDVDunins000.exe»
BlazeDTV 2.5—>»C:Program FilesBlazeVideoBlazeDTV 2.5unins000.exe»
Bluesoleil2.6.0.8 Release 070517—>MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Bonjour—>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CDDRV_Installer—>MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Cpu-z—>C:Program FilesCpu-zuninstall.bat
Download Master version 5.5.4.1133—>»C:Program FilesDownload Masterunins000.exe»
ESET NOD32 Antivirus—>MsiExec.exe /I{B6E1E1DC-6DB4-420D-A80E-C8DF699C25EA}
FastStone Capture 6.1—>»C:Program FilesFastStone Captureunins000.exe»
FastStone Image Viewer 3.5—>»C:Program FilesFastStone Image Viewerunins000.exe»
Foxit Reader—>MsiExec.exe /I{376DA9DC-71B3-4AB7-A80C-8ED02A736172}
HashTab 2.1.0—>C:WINDOWSsystem32ShellExthtdel32.bat
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
iTunes—>MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KhalInstallWrapper—>MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
K-Lite Mega Codec Pack 3.9.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
KMPlayer 2.9.3.1430—>»C:Program FilesThe KMPlayerunins000.exe»
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}SETUP.EXE» -l0x9 UNINSTALL
Logitech Registration—>MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint—>C:Program FilesInstallShield Installation Information{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}setup.exe -runfromtemp -l0x0019 -removeonly
LouderIt 2.0 beta3—>»C:Program FilesLouderItunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Thunderbird (2.0.0.23)—>C:Program FilesMozilla Thunderbirduninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
Opera 9.5.1—>»C:Program FilesOperaunins000.exe»
Path2Clipboard 1.0.7.67—>C:WINDOWSsystem32ShellExtP2Cdel.bat
PowerDVD—>»C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -l0x000409 /z-uninstall
QuickTime—>MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m -nrg2709
Restorator 2007 v3.70 Build 1747 — Retail—>»C:Program FilesRestorator 2007unins000.exe»
Shockwave Player—>MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
Total Commander—>C:Program FilesTotal CommanderUninstall.exe
Ukrainian language for ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /X{9274109B-3F04-4608-8B3E-4AC55B5DDAF1}
UltraISO Premium V9.2—>»C:Program FilesUltraISOunins000.exe»
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Unlocker 1.8.7—>C:Program FilesUnlockeruninst.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Vit Registry Fix 5.3—>C:Program FilesVitSoftVit Registry FixUninstall.exe
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Yahoo! Anti-Spy—>C:PROGRA~1Yahoo!Commonunypsr.exe
Yahoo! Toolbar—>C:PROGRA~1Yahoo!Commonunyt.exe
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Герои Меча и Магии 3.5: Во имя Богов—>C:WINDOWSIsUn0419.exe -ff:gamezгеройUninst.isu
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Элемент управления «1С:Печать штрихкодов»—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{48E6B39F-F686-4327-8BED-0D5AEDF2E56F}

======Hosts File======

127.0.0.1 localhost
127.0.0.1 99.189.54
127.0.0.1 99.189.52
127.0.0.1 99.14.103
127.0.0.1 98.223.73
127.0.0.1 97.80.137
127.0.0.1 95.134.16
127.0.0.1 95.133.8.
127.0.0.1 95.133.23
127.0.0.1 95.133.23

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: OMEN
Event Code: 7036
Message: Служба «Установщик Windows» перешла в состояние Работает.

Record Number: 2617
Source Name: Service Control Manager
Time Written: 20091114164623.000000+120
Event Type: информация
User:

Computer Name: OMEN
Event Code: 7035
Message: Служба «Установщик Windows» успешно отправила управляющий элемент «запустить».

Record Number: 2616
Source Name: Service Control Manager
Time Written: 20091114164623.000000+120
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: OMEN
Event Code: 20
Message: Драйвер принтера Canon MP210 series Printer для Windows NT x86 Version-3 добавлен или обновлен. Файлы:- CNMDR8S.DLL, CNMUI8S.DLL, CNMCP8S.DLL, CNMMH8S.CHM, CNMLR8S.DLL, CNMCB8S.DLL, CNMD58S.DLL, CNMUR8S.DLL, CNMSR8S.DLL, CNMIN8S.INI, CNMPI8S.DLL, CNMSM8S.DLL, CNMSS8S.SMR, CNMSD8S.DLL, CNMSQ8S.DLL, CNMSH8S.CHM, CNMIH8S.CHM, CNMUB8S.DLL, CNMOP8S.DLL, CNMSB8S.DLL, CNB_3160.TBL, CNMP08S.DAT, CNMP18S.DAT, CNMP28S.DAT, CNMFU8S.DLL, CNMLH8S.DLL, CNMPV8S.DLL, CNMSE8S.EXE, CNMBU8S.DLL, CNMBM8S.DLL, CNMBS8S.DLL, CNMVS8S.DLL, CNMW38S.DLL, CNMLR8S0.411, CNMUR8S0.411, CNMSR8S0.411, CNMMH8S0.411, CNMSH8S0.411, CNMIH8S0.411, CNMLR8S0.40c, CNMUR8S0.40c, CNMSR8S0.40c, CNMMH8S0.40c, CNMSH8S0.40c, CNMIH8S0.40c, CNMLR8S0.407, CNMUR8S0.407, CNMSR8S0.407, CNMMH8S0.407, CNMSH8S0.407, CNMIH8S0.407, CNMLR8S0.410, CNMUR8S0.410, CNMSR8S0.410, CNMMH8S0.410, CNMSH8S0.410, CNMIH8S0.410, CNMLR8S0.c0a, CNMUR8S0.c0a, CNMSR8S0.c0a, CNMMH8S0.c0a, CNMSH8S0.c0a, CNMIH8S0.c0a, CNMLR8S0.816, CNMUR8S0.816, CNMSR8S0.816, CNMMH8S0.816, CNMSH8S0.816, CNMIH8S0.816, CNMLR8S0.406, CNMUR8S0.406, CNMSR8S0.406, CNMMH8S0.406, CNMSH8S0.406, CNMIH8S0.406, CNMLR8S0.414, CNMUR8S0.414, CNMSR8S0.414, CNMMH8S0.414, CNMSH8S0.414, CNMIH8S0.414, CNMLR8S0.41D, CNMUR8S0.41D, CNMSR8S0.41D, CNMMH8S0.41D, CNMSH8S0.41D, CNMIH8S0.41D, CNMLR8S0.40b, CNMUR8S0.40b, CNMSR8S0.40b, CNMMH8S0.40b, CNMSH8S0.40b, CNMIH8S0.40b, CNMLR8S0.408, CNMUR8S0.408, CNMSR8S0.408, CNMMH8S0.408, CNMSH8S0.408, CNMIH8S0.408, CNMLR8S0.415, CNMUR8S0.415, CNMSR8S0.415, CNMMH8S0.415, CNMSH8S0.415, CNMIH8S0.415, CNMLR8S0.405, CNMUR8S0.405, CNMSR8S0.405, CNMMH8S0.405, CNMSH8S0.405, CNMIH8S0.405, CNMLR8S0.419, CNMUR8S0.419, CNMSR8S0.419, CNMMH8S0.419, CNMSH8S0.419, CNMIH8S0.419, CNMLR8S0.40e, CNMUR8S0.40e, CNMSR8S0.40e, CNMMH8S0.40e, CNMSH8S0.40e, CNMIH8S0.40e, CNMLR8S0.413, CNMUR8S0.413, CNMSR8S0.413, CNMMH8S0.413, CNMSH8S0.413, CNMIH8S0.413, CNMLR8S0.41F, CNMUR8S0.41F, CNMSR8S0.41F, CNMMH8S0.41F, CNMSH8S0.41F, CNMIH8S0.41F, CNMLR8S0.401, CNMUR8S0.401, CNMSR8S0.401, CNMMH8S0.401, CNMSH8S0.401, CNMIH8S0.401, CNMLR8S0.804, CNMUR8S0.804, CNMSR8S0.804, CNMMH8S0.804, CNMSH8S0.804, CNMIH8S0.804, CNMLR8S0.404, CNMUR8S0.404, CNMSR8S0.404, CNMMH8S0.404, CNMSH8S0.404, CNMIH8S0.404, CNMLR8S0.412, CNMUR8S0.412, CNMSR8S0.412, CNMMH8S0.412, CNMSH8S0.412, CNMIH8S0.412, CNMLR8S0.41E, CNMUR8S0.41E, CNMSR8S0.41E, CNMMH8S0.41E, CNMSH8S0.41E, CNMIH8S0.41E, CNMLR8S0.421, CNMUR8S0.421, CNMSR8S0.421, CNMMH8S0.421, CNMSH8S0.421, CNMIH8S0.421.

Record Number: 2615
Source Name: Print
Time Written: 20091114144714.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEM

Computer Name: OMEN
Event Code: 20
Message: Драйвер принтера HP Color LaserJet CP1215 для Windows NT x86 Version-3 добавлен или обновлен. Файлы:- ZIMFDRV.DLL, ZSDNT5UI.DLL, SDcp1215.SDD, SDcp1215.CHM, XERCES-C.DLL, ZSUXML.DLL, ZJBIG.DLL, SDcp1215.UNZ, SDcp1215.DLL, SUcp1215.DLL, SUcp1215.VER, cp1215PQ.dll, HPAppUsg.dll, ZIMFPRNT.DLL, ZQDPRINT.DLL, ZSDIMF.DLL, ZSDDM.DLL, ZSDDMUI.DLL, ZSR.DLL, ZGDI.DLL, ZSPOOL.DLL, ZTAG.DLL, ZSD.DLL, ZIMF.DLL, SUcp1215.ent.

Record Number: 2614
Source Name: Print
Time Written: 20091114144713.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEM

Computer Name: OMEN
Event Code: 20
Message: Драйвер принтера HP Color LaserJet CP1215 для Windows NT x86 Version-3 добавлен или обновлен. Файлы:- ZIMFDRV.DLL, ZSDNT5UI.DLL, SDcp1215.SDD, SDcp1215.CHM, XERCES-C.DLL, ZSUXML.DLL, ZJBIG.DLL, SDcp1215.UNZ, SDcp1215.DLL, SUcp1215.DLL, SUcp1215.VER, cp1215PQ.dll, HPAppUsg.dll, ZIMFPRNT.DLL, ZQDPRINT.DLL, ZSDIMF.DLL, ZSDDM.DLL, ZSDDMUI.DLL, ZSR.DLL, ZGDI.DLL, ZSPOOL.DLL, ZTAG.DLL, ZSD.DLL, ZIMF.DLL, SUcp1215.ent.

Record Number: 2613
Source Name: Print
Time Written: 20091114144713.000000+120
Event Type: предупреждение
User: NT AUTHORITYSYSTEM

=====Application event log=====

Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091007161826.000000+180
Event Type: информация
User:

Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091007161824.000000+180
Event Type: информация
User:

Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091007161729.000000+180
Event Type: информация
User:

Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091007161715.000000+180
Event Type: информация
User:

Computer Name: MICROSOF-426AB4
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091007161656.000000+180
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesJavajre1.6.0_06libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.6.0_06libextQTJava.zip

---

EOF

---

[betalik]

Кто-нибудь помогите 🙄

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Извиняюсь за задержку с ответом.
Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

:reg

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"AppInit_DLLS"=""



[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]

"DisableTaskMgr"=0

"DisableRegistryTools"=0



:files

C:WINDOWSsvcoost.exe

C:WINDOWSexxploree.exe

C:WINDOWSsystem32IqXlK.dll



:Commands

[emptytemp]

[Reboot]

Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.

[Автор]

Сообщения