Re: Re: помогите!!!!

[yuhuyyyyy]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:12, on 03.09.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:WindowsSMINSTscheduler.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesDrWebspiderui.exe
C:Program FilesDrWebspideragent.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesCommon FilesRealUpdate_OBRealOneMessageCenter.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesDAEMON Tools ProDTProShellHlp.exe
C:Windowssystem32wuauclt.exe
C:Program FilesMicrosoft OfficeOffice12WINWORD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Windowssystem32NOTEPAD.EXE
C:Windowssystem32NOTEPAD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersПавелDesktopHijackThis.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=44290
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.APEHA.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer предоставлен: Яндекс
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll (file missing)
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
F2 — REG:system.ini: UserInit=userinit.exe
O1 — Hosts: 77.37.178.82 megafon.ru
O1 — Hosts: 77.37.178.82 http://www.megafon.ru
O1 — Hosts: 77.37.178.82 yandex.ua
O1 — Hosts: 77.37.178.82 http://www.yandex.ua
O1 — Hosts: 77.37.178.82 http://www.yandex.com
O1 — Hosts: 77.37.178.82 yandex.com
O1 — Hosts: 77.37.178.82 http://www.rambler.ru
O1 — Hosts: 77.37.178.82 rambler.ru
O1 — Hosts: 77.37.178.82 durov.vkontakte.ru
O1 — Hosts: 77.37.178.82 http://www.durov.vkontakte.ru
O1 — Hosts: 77.37.178.82 ya.com
O1 — Hosts: 77.37.178.82 http://www.ya.com
O1 — Hosts: 77.37.178.82 gmail.com
O1 — Hosts: 77.37.178.82 pda.vkontakte.ru
O1 — Hosts: 77.37.178.82 http://www.pda.vkontakte.ru
O1 — Hosts: 77.37.178.82 http://www.gmail.com
O1 — Hosts: 77.37.178.82 aport.ru
O1 — Hosts: 77.37.178.82 http://www.aport.ru
O1 — Hosts: 77.37.178.82 poisk.ru
O1 — Hosts: 77.37.178.82 http://www.poisk.ru
O1 — Hosts: 77.37.178.82 odnoklassniki.ua
O1 — Hosts: 77.37.178.82 http://www.odnoklassniki.ua
O1 — Hosts: 77.37.178.82 searchengines.ru
O1 — Hosts: 77.37.178.82 http://www.searchengines.ru
O1 — Hosts: 77.37.178.82 altavista.com
O1 — Hosts: 77.37.178.82 http://www.altavista.com
O1 — Hosts: 77.37.178.82 paystream.ru
O1 — Hosts: 77.37.178.82 http://www.paystream.ru
O1 — Hosts: 77.37.178.82 payhelp.ru
O1 — Hosts: 77.37.178.82 http://www.payhelp.ru
O1 — Hosts: 77.37.178.82 inbox.ru
O1 — Hosts: 77.37.178.82 http://www.inbox.ru
O1 — Hosts: 77.37.178.82 megafon.ru
O1 — Hosts: 77.37.178.82 http://www.megafon.ru
O1 — Hosts: 77.37.178.82 goldfon.ru
O1 — Hosts: 77.37.178.82 http://www.goldfon.ru
O1 — Hosts: 77.37.178.82 cmcbilling.ru
O1 — Hosts: 77.37.178.82 http://www.cmcbilling.ru
O1 — Hosts: 77.37.178.82 paystream.ru
O1 — Hosts: 77.37.178.82 http://www.paystream.ru
O1 — Hosts: 77.37.178.82 gogo.ru
O1 — Hosts: 77.37.178.82 http://www.gogo.ru
O1 — Hosts: 77.37.178.82 drweb.ru
O1 — Hosts: 77.37.178.82 http://www.drweb.ru
O1 — Hosts: 77.37.178.82 games.yandex.ru
O1 — Hosts: 77.37.178.82 http://www.games.yandex.ru
O1 — Hosts: 77.37.178.82 icq.com
O1 — Hosts: 77.37.178.82 http://www.icq.com
O1 — Hosts: 77.37.178.82 qip.ru
O1 — Hosts: 77.37.178.82 http://www.qip.ru
O1 — Hosts: 77.37.178.82 yandex.ru
O1 — Hosts: 77.37.178.82 http://www.yandex.ru
O1 — Hosts: 77.37.178.82 google.ru
O1 — Hosts: 77.37.178.82 google.com
O1 — Hosts: 77.37.178.82 vk.com
O1 — Hosts: 77.37.178.82 http://www.vk.com
O1 — Hosts: 77.37.178.82 vkontakte.ru
O1 — Hosts: 77.37.178.82 http://www.vkontakte.ru
O1 — Hosts: 77.37.178.82 yahoo.com
O1 — Hosts: 77.37.178.82 http://www.yahoo.com
O1 — Hosts: 77.37.178.82 odnoklassniki.ru
O1 — Hosts: 77.37.178.82 http://www.odnoklassniki.ru
O1 — Hosts: 77.37.178.82 durov.ru
O1 — Hosts: 77.37.178.82 http://www.durov.ru
O1 — Hosts: 77.37.178.82 http://www.webmoney.ru
O1 — Hosts: 77.37.178.82 webmoney.ru
O1 — Hosts: 77.37.178.82 arbitrage.webmoney.ru
O1 — Hosts: 77.37.178.82 http://www.arbitrage.webmoney.ru
O1 — Hosts: 77.37.178.82 openbill.ru
O1 — Hosts: 77.37.178.82 http://www.openbill.ru
O1 — Hosts: 77.37.178.82 a1agregator.ru
O1 — Hosts: 77.37.178.82 http://www.a1agregator.ru
O1 — Hosts: 77.37.178.82 mail.ru
O1 — Hosts: 77.37.178.82 http://www.mail.ru
O1 — Hosts: 77.37.178.82 otvet.mail.ru
O1 — Hosts: 77.37.178.82 http://www.otvet.mail.ru
O1 — Hosts: 77.37.178.82 ya.ru
O1 — Hosts: 77.37.178.82 http://www.ya.ru
O1 — Hosts: 77.37.178.82 a1help.ru
O1 — Hosts: 77.37.178.82 http://www.a1help.ru
O1 — Hosts: 77.37.178.82 mts.ru
O1 — Hosts: 77.37.178.82 http://www.mts.ru
O1 — Hosts: 127.0.1.1 http://www.only-support.com
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0binssv.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg.dll
O2 — BHO: Credential Manager for HP ProtectTools — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — C:Program FilesHewlett-PackardIAMBinItIEAddIn.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [AdobeCS4ServiceManager] «C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» -launchedbylogin
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [plugin] «C:Program Filesplugin.exe»
O4 — HKLM..RunOnce: [ST Recovery Launcher] %WINDIR%SMINSTlauncher.exe
O4 — HKCU..Run: [DAEMON Tools Pro Agent] «C:Program FilesDAEMON Tools ProDTProAgent.exe» -autorun
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binssv.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{C318D4C6-19FF-4058-81EC-8747B77850D1}: NameServer = 213.177.97.201 213.177.97.1
O17 — HKLMSystemCCSServicesTcpip..{FD460D14-9F92-48BA-A4E4-F1BB0BD547EA}: NameServer = 213.177.96.1,213.177.97.1
O20 — AppInit_DLLs: APSHook.dll,C:Windowssystem32vksaver.dll
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:Windowssystem32agrsmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati External Event Utility — ATI Technologies Inc. — C:Windowssystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Com4Qlb — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 — Service: Dr.Web ® Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба Google Update (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: HP Health Check Service — Hewlett-Packard — C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: RoxMediaDB9 — Sonic Solutions — c:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Unknown owner — C:PROGRA~1DrWebspidernt.exe (file missing)
O23 — Service: stllssvr — MicroVision Development, Inc. — c:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe

—
End of file — 13698 bytes