Помогите разобраться с HijackThis логами

[Sauterelle]

В последнее время проблемы с компом, то ошибки вылазят, то какие-то проги не запускаются..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:56, on 18.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesHewlett-PackardFile SanitizerHPFSService.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesHewlett-PackardDrive EncryptionHpFkCrypt.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
c:Program FilesHewlett-PackardIAMBinAsGHost.exe
C:Program FilesDrWebSpIDerAgent.exe
C:Program FilesDrWebspiderml.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesMail.RuGuardGuardMailRu.exe
C:WINDOWSsystem32ctfmon.exe
c:Program FilesActivIdentityActivClientaccoca.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesMail.RuGuardGuardMailRu.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1DrWebspidernt.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesQIPqip.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsЮляРабочий столHijackThis.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.codecguide.com/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsЮляApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll (file missing)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AskBar BHO — {201f27d4-3704-41d6-89c1-aa35e39143ed} — C:Program FilesAskBarDisbarbinaskBar.dll
O2 — BHO: BHO_Startup — {3134413B-49B4-425C-98A5-893C1F195601} — C:Program FilesHewlett-PackardFile SanitizerIEBHO.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_06binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll (file missing)
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsЮляApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Adobe PDF Conversion Toolbar Helper — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 — BHO: Credential Manager for HP ProtectTools — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — c:Program FilesHewlett-PackardIAMBinItIEAddIn.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll (file missing)
O3 — Toolbar: Ask Toolbar — {3041d03e-fd4b-44e0-b742-2d9b88305f98} — C:Program FilesAskBarDisbarbinaskBar.dll
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytesPortableAppMalwarebytesmbam.exe» /runcleanupscript
O4 — HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Append to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert link target to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert link target to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert selected links to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert selected links to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Convert selection to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert selection to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Отправить через Bluetooth — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra button: ICQ7.1 — {71BFC818-0CED-42D6-9C87-5142918957EE} — C:Program FilesICQ7.1ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ7.1 — {71BFC818-0CED-42D6-9C87-5142918957EE} — C:Program FilesICQ7.1ICQ.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O16 — DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) — http://www.musicnotes.com/download/mnviewer.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 — AppInit_DLLs: APSHook.dll
O20 — Winlogon Notify: ackpbsc — c:WINDOWSsystem32ackpbsc.dll
O20 — Winlogon Notify: acunlock — c:Program FilesActivIdentityActivClientacunlock.dll
O20 — Winlogon Notify: OneCard — c:Program FilesHewlett-PackardIAMBinASWLNPkg.dll
O23 — Service: ActivClient Middleware Service (accoca) — ActivIdentity — c:Program FilesActivIdentityActivClientaccoca.exe
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: Фоновая интеллектуальная служба передачи (BITS) (BITS) — Unknown owner — C:WINDOWS
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Com4QLBEx — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 — Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Guard.Mail.ru — Unknown owner — C:Program FilesMail.RuGuardGuardMailRu.exe
O23 — Service: HP ProtectTools Service — Hewlett-Packard Development Company, L.P — c:Program FilesHewlett-PackardHP ProtectTools Security ManagerPTChangeFilterService.exe
O23 — Service: Drive Encryption Service (HpFkCryptService) — SafeBoot International — c:Program FilesHewlett-PackardDrive EncryptionHpFkCrypt.exe
O23 — Service: File Sanitizer for HP ProtectTools (HPFSService) — Hewlett-Packard — C:Program FilesHewlett-PackardFile SanitizerHPFSService.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 14528 bytes

[Sauterelle]

Ребята, помогите пожалуйста девушке разобраться с компом 😥

[Helper]

Здравствуйте!Добро пожаловать на Спайваре-ру форум!
Сделайте,пожалуйста,логи RSIT,как написано в этой теме:
viewtopic.php?f=3&t=2

[Sauterelle]

info.txt logfile of random’s system information tool 1.06 2010-05-19 21:41:02

======Uninstall list======

—>C:Program FilesInstallShield Installation Information{69333A04-5134-40A5-A055-9166A7AA1EC8}setup.exe -runfromtemp -l0x0009 -removeonly
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9A6F0720-739C-408B-966F-93091631A918}setup.exe» -l0x9
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
32 Bit HP CIO Components Installer—>MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
ACDSee Pro—>MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B}
ActivClient 6.1 x86—>MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Add or Remove Adobe Creative Suite 3 Design Premium—>C:Program FilesCommon FilesAdobeInstallersc14ac4070fd9614ffe63f4bb533db2cSetup.exe
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3—>MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium—>MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>C:Program FilesCommon FilesAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3—>MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3—>MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 9 ActiveX—>MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin—>MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder—>MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3—>MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler—>MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3—>MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files—>MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup—>MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup—>MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3—>MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3—>MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems HDA Modem—>agrsmdel
AHV content for Acrobat and Flash—>MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AmlMaple—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFAmlMaple.inf,Uninstall
Ask Toolbar—>»C:Program FilesAskBarDisunins000.exe»
ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BIOS Configuration for HP ProtectTools—>MsiExec.exe /X{BB662A7E-DFF6-47C9-BBD2-430079EA8E74}
Catalyst Control Center — Branding—>MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}
ConvertXtoDVD 3.1.0.25—>»C:Program FilesVSOConvertX3unins000.exe»
Credential Manager for HP ProtectTools—>rundll32.exe «c:Program FilesHewlett-PackardIAMBinSetupHelper.dll»,ExecMain /Uninstall {07342A24-8224-4A31-9D38-8847E1209101}
Desktop Toolbar [WhenUSearch]—>C:Program FilesDAEMON Tools SearchBarUninst.exe /tWHSE
Dr.Web anti-virus for Windows 5.0—>MsiExec.exe /I{2BD3661D-1384-4EF4-9E5C-DFDB8EE6E3EA}
Drive Encryption for HP ProtectTools—>MsiExec.exe /I{E6272A04-665C-4E7D-A6BA-EAF4C6C11B00}
File Sanitizer For HP ProtectTools—>C:Program FilesInstallShield Installation Information{789C97CE-9E17-4126-BDF4-11FF458BF705}Setup.exe -runfromtemp -l0x0009 -removeonly
Free YouTube to Mp3 Converter version 3.1—>»C:ПрогиFree YouTube to Mp3 Converterunins000.exe»
Guard.Mail.ru—>»C:Program FilesMail.RuGuardGuardMailRu.exe» /uninstall
HijackThis 2.0.2—>»C:Documents and SettingsЮляРабочий столHijackThis.exe» /uninstall
HP 3D DriveGuard—>MsiExec.exe /X{583EFC0B-1D6F-4646-8AE5-D78B301DD211}
HP BatteryCheck 2.10 A2—>»C:Program FilesInstallShield Installation Information{69DAC00A-7665-4E9B-B441-093D40736429}setup.exe» -runfromtemp -l0x0009 -removeonly uninst
HP Common Access Service Library—>MsiExec.exe /I{732A3F80-008B-4350-BD58-EC5AE98707B8}
HP Integrated Module with Bluetooth wireless technology—>MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP JavaCard for HP ProtectTools—>MsiExec.exe /I{1050C5B0-97B8-4B56-A2AD-35DDA3322D1C}
HP ProtectTools Security Manager Suite—>C:WINDOWSInstallerHPPTSuiteInstallEngine.exe /uninstall=C:WINDOWSInstaller10154120.msi
HP ProtectTools Security Manager—>MsiExec.exe /I{5CB209A9-B60C-47D8-BC3D-C608B05DF1C3}
HP Quick Launch Buttons 6.40 L2—>C:Program FilesInstallShield Installation Information{34D2AB40-150D-475D-AE32-BD23FB5EE355}Setup.exe -runfromtemp -l0x0019 -removeonly uninst
HP Webcam Application—>C:Program FilesInstallShield Installation Information{154E4F71-DFC0-4B31-8D99-F97615031B02}setup.exe -runfromtemp -l0x0019 -removeonly
HP Webcam—>C:Program FilesInstallShield Installation Information{399C37FB-08AF-493B-BFED-20FBD85EDF7F}setup.exe -runfromtemp -l0x0019 -removeonly
HP Wireless Assistant—>MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
ICQ7.1—>»C:Program FilesInstallShield Installation Information{71BFC818-0CED-42D6-9C87-5142918957EE}ICQ7.exe» -runfromtemp -l0x0009 -removeonly
InterVideo DVD Check—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5D97A4A7-C274-4B63-86D9-07A33435F505}setup.exe» REMOVEALL
InterVideo WinDVD—>»C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe» REMOVEALL
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 4.7.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Агент 5.6 (сборка 3399, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.90—>c:program filesmail.rusputnikSputnikInstaller.exe -uninstall
Marvell Miniport Driver—>C:Program FilesMarvellMiniport DriverUninst.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Demo—>MsiExec.exe /I{3F7C2E67-9FA7-4558-B335-DA0C509F1049}
Paint.NET v3.31—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFiltre Studio—>»C:Program FilesPhotoFiltre StudioUninst.exe»
SCR3xxx Smart Card Reader—>MsiExec.exe /I{9A154D6D-13D6-4CA1-BB3A-E792C18DACBF}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
Subtitle Workshop 2.51—>»C:Program FilesURUSoftSubtitle Workshopuninstall.exe»
Switch Uninstall—>C:Program FilesNCH Swift SoundSwitchuninst.exe
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
TEFView 2.65—>»D:ГитараTablEditunins000.exe»
The KMPlayer (remove only)—>»C:Program FilesThe KMPlayeruninstall.exe»
Uninstall 1.0.0.1—>»C:Program FilesCommon FilesDVDVideoSoftunins000.exe»
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
VRazvedke—>C:Program FilesVRazvedkeuninstall.exe
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
WinDjView 1.0—>C:Program FilesWinDjViewuninstall.exe
Xilisoft AVI to DVD Converter—>C:Program FilesXilisoftAVI to DVD ConverterUninstall.exe
ZET 9 Lite 0.29—>D:ИнтересноеПрогиZET 9ZET 9Uninstall.exe
Адаптер беспроводной локальной сети Broadcom 802.11—>»C:Program FilesBroadcomBroadcom 802.11Driverbcmwlu00.exe» verbose /rootkey=»SoftwareBroadcom802.11UninstallInfo» /rootdir=»C:Program FilesBroadcomBroadcom 802.11Driver»
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Веселая ферма 3—>C:Program FilesAlawar.ruВеселая ферма 3Uninstall.exe
Идеальный Партнер v2.75 PRO—>»D:ИнтересноеПрогиIdeal Partneruninst.exe»

======Security center information======

AV: Doctor Web Anti-Virus (outdated)

======System event log======

Computer Name: NOTE
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Intel(R)…5100 ABG — Минипорт планировщика пакетов был подключен к сети,
и инициировала нормальную работу через этот сетевой адаптер.

Record Number: 14491
Source Name: Tcpip
Time Written: 20100301195321.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Intel(R)…5100 ABG — Минипорт планировщика пакетов был подключен к сети,
и инициировала нормальную работу через этот сетевой адаптер.

Record Number: 14490
Source Name: Tcpip
Time Written: 20100301195311.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 1003
Message: Компьютеру не удалось обновить адрес, полученный от DHCP-cервера, для
сетевого адаптера с сетевым адресом 00216B1FD4E8.
Произошла следующая ошибка:
Операция была отменена пользователем.
.
Компьютер продолжит попытки получить свой
собственный адрес от DHCP-cервера.

Record Number: 14489
Source Name: Dhcp
Time Written: 20100301195301.000000+120
Event Type: предупреждение
User:

Computer Name: NOTE
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Intel(R)…5100 ABG — Минипорт планировщика пакетов был подключен к сети,
и инициировала нормальную работу через этот сетевой адаптер.

Record Number: 14488
Source Name: Tcpip
Time Written: 20100301195301.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 1003
Message: Компьютеру не удалось обновить адрес, полученный от DHCP-cервера, для
сетевого адаптера с сетевым адресом 00216B1FD4E8.
Произошла следующая ошибка:
Операция была отменена пользователем.
.
Компьютер продолжит попытки получить свой
собственный адрес от DHCP-cервера.

Record Number: 14487
Source Name: Dhcp
Time Written: 20100301195300.000000+120
Event Type: предупреждение
User:

=====Application event log=====

Computer Name: NOTE
Event Code: 1903
Message:
Record Number: 5055
Source Name: HHCTRL
Time Written: 20091201010702.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 1903
Message:
Record Number: 5054
Source Name: HHCTRL
Time Written: 20091201003702.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 1903
Message:
Record Number: 5053
Source Name: HHCTRL
Time Written: 20091201000711.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 1903
Message:
Record Number: 5052
Source Name: HHCTRL
Time Written: 20091130233711.000000+120
Event Type: информация
User:

Computer Name: NOTE
Event Code: 1903
Message:
Record Number: 5051
Source Name: HHCTRL
Time Written: 20091130230723.000000+120
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;c:Program FilesActivIdentityActivClient;c:Program FilesHewlett-PackardIAMbin
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

[Sauterelle]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Юля at 2010-05-19 21:40:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (54%) free of 54 GB
Total RAM: 2043 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:59, on 19.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesHewlett-PackardFile SanitizerHPFSService.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesHewlett-PackardDrive EncryptionHpFkCrypt.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
c:Program FilesHewlett-PackardIAMBinAsGHost.exe
C:WINDOWSExplorer.EXE
C:Program FilesDrWebSpIDerAgent.exe
C:Program FilesDrWebspiderml.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
c:Program FilesActivIdentityActivClientaccoca.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesMail.RuGuardGuardMailRu.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1DrWebspidernt.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSSystem32svchost.exe
C:Documents and SettingsЮляРабочий столRSIT.exe
C:Documents and SettingsЮляРабочий столЮля.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.codecguide.com/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsЮляApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll (file missing)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AskBar BHO — {201f27d4-3704-41d6-89c1-aa35e39143ed} — C:Program FilesAskBarDisbarbinaskBar.dll
O2 — BHO: BHO_Startup — {3134413B-49B4-425C-98A5-893C1F195601} — C:Program FilesHewlett-PackardFile SanitizerIEBHO.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_06binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll (file missing)
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsЮляApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Adobe PDF Conversion Toolbar Helper — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 — BHO: Credential Manager for HP ProtectTools — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — c:Program FilesHewlett-PackardIAMBinItIEAddIn.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll (file missing)
O3 — Toolbar: Ask Toolbar — {3041d03e-fd4b-44e0-b742-2d9b88305f98} — C:Program FilesAskBarDisbarbinaskBar.dll
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytesPortableAppMalwarebytesmbam.exe» /runcleanupscript
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Append to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert link target to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert link target to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert selected links to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert selected links to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Convert selection to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert selection to existing PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Отправить через Bluetooth — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra button: ICQ7.1 — {71BFC818-0CED-42D6-9C87-5142918957EE} — C:Program FilesICQ7.1ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ7.1 — {71BFC818-0CED-42D6-9C87-5142918957EE} — C:Program FilesICQ7.1ICQ.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O16 — DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) — http://www.musicnotes.com/download/mnviewer.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 — AppInit_DLLs: APSHook.dll
O20 — Winlogon Notify: ackpbsc — c:WINDOWSsystem32ackpbsc.dll
O20 — Winlogon Notify: acunlock — c:Program FilesActivIdentityActivClientacunlock.dll
O20 — Winlogon Notify: OneCard — c:Program FilesHewlett-PackardIAMBinASWLNPkg.dll
O23 — Service: ActivClient Middleware Service (accoca) — ActivIdentity — c:Program FilesActivIdentityActivClientaccoca.exe
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: Фоновая интеллектуальная служба передачи (BITS) (BITS) — Unknown owner — C:WINDOWS
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Com4QLBEx — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 — Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Guard.Mail.ru — Unknown owner — C:Program FilesMail.RuGuardGuardMailRu.exe
O23 — Service: HP ProtectTools Service — Hewlett-Packard Development Company, L.P — c:Program FilesHewlett-PackardHP ProtectTools Security ManagerPTChangeFilterService.exe
O23 — Service: Drive Encryption Service (HpFkCryptService) — SafeBoot International — c:Program FilesHewlett-PackardDrive EncryptionHpFkCrypt.exe
O23 — Service: File Sanitizer for HP ProtectTools (HPFSService) — Hewlett-Packard — C:Program FilesHewlett-PackardFile SanitizerHPFSService.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 14410 bytes

======Scheduled tasks folder======

C:WINDOWStasksDr.Web Daily scan.job
C:WINDOWStasksDr.Web Update.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO — C:Program FilesAskBarDisbarbinaskBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class — C:Program FilesHewlett-PackardFile SanitizerIEBHO.dll [2008-05-02 110592]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_06binssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesmail.rusputnikMailRuSputnik.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsЮляApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper — C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools — c:Program FilesHewlett-PackardIAMBinItIEAddIn.dll [2008-09-23 98064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll [2007-05-10 321120]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll []
{3041d03e-fd4b-44e0-b742-2d9b88305f98} — Ask Toolbar — C:Program FilesAskBarDisbarbinaskBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SpIDerAgent»=C:Program FilesDrWebSpIDerAgent.exe [2010-02-15 447728]
«SpIDerMail»=C:Program FilesDrWebspiderml.exe [2009-07-02 644336]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2010-04-07 231816]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2010-05-09 9422016]
«»= []
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytesPortableAppMalwarebytesmbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAccelerometerSysTrayApplet]
c:WINDOWSsystem32AccelerometerSt.Exe [2008-10-14 82224]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregaccrdsub]
c:Program FilesActivIdentityActivClientaccrdsub.exe [2007-11-27 298536]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 8.0]
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe [2008-10-14 623992]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe [2009-04-12 2356088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcoholAutomount]
C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-09-02 205256]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAmlMaple]
C:Program FilesAmlMapleAmlMaple.exe [2008-04-24 91648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe [2005-10-28 94208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCognizanceTS]
c:PROGRA~1HEWLET~1IAMBinASTSVCC.dll [2008-09-23 24848]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdaemon tools]
D:ProgiDAEMON_Tools_v4.08_rus.[tfile.ru]DAEMON Toolsdaemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFile Sanitizer]
C:Program FilesHewlett-PackardFile SanitizerCoreShredder.exe [2008-05-02 10244096]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGuard.Mail.ru.gui]
C:Program FilesMail.RuGuardGuardMailRu.exe [2010-05-09 563392]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreghpWirelessAssistant]
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe [2008-04-15 488752]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInfium]
C:Program FilesQIP 2010qip.exe [2010-04-30 5562832]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPTHOSTTR]
c:Program FilesHewlett-PackardHP ProtectTools Security ManagerPTHOSTTR.EXE [2008-10-07 349488]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl.exe]
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe [2008-10-10 177456]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2008-03-24 884736]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2008-04-04 1044480]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
C:Program FilesSynapticsSynTPSynTPEnh.exe [2008-06-20 1310720]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVKontakte]
C:ПрогиMailAgentAgent VkontakteAgentVkontakte.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWatchDog]
C:Program FilesInterVideoDVD CheckDVDCheck.exe [2008-05-23 197904]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregwhenusearch]
C:Program FilesDAEMON Tools SearchBarSearch.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregwhenusearchwhse]
C:Program FilesDAEMON Tools SearchBarwhse.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2007-05-15 35328]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregЮля]
C:Documents and SettingsЮляЮля.exe /i []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
C:WINDOWSInstaller{AC76BA86-1033-0000-7760-000000000003}_SC_Acrobat.exe [2009-10-15 295606]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Synchronizer.lnk]
C:PROGRA~1AdobeACROBA~1.0AcrobatADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^BTTray.lnk]
C:PROGRA~1WIDCOMMBLUETO~1BTTray.exe [2008-03-31 576104]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^DVD Check.lnk]
C:PROGRA~1INTERV~1DVDCHE~1DVDCheck.exe [2008-05-23 197904]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»APSHook.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyackpbsc]
c:WINDOWSsystem32ackpbsc.dll [2007-11-27 109568]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyacunlock]
c:Program FilesActivIdentityActivClientacunlock.dll [2007-11-27 286720]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-05-08 126976]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
c:Program FilesHewlett-PackardIAMBinASWLNPkg.dll [2008-09-23 158992]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoBandCustomize»=0
«NoMovingBands»=0
«NoCloseDragDropBands»=0
«NoActiveDesktop»=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«D:GamesS.T.A.L.K.E.RbinXR_3DA.exe»=»D:GamesS.T.A.L.K.E.RbinXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)»
«D:GamesS.T.A.L.K.E.RbindedicatedXR_3DA.exe»=»D:GamesS.T.A.L.K.E.RbindedicatedXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)»
«c:Program FilesHewlett-PackardIAMBinAsGHost.exe»=»c:Program FilesHewlett-PackardIAMBinAsGHost.exe:*:Enabled:ENABLE»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»
«C:WINDOWSExplorer.EXE»=»C:WINDOWSExplorer.EXE:*:Enabled:ENABLE»
«C:Program FilesICQ7.1ICQ.exe»=»C:Program FilesICQ7.1ICQ.exe:*:Enabled:ICQ7.1»
«C:Program FilesICQ7.1aolload.exe»=»C:Program FilesICQ7.1aolload.exe:*:Enabled:aolload.exe»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ7.1ICQ.exe»=»C:Program FilesICQ7.1ICQ.exe:*:Enabled:ICQ7.1»
«C:Program FilesICQ7.1aolload.exe»=»C:Program FilesICQ7.1aolload.exe:*:Enabled:aolload.exe»

======List of files/folders created in the last 1 months======

2010-05-19 21:40:55 —-D—- C:rsit
2010-05-18 20:34:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-05-18 20:34:21 —-D—- C:Program FilesMalwarebytesPortable
2010-05-18 20:13:53 —-D—- C:Documents and SettingsЮляApplication DataICQ
2010-05-18 20:13:40 —-D—- C:Program FilesICQ7.1
2010-05-18 20:12:06 —-A—- C:Program Filesinstall_rambler_icq7.exe
2010-05-13 20:32:38 —-D—- C:Program FilesQIP 2010
2010-05-13 20:31:08 —-A—- C:Program Filesqip2010.exe
2010-05-09 23:08:39 —-D—- C:72a109a161a8276c654b86
2010-05-09 23:08:29 —-D—- C:3a70b934aa4744d8f4e6a4
2010-05-09 23:08:27 —-D—- C:b31ddcd11bc4394bb36b2936
2010-05-09 23:07:25 —-D—- C:Documents and SettingsЮляApplication DataReal
2010-05-09 23:07:25 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2010-05-09 23:07:24 —-D—- C:Program FilesK-Lite Codec Pack
2010-05-09 23:03:58 —-D—- C:Program FilesK-Lite Codec Pack(2)
2010-05-09 18:42:48 —-DC—- C:WINDOWS$NtUninstallXPSEPSCLP$
2010-05-09 18:39:54 —-D—- C:WINDOWSsystem32XPSViewer
2010-05-09 18:39:49 —-D—- C:Program FilesMSBuild
2010-05-09 18:39:47 —-D—- C:WINDOWSsystem32en-US
2010-05-09 18:39:40 —-D—- C:Program FilesReference Assemblies
2010-05-09 18:38:58 —-N—- C:WINDOWSsystem32xpssvcs.dll
2010-05-09 18:38:58 —-N—- C:WINDOWSsystem32xpsshhdr.dll
2010-05-09 18:38:58 —-N—- C:WINDOWSsystem32prntvpt.dll
2010-05-09 18:38:58 —-D—- C:ed07ccd3c29474e6b1a252d190a2
2010-05-09 18:38:33 —-D—- C:WINDOWSSxsCaPendDel
2010-05-09 18:32:56 —-SHD—- C:Config.Msi
2010-05-09 18:09:04 —-D—- C:MSXML3msms
2010-05-09 18:07:31 —-HDC—- C:WINDOWS$NtUninstallKB942288-v3$
2010-05-09 17:33:13 —-D—- C:Documents and SettingsЮляApplication DataYaChatData
2010-05-09 17:33:05 —-D—- C:Documents and SettingsЮляApplication DataYandex
2010-05-09 17:33:03 —-D—- C:Program FilesYandex
2010-05-09 17:17:11 —-D—- C:Program FilesCommon FilesDoctor Web
2010-05-09 17:17:10 —-D—- C:Documents and SettingsAll UsersApplication DataDoctor Web
2010-05-09 16:34:17 —-AT—- C:WINDOWSsystem32DRWEBSP.DLL
2010-05-09 02:08:59 —-D—- C:Documents and SettingsЮляApplication DataMra
2010-05-09 01:45:53 —-D—- C:Documents and SettingsЮляApplication DataThinstall
2010-05-09 01:45:00 —-D—- C:Portable Programs
2010-05-09 01:23:37 —-D—- C:Program FilesMail.Ru
2010-05-09 01:23:36 —-D—- C:Documents and SettingsЮляApplication DataQipGuard
2010-05-09 00:18:44 —-D—- C:Program FilesQIP Infium
2010-05-09 00:18:14 —-A—- C:Program Filesqipinfium9034.exe
2010-05-08 22:07:04 —-ASH—- C:WINDOWSsystem32cddafa_d.dll
2010-05-08 22:06:54 —-D—- C:Program FilesRegSupreme Pro

======List of files/folders modified in the last 1 months======

2010-05-19 21:22:36 —-D—- C:WINDOWSTemp
2010-05-19 21:20:26 —-D—- C:WINDOWSsystem32CatRoot2
2010-05-19 00:25:50 —-A—- C:WINDOWSSchedLgU.Txt
2010-05-18 23:19:28 —-SH—- C:boot.ini
2010-05-18 23:19:28 —-A—- C:WINDOWSwin.ini
2010-05-18 23:19:28 —-A—- C:WINDOWSsystem.ini
2010-05-18 22:53:13 —-D—- C:WINDOWSsystem32drivers
2010-05-18 22:53:13 —-D—- C:WINDOWSAppPatch
2010-05-18 20:34:21 —-RD—- C:Program Files
2010-05-18 20:14:26 —-HD—- C:Program FilesInstallShield Installation Information
2010-05-17 21:11:51 —-D—- C:Program FilesuTorrent
2010-05-16 23:19:57 —-D—- C:Documents and SettingsЮляApplication DatauTorrent
2010-05-13 22:36:39 —-D—- C:Program FilesQIP
2010-05-11 23:29:46 —-A—- C:WINDOWSNeroDigital.ini
2010-05-11 19:17:36 —-D—- C:WINDOWSsystem32
2010-05-11 19:17:36 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-05-10 15:41:59 —-D—- C:Program FilesDrWeb
2010-05-09 23:48:37 —-SD—- C:WINDOWSDownloaded Program Files
2010-05-09 23:12:34 —-HD—- C:WINDOWSinf
2010-05-09 23:12:32 —-D—- C:WINDOWSsystem32CatRoot
2010-05-09 23:11:17 —-D—- C:WINDOWS
2010-05-09 23:09:29 —-D—- C:WINDOWSsystem32config
2010-05-09 23:09:08 —-D—- C:WINDOWSsystem32wbem
2010-05-09 23:09:07 —-D—- C:WINDOWSRegistration
2010-05-09 23:08:48 —-SHD—- C:WINDOWSInstaller
2010-05-09 19:06:50 —-RSD—- C:WINDOWSassembly
2010-05-09 19:04:41 —-D—- C:WINDOWSMicrosoft.NET
2010-05-09 18:55:20 —-D—- C:WINDOWSpss
2010-05-09 18:42:26 —-D—- C:WINDOWSsystem32ru-ru
2010-05-09 18:40:57 —-D—- C:WINDOWSWinSxS
2010-05-09 18:39:46 —-RSD—- C:WINDOWSFonts
2010-05-09 18:39:24 —-D—- C:WINDOWSsystem32spool
2010-05-09 18:39:14 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-05-09 18:08:22 —-A—- C:WINDOWSimsins.BAK
2010-05-09 18:07:57 —-D—- C:WINDOWSsystem32mui
2010-05-09 18:04:31 —-D—- C:Проги
2010-05-09 17:17:21 —-SD—- C:WINDOWSTasks
2010-05-09 17:06:17 —-D—- C:Program FilesCommon Files
2010-05-09 01:09:15 —-D—- C:WINDOWSsystem32Restore
2010-05-08 15:39:00 —-D—- C:Documents and SettingsЮляApplication DataAdobe
2010-05-05 19:52:03 —-D—- C:Documents and SettingsЮляApplication DataSkype
2010-05-03 21:52:43 —-D—- C:Documents and SettingsЮляApplication DataskypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-05-20 14720]
R1 RsvLock;RsvLock; C:WINDOWSsystem32driversRsvLock.sys [2008-10-01 12528]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-05-20 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 ithsgt;ithsgt; C:WINDOWSsystem32DRIVERSithsgt.sys [2009-07-23 162432]
R2 lilsgt;lilsgt; C:WINDOWSsystem32DRIVERSlilsgt.sys [2009-07-23 12032]
R2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
R3 Accelerometer;HP Accelerometer; C:WINDOWSsystem32DRIVERSAccelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2008-03-21 1203776]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-05-09 2880512]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2008-04-03 539512]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2008-04-03 37424]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2008-04-03 879624]
R3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2008-04-03 156392]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2008-04-03 74688]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-05-20 13952]
R3 HBtnKey;HBtnKey; C:WINDOWSsystem32DRIVERScpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-05-20 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:WINDOWSsystem32DRIVERSHpqKbFiltr.sys [2007-06-18 16768]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw5x32.sys [2009-01-05 3634688]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-08-06 47360]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2009-03-26 10368]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:WINDOWSsystem32DRIVERSsnp2uvc.sys [2008-04-10 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2008-06-20 225696]
R3 Tetri5;Tetri5 driver; C:WINDOWSSystem32DriversTetri5.sys [2009-07-23 53088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-05-20 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-05-20 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-05-20 20608]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2008-04-04 296320]
S1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys []
S1 InCDRm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys []
S3 a2dmm556;a2dmm556; C:WINDOWSsystem32driversa2dmm556.sys []
S3 aa88pxid;aa88pxid; C:WINDOWSsystem32driversaa88pxid.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-05-20 17024]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-05-20 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-05-20 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-05-20 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-05-20 15232]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-05-20 32384]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-05-20 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-05-20 26368]
S3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-05-20 121984]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-05-20 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 InCDFs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:Program FilesActivIdentityActivClientaccoca.exe [2007-11-27 185896]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:WINDOWSsystem32agrsmsvc.exe [2008-03-18 13312]
R2 ASBroker;Logon Session Broker; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-05-08 536576]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2008-03-31 264800]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2009-09-29 869688]
R2 Guard.Mail.ru;Guard.Mail.ru; C:Program FilesMail.RuGuardGuardMailRu.exe [2010-05-09 563392]
R2 HpFkCryptService;Drive Encryption Service; c:Program FilesHewlett-PackardDrive EncryptionHpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:Program FilesHewlett-PackardFile SanitizerHPFSService.exe [2008-05-02 77824]
R2 IviRegMgr;IviRegMgr; C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
R2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2010-04-07 231816]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R3 hpqwmiex;hpqwmiex; C:Program FilesHewlett-PackardSharedhpqwmiex.exe [2008-10-23 223232]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 Com4QLBEx;Com4QLBEx; C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2008-12-04 222512]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-03-26 654848]
S3 HP ProtectTools Service;HP ProtectTools Service; c:Program FilesHewlett-PackardHP ProtectTools Security ManagerPTChangeFilterService.exe [2008-10-07 45056]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]

---

EOF

---

[Sauterelle]

Все сделала как надо, посмотрите пожалуйста

[Admin]

Необходима дополнительная проверка.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

[Автор]

Сообщения