Antivirus XP Pro 2009

[albash]

Помогите избавиться от Antivirus XP Pro 2009. Панда и Касперский его не ловят. Malwarebytes Anti-Malware. обнаружил 22 заражённых объекта. При клике на «Удалить» ничего не происходит. Хотелось бы обойтись без переустановки системы.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by d at 2009-02-18 22:30:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 510 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:32, on 18.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
C:PROGRAM FILESPANDA SECURITYPANDA INTERNET SECURITY 2009WebProxy.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSsystem32userinit.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
C:WINDOWSsystem32VTTimer.exe
C:Program FilesPanda SecurityPanda Internet Security 2009ApvxdWin.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMicrosoft IntelliType Protype32.exe
C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesPanda SecurityPanda Internet Security 2009AVENGINE.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesQuickTimeQTTask.exe
C:WINDOWSsystem32frmwrk32.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesHOTALBUMMyBOXMediaChecker.exe
C:WINDOWSsystem32ntdll64.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009SRVLOAD.EXE
C:Program FilesOpenOffice.org 3programsoffice.bin
C:WINDOWSsystem32wscntfy.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PavBckPT.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsdРабочий столRSIT.exe
C:Program Filestrend microd.exe

R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: (no name) — {A5366673-E8CA-11D3-9CD9-0090271D075B} — (no file)
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: &Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 — HKLM..Run: [VTTimer] VTTimer.exe
O4 — HKLM..Run: [VTTrayp] VTtrayp.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe
O4 — HKLM..Run: [type32] «C:Program FilesMicrosoft IntelliType Protype32.exe»
O4 — HKLM..Run: [IntelliPoint] «C:Program FilesMicrosoft IntelliPointpoint32.exe»
O4 — HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [MBBalloon] C:Program FilesHOTALBUMMyBOXMBBalloon.exe
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 — HKLM..Run: [APVXDWIN] «C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE» /s
O4 — HKLM..Run: [SCANINICIO] «C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [Framework Windows] frmwrk32.exe
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [feedreader.exe] «C:Program FilesFeedReader30feedreader.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesMSN MessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [AntivirusXP.exe] C:Program FilesAntivirusXPAntivirusXP.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-19..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O4 — Startup: OpenOffice.org 3.0.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: MediaChecker.lnk = C:Program FilesHOTALBUMMyBOXMediaChecker.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Статистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MI1933~1Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} (SecureEx Class) — http://demo.bankline.ru/servlets/ibc?File=11309.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O17 — HKLMSystemCCSServicesTcpip..{85C977D4-A0C4-4E9D-A888-0CC8849B01E4}: NameServer = 213.135.97.131,195.128.128.1
O17 — HKLMSystemCS1ServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MI1933~1Office12GR99D3~1.DLL
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O20 — Winlogon Notify: cpcsp — C:Program FilesCrypto ProCSPcpcspi.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Panda Software Controller — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
O23 — Service: Panda Function Service (PAVFNSVR) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
O23 — Service: Panda Process Protection Service (PavPrSrv) — Panda Security, S.L. — C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
O23 — Service: Panda On-Access Anti-Malware Service (PAVSRV) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Panda Host Service (PSHost) — Panda Software International — c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
O23 — Service: Panda IManager Service (PSIMSVC) — Panda Security S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
O23 — Service: Panda PSK service (PskSvcRetail) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Panda TPSrv (TPSrv) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 15509 bytes

======Scheduled tasks folder======

C:WINDOWStasksUser_Feed_Synchronization-{5797FC88-E461-4A06-B2D1-D81ECB1BB3DF}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2009-01-01 657904]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll [2009-01-01 522224]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VTTimer»=C:WINDOWSSYSTEM32VTTimer.exe [2005-03-08 53248]
«VTTrayp»=C:WINDOWSSYSTEM32VTtrayp.exe [2005-03-11 147456]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-10-04 90112]
«RaidTool»=C:Program FilesVIARAIDraid_tool.exe [2005-06-20 1056768]
«type32″=C:Program FilesMicrosoft IntelliType Protype32.exe [2005-06-10 196608]
«IntelliPoint»=C:Program FilesMicrosoft IntelliPointpoint32.exe [2005-06-10 217088]
«NeroCheck»=C:WINDOWSsystem32\NeroCheck.exe [2001-07-09 155648]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-09-14 344064]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2008-04-14 110592]
«MBBalloon»=C:Program FilesHOTALBUMMyBOXMBBalloon.exe [2006-12-15 787096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«Share-to-Web Namespace Daemon»=C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe [2002-04-17 69632]
«APVXDWIN»=C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE [2008-12-03 869632]
«SCANINICIO»=C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe [2008-07-07 50432]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2009-01-05 413696]
«Framework Windows»=C:WINDOWSSYSTEM32frmwrk32.exe [2009-02-16 26624]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-17 206088]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«feedreader.exe»=C:Program FilesFeedReader30feedreader.exe []
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe -AutoStart []
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
«MsnMsgr»=C:Program FilesMSN MessengerMsnMsgr.Exe /background []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-02-02 68856]
«AntivirusXP.exe»=C:Program FilesAntivirusXPAntivirusXP.exe []
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
MediaChecker.lnk — C:Program FilesHOTALBUMMyBOXMediaChecker.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

C:Documents and SettingsdГлавное менюПрограммыАвтозагрузка
HotSync Manager.lnk — C:Program FilesPalmHOTSYNC.EXE
OpenOffice.org 3.0.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
C:WINDOWSSYSTEM32avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycpcsp]
C:Program FilesCrypto ProCSPcpcspi.dll [2008-07-28 726528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSetActiveDesktop»=1
«NoActiveDesktopChanges»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSetActiveDesktop»=
«NoActiveDesktopChanges»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000″=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000:*:Enabled:BlueSoleil»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Disabled:Internet Explorer»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe»=»C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe:*:Enabled:Firebird Database Server»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{21c46712-3501-11dc-a151-001583b3d7be}]
shellAutocommand — AdobeR.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{321bbbf0-4308-11dc-a15b-001583b3d7be}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — Recycledctfmon.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9e-5814-11dd-a458-00142aa0ed4b}]
shellAutoRuncommand — E:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9f-5814-11dd-a458-00142aa0ed4b}]
shellAutocommand — fun.xls.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4e7b03cc-9b39-11db-9f8a-001583b3d7be}]
shellAutocommand — E:AdobeR.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64347be4-d063-11db-a027-001583b3d7be}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — J:Recycledctfmon.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d100bb8-62b9-11dd-a473-00142aa0ed4b}]
shellAutoRuncommand — u.bat
shellexplorecommand — u.bat
shellopencommand — u.bat

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b2e2ac22-11c9-11dd-a3c8-00142aa0ed4b}]
shellAutocommand — AdobeR.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

======File associations======

.js — open — C:PROGRA~1PANDAS~2PANDAI~2PavScrip.exe «%1» %*
.vbs — open — C:PROGRA~1PANDAS~2PANDAI~2PavScrip.exe «%1» %*

======List of files/folders created in the last 1 months======

2009-02-18 22:30:25 —-D—- C:Program Filestrend micro
2009-02-18 22:30:22 —-D—- C:rsit
2009-02-18 21:09:55 —-D—- C:WINDOWSInstall
2009-02-18 09:50:24 —-D—- C:Documents and SettingsdApplication DataMalwarebytes
2009-02-18 09:49:37 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-18 09:49:37 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-18 09:48:12 —-A—- C:Program Filesmbam-setup.exe
2009-02-18 09:37:03 —-D—- C:Avenger
2009-02-18 09:37:03 —-A—- C:avenger.txt
2009-02-18 09:33:14 —-A—- C:zip.exe
2009-02-18 09:33:14 —-A—- C:cleanup.exe
2009-02-18 09:33:14 —-A—- C:cleanup.bat
2009-02-17 13:32:48 —-A—- C:WINDOWSsystem32ntdll64.exe
2009-02-16 21:25:49 —-D—- C:Program FilesKaspersky Lab
2009-02-16 21:25:49 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-02-16 21:20:52 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-16 21:20:19 —-A—- C:Program Fileskis8.0.0.506ru.exe
2009-02-16 15:52:36 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-16 14:34:08 —-A—- C:WINDOWSsystem32frmwrk32.exe
2009-02-16 14:34:04 —-A—- C:WINDOWScalc.exe
2009-02-13 21:32:51 —-D—- C:Documents and SettingsdApplication DataApple Computer
2009-02-13 20:35:12 —-D—- C:Program FilesQuickTime
2009-02-13 20:35:11 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2009-02-13 20:34:47 —-D—- C:Program FilesApple Software Update
2009-02-13 20:34:47 —-D—- C:Documents and SettingsAll UsersApplication DataApple
2009-02-13 20:33:57 —-A—- C:Program FilesQuickTimeInstaller.exe
2009-02-11 13:06:13 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-01 18:36:14 —-D—- C:Program FilesCommon FilesEduSetup
2009-02-01 18:36:02 —-D—- C:Program FilesCommon Files1C Education Shared
2009-02-01 18:36:02 —-D—- C:Program Files1C Education
2009-01-19 18:16:27 —-A—- C:WINDOWSunvise32qt.exe
2009-01-19 18:14:28 —-D—- C:Documents and SettingsAll UsersApplication DataQuickTime
2009-01-19 18:14:16 —-RA—- C:WINDOWSsystem32wmv8dmod.dll
2009-01-19 18:14:14 —-RA—- C:WINDOWSsystem32mpg4c32.dll
2009-01-19 18:13:25 —-D—- C:Program FilesViewpoint
2009-01-19 18:10:20 —-A—- C:WINDOWSsystem32zip32.dll
2009-01-19 18:10:20 —-A—- C:WINDOWSsystem32unzip32.dll
2009-01-19 18:10:20 —-A—- C:WINDOWSsystem32ROBOEX32.DLL
2009-01-19 18:10:19 —-A—- C:WINDOWSsystem32qtintf.dll
2009-01-19 18:10:19 —-A—- C:WINDOWSsystem32kmword.dll
2009-01-19 18:10:19 —-A—- C:WINDOWSsystem32borlndmm.dll
2009-01-19 18:10:08 —-D—- C:C&M

======List of files/folders modified in the last 1 months======

2009-02-18 22:30:32 —-D—- C:WINDOWSTemp
2009-02-18 22:30:28 —-D—- C:WINDOWSsystem32drivers
2009-02-18 22:30:25 —-RD—- C:Program Files
2009-02-18 22:30:09 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-18 22:08:51 —-A—- C:WINDOWSModemLog_Bluetooth DUN Modem.txt
2009-02-18 22:08:50 —-A—- C:WINDOWSModemLog_Conexant SC56D External PnP, V.92,V.90,Voice,Speakerphone.txt
2009-02-18 22:08:50 —-A—- C:WINDOWSModemLog_Bluetooth Fax Modem.txt
2009-02-18 22:08:42 —-A—- C:WINDOWSModemLog_GPRS via Bluetooth(tm) #5.txt
2009-02-18 22:08:41 —-A—- C:WINDOWSModemLog_Стандартный модем 56000 bps.txt
2009-02-18 22:06:59 —-D—- C:WINDOWSsystem32
2009-02-18 22:05:42 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-18 21:09:55 —-D—- C:WINDOWS
2009-02-18 15:12:05 —-D—- C:WINDOWSPrefetch
2009-02-18 14:57:07 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-02-17 13:00:31 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-17 13:00:16 —-A—- C:WINDOWSsystem32userinit.exe
2009-02-16 21:28:45 —-SHD—- C:WINDOWSInstaller
2009-02-16 21:27:53 —-HD—- C:WINDOWSinf
2009-02-16 08:38:40 —-A—- C:WINDOWSupdate.exe
2009-02-15 21:49:16 —-D—- C:Documents and SettingsdApplication DataSkype
2009-02-15 19:24:54 —-D—- C:Documents and SettingsdApplication DataskypePM
2009-02-13 20:36:00 —-D—- C:Program FilesInternet Explorer
2009-02-12 10:44:39 —-A—- C:WINDOWShpqcopy.INI
2009-02-11 13:06:12 —-HD—- C:WINDOWS$hf_mig$
2009-02-11 13:06:06 —-A—- C:WINDOWSimsins.BAK
2009-02-11 13:05:32 —-D—- C:WINDOWSie7updates
2009-02-09 12:54:24 —-D—- C:Program FilesMetaTrader — Masterforex
2009-02-04 04:21:12 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-01 18:36:41 —-A—- C:WINDOWSODBC.INI
2009-02-01 18:36:25 —-A—- C:WINDOWSODBCINST.INI
2009-02-01 18:36:14 —-D—- C:Program FilesCommon Files
2009-01-31 22:12:27 —-SD—- C:Documents and SettingsdApplication DataMicrosoft
2009-01-28 08:58:47 —-A—- C:WINDOWSwin.ini
2009-01-24 20:07:21 —-D—- C:WINDOWSsystem32wbem
2009-01-24 20:07:20 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-23 22:20:52 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-01-19 18:52:20 —-D—- C:Program Files1C Repetitor
2009-01-19 18:10:07 —-HD—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2008-08-20 82380]
R1 APPFLT;App Filter Plugin; ??C:WINDOWSsystem32DriversAPPFLT.SYS []
R1 CProCtrl;КриптоПро CSP драйвер; C:WINDOWSsystem32DRIVERSCProCtrl.sys [2008-07-21 54024]
R1 DSAFLT;DSA Filter Plugin; ??C:WINDOWSsystem32DriversDSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; ??C:WINDOWSsystem32Driversfnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; ??C:WINDOWSsystem32DriversIDSFLT.SYS []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-17 226832]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; ??C:WINDOWSsystem32DriversNETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:WINDOWSSystem32DRIVERSShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin; ??C:WINDOWSsystem32DriversWNMFLT.SYS []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 PAVDRV;pavdrv; C:WINDOWSsystem32DRIVERSpavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; ??C:WINDOWSsystem32DRIVERSPavProc.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-10-04 3797632]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-09-15 1339392]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-29 11988]
R3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:WINDOWSsystem32DRIVERSneti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys; ??C:WINDOWSsystem32PavTPK.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:WINDOWSsystem32DRIVERSpoint32.sys [2005-06-10 21760]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
R3 RTIFDH;RTIFDH; C:WINDOWSsystem32DRIVERSrtIFDH.sys [2008-04-16 13056]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-06-07 29440]
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2005-10-23 23000]
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modem Communication Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-18 27165]
S3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:WINDOWSsystem32driversPalmUSBD.sys [2002-09-12 16509]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 RTUSB;Rutoken; C:WINDOWSsystem32DRIVERSrtUSB.SYS [2008-04-16 29440]
S3 s3chipid;s3chipid; ??C:DOCUME~1dLOCALS~1Temps3chipid.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2006-11-10 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2006-11-10 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2006-11-10 84512]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 Via4in1;Via4in1; ??D:Via4in1.sys []
S3 viagfx;viagfx; C:WINDOWSsystem32DRIVERSvtmini.sys [2005-08-24 237312]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-09-15 376832]
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-17 206088]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 cpcsp1;КриптоПро CSP KC1; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-12 168432]
R2 Gwmsrv;Panda Goodware Cache Manager; C:WINDOWSsystem32svchost -k Panda []
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 Panda Software Controller;Panda Software Controller; C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe [2008-07-04 288512]
R2 PSHost;Panda Host Service; c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe [2008-06-25 28928]
R2 TPSrv;Panda TPSrv; C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe [2008-07-17 157440]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-09-14 516096]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]

---

EOF

---

[albash]

Копия info:

info.txt logfile of random’s system information tool 1.05 2009-02-18 22:31:41

======Uninstall list======

—>C:Program FilesInstallShield Installation Information{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}setup.exe -runfromtemp -l0x0019 -removeonly
—>C:Program FilesInstallShield Installation Information{B2C4A8C4-AA20-425D-9FEE-C78039238C81}setup.exe -runfromtemp -l0x0019 -removeonly
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
«Библиотеки электронных наглядных пособий. Физика 7-11 класс»—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2CB97B44-116F-4765-B74D-8F203F8A3E9A}Setup.exe» -l0x19
1С:Образование 3.0—>C:Program FilesCommon Files1C Education Shared1CE3UninstallUninstall.exe
ABBYY FineReader 7.0 Home Edition—>MsiExec.exe /I{8BAE6262-5FB8-46FF-BF6E-AEE4970164AF}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8.1.3—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Edit Magic v9.2.21 Build 821—>»C:Program FilesAudio Edit Magicunins000.exe»
BlueSoleil—>MsiExec.exe /X{E82C83C0-8897-4D91-949D-E051E3F24626}
ffdshow (remove only)—>»C:Program Filesffdshowuninstall.exe»
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_0531C63A913CC9D1.exe» /uninstall
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HOT ALBUM MYBOX—>C:Program FilesHOTALBUMMyBOXVUninst.exe /a
Hotel 6—>C:bp6bp.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
HP Photo and Imaging 2.1 — Scanjet 2400 Series—>MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
ICQ6—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009—>MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
LaserJet 1018—>C:Program FilesZenographics{28E1C291-593C-4CBE-94B7-6566214B9286}setup.exe -u «HPLJInstaller.dll=Hplj1018.inf»
Mad Caps—>C:PROGRA~1GAMEHO~1MadCapsUNWISE.EXE /U C:PROGRA~1GAMEHO~1MadCapsINSTALL.LOG
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Microsoft Works—>MsiExec.exe /I{8A59903F-8F6A-4c67-902F-3724539E54C1}
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero — Burning Rom—>MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NevoSoft Mahjongg Artifacts (remove only)—>»C:Program FilesИгрыMahjongg Artifactsuninstall.exe»
OpenOffice.org 3.0—>MsiExec.exe /I{2B55F645-D18E-4903-B8B1-89B6F8924B5D}
Palm Desktop—>MsiExec.exe /X{1EC8B87D-0D44-4466-99B8-7A490A7CC6CE}
Panda Internet Security 2009—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}SETUP.exe» -l0x19 -removeonly
Phone Link Updater—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C6AE8E1F-EC1B-11D4-A19D-00C04FA0FD08}Setup.exe»
Picasa 2—>»C:Program FilesPicasa2Uninstall.exe»
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
QuickTime—>MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» -l0x19 -removeonly
Rutoken Drivers—>MsiExec.exe /X{93775E2E-3C01-41EE-A817-1022D518D719}
Rutoken support modules for CryptoPro CSP—>MsiExec.exe /X{71D6F81F-9C43-4B7C-8ADF-C63DB32ECBBD}
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility—>C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe -runfromtemp -l0x0019 uninstall -removeonly
Tetris 1.0—>»C:Program FilesADSoftTetrisunins000.exe»
Venta Fax & Voice 5.8 (версия Private) (удаление/восстановление)—>C:Program FilesVentaVentaFax & Voice 5vfuninst.exe
VIA Rhine-Family Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA Диспетчер устройств платформы—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA/S3G Display Driver—>C:PROGRA~1S3UChromePs3minset.exe /u UChromeP.uns
VideoLAN VLC media player 0.8.6c—>C:Program FilesVideoLANVLCuninstall.exe
Viewpoint Media Player (Remove Only)—>C:Program FilesViewpointViewpoint Media PlayermtsAxInstaller.exe -u
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Live Sign-in Assistant—>MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Исправление для Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для проигрывателя Windows Media 11 — (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Король лев — Новые приключения—>C:WINDOWSIsUninst.exe -f»C:Program FilesDisney InteractiveLion_King_ACDeIsL1.isu»
КриптоПро CSP—>MsiExec.exe /I{54A08450-B343-40B0-924E-68F031450996}
Мультимедиа альбом HP—>MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Обновление безопасности для Windows Internet Explorer 7 (KB937143)—>»C:WINDOWSie7updatesKB937143-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB939653)—>»C:WINDOWSie7updatesKB939653-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB942615)—>»C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB950759)—>»C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 9 — (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP9$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Программа обновлений Google—>»C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe» -uninstall
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Расширенный выпуск Microsoft Office 2000—>MsiExec.exe /I{00000419-78E1-11D2-B60F-006097C998E7}
Терминал Альфа-Директ™—>»C:Program FilesAlfaDirectADirect.exe» -remove

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Kaspersky Internet Security
AV: Panda Internet Security 2009
FW: Panda Personal Firewall 2009
FW: Kaspersky Internet Security

System event log

Computer Name: СЕМЕЙНЫЙ
Event Code: 7035
Message: Служба «RkPavproc1» успешно отправила управляющий элемент «запустить».

Record Number: 49354
Source Name: Service Control Manager
Time Written: 20090131150015.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: СЕМЕЙНЫЙ
Event Code: 7036
Message: Служба «Протокол HTTP SSL» перешла в состояние Работает.

Record Number: 49353
Source Name: Service Control Manager
Time Written: 20090131145456.000000+300
Event Type: информация
User:

Computer Name: СЕМЕЙНЫЙ
Event Code: 7035
Message: Служба «Протокол HTTP SSL» успешно отправила управляющий элемент «запустить».

Record Number: 49352
Source Name: Service Control Manager
Time Written: 20090131145456.000000+300
Event Type: информация
User: NT AUTHORITYLOCAL SERVICE

Computer Name: СЕМЕЙНЫЙ
Event Code: 7036
Message: Служба «Узел универсальных PnP-устройств» перешла в состояние Работает.

Record Number: 49351
Source Name: Service Control Manager
Time Written: 20090131145453.000000+300
Event Type: информация
User:

Computer Name: СЕМЕЙНЫЙ
Event Code: 7036
Message: Служба «Диспетчер авто-подключений удаленного доступа» перешла в состояние Работает.

Record Number: 49350
Source Name: Service Control Manager
Time Written: 20090131145452.000000+300
Event Type: информация
User:

Application event log

Computer Name: СЕМЕЙНЫЙ
Event Code: 4000
Message: The Panda Anti-virus Service has started successfully.

Record Number: 6463
Source Name: Sentinel
Time Written: 20080804084537.000000+360
Event Type: информация
User:

Computer Name: СЕМЕЙНЫЙ
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 6462
Source Name: SecurityCenter
Time Written: 20080804084523.000000+360
Event Type: информация
User:

Computer Name: СЕМЕЙНЫЙ
Event Code: 0
Message:
Record Number: 6461
Source Name: gusvc
Time Written: 20080804084454.000000+360
Event Type: информация
User:

Computer Name: СЕМЕЙНЫЙ
Event Code: 105
Message: The service was started.

Record Number: 6460
Source Name: ATI Smart
Time Written: 20080804084451.000000+360
Event Type: информация
User:

Computer Name: СЕМЕЙНЫЙ
Event Code: 1002
Message: Зависшее приложение iexplore.exe, версия 7.0.6000.16674, зависший модуль hungapp, версия 0.0.0.0, адрес 0x00000000.

Record Number: 6459
Source Name: Application Hang
Time Written: 20080804000317.000000+360
Event Type: ошибка
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESATI TECHNOLOGIESATI CONTROL PANEL;C:Program FilesPanda SecurityPanda Internet Security 2009;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 1, GenuineIntel
«PROCESSOR_REVISION»=0401
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesJavajre6libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre6libextQTJava.zip

---

EOF

---

Спасибо.

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Судя по RSIT логу ваш компьютер так же заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Кликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ.

[albash]

Здравствуйте!
Выполнил следующие операции:
1. Отключил антивирусы
2. Запустил Flash_Disinfector
3. Снова запустил Malwarebytes anti-Malware
4. Удалил всё, что было найдено
Malwarebytes’ Anti-Malware 1.34
Версия базы данных: 1749
Windows 5.1.2600 Service Pack 3

21.02.2009 12:57:48
mbam-log-2009-02-21 (12-57-48).txt

Тип проверки: Полная (C:|E:|K:|)
Проверено объектов: 173055
Прошло времени: 57 minute(s), 17 second(s)

Заражено процессов в памяти: 1
Заражено модулей в памяти: 0
Заражено ключей реестра: 3
Заражено значений реестра: 2
Заражено параметров реестра: 7
Заражено папок: 0
Заражено файлов: 5

Заражено процессов в памяти:
C:WINDOWSsystem32frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Заражено модулей в памяти:
(Вредоносные программы не обнаружены)

Заражено ключей реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1094613f-84b6-4131-aec1-71df88291044} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREAntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

Заражено значений реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunAntivirusXP.exe (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunFramework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Заражено параметров реестра:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesActiveDesktopNoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesactivedesktopNoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Заражено папок:
(Вредоносные программы не обнаружены)

Заражено файлов:
C:Documents and SettingsdApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:WINDOWSsystem32warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Documents and SettingsdLocal SettingsTempmousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Рабочий стол исправился, папки сами по себе не открываются, посетить сайт Antivirus XP Pro 2009 не предлагают.
Большое Спасибо.

[Admin]

Вы конечно сделали большую работу, но я просил немного о другом.
Мне нужен Avenger лог, чтобы проверить ваш компьютер на наличие руткитов.
Так же приложите свежий RSIT лог.

[albash]

Свежий лог:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by d at 2009-02-21 21:35:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 510 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:34, on 21.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
C:PROGRAM FILESPANDA SECURITYPANDA INTERNET SECURITY 2009WebProxy.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009AVENGINE.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009ApvxdWin.exe
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMicrosoft IntelliType Protype32.exe
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesQuickTimeQTTask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesHOTALBUMMyBOXMediaChecker.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesPanda SecurityPanda Internet Security 2009SRVLOAD.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009PavBckPT.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000
C:Program FilesOpenOffice.org 3programsoffice.bin
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32msfeedssync.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsdМои документыАнтивирусыRSIT.exe
C:Program Filestrend microd.exe

R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: (no name) — {A5366673-E8CA-11D3-9CD9-0090271D075B} — (no file)
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: &Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 — HKLM..Run: [VTTimer] VTTimer.exe
O4 — HKLM..Run: [VTTrayp] VTtrayp.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe
O4 — HKLM..Run: [type32] «C:Program FilesMicrosoft IntelliType Protype32.exe»
O4 — HKLM..Run: [IntelliPoint] «C:Program FilesMicrosoft IntelliPointpoint32.exe»
O4 — HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [MBBalloon] C:Program FilesHOTALBUMMyBOXMBBalloon.exe
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 — HKLM..Run: [APVXDWIN] «C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE» /s
O4 — HKLM..Run: [SCANINICIO] «C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [feedreader.exe] «C:Program FilesFeedReader30feedreader.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesMSN MessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-19..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O4 — Startup: OpenOffice.org 3.0.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: MediaChecker.lnk = C:Program FilesHOTALBUMMyBOXMediaChecker.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MI1933~1Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} (SecureEx Class) — http://demo.bankline.ru/servlets/ibc?File=11309.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O17 — HKLMSystemCCSServicesTcpip..{85C977D4-A0C4-4E9D-A888-0CC8849B01E4}: NameServer = 213.135.97.131,195.128.128.1
O17 — HKLMSystemCS1ServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MI1933~1Office12GR99D3~1.DLL
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: cpcsp — C:Program FilesCrypto ProCSPcpcspi.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Panda Software Controller — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
O23 — Service: Panda Function Service (PAVFNSVR) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
O23 — Service: Panda Process Protection Service (PavPrSrv) — Panda Security, S.L. — C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
O23 — Service: Panda On-Access Anti-Malware Service (PAVSRV) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Panda Host Service (PSHost) — Panda Software International — c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
O23 — Service: Panda IManager Service (PSIMSVC) — Panda Security S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
O23 — Service: Panda PSK service (PskSvcRetail) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Panda TPSrv (TPSrv) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 14569 bytes

======Scheduled tasks folder======

C:WINDOWStasksUser_Feed_Synchronization-{5797FC88-E461-4A06-B2D1-D81ECB1BB3DF}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2009-01-01 657904]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll [2009-01-01 522224]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VTTimer»=C:WINDOWSSYSTEM32VTTimer.exe [2005-03-08 53248]
«VTTrayp»=C:WINDOWSSYSTEM32VTtrayp.exe [2005-03-11 147456]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-10-04 90112]
«RaidTool»=C:Program FilesVIARAIDraid_tool.exe [2005-06-20 1056768]
«type32″=C:Program FilesMicrosoft IntelliType Protype32.exe [2005-06-10 196608]
«IntelliPoint»=C:Program FilesMicrosoft IntelliPointpoint32.exe [2005-06-10 217088]
«NeroCheck»=C:WINDOWSsystem32\NeroCheck.exe [2001-07-09 155648]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-09-14 344064]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2008-04-14 110592]
«MBBalloon»=C:Program FilesHOTALBUMMyBOXMBBalloon.exe [2006-12-15 787096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«Share-to-Web Namespace Daemon»=C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe [2002-04-17 69632]
«APVXDWIN»=C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE [2008-12-03 869632]
«SCANINICIO»=C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe [2008-07-07 50432]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«feedreader.exe»=C:Program FilesFeedReader30feedreader.exe []
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe -AutoStart []
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
«MsnMsgr»=C:Program FilesMSN MessengerMsnMsgr.Exe /background []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-02-02 68856]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
MediaChecker.lnk — C:Program FilesHOTALBUMMyBOXMediaChecker.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

C:Documents and SettingsdГлавное менюПрограммыАвтозагрузка
HotSync Manager.lnk — C:Program FilesPalmHOTSYNC.EXE
OpenOffice.org 3.0.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
C:WINDOWSSYSTEM32avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycpcsp]
C:Program FilesCrypto ProCSPcpcspi.dll [2008-07-28 726528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF
«NoSetActiveDesktop»=0
«NoActiveDesktopChanges»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSetActiveDesktop»=
«NoActiveDesktopChanges»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000″=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000:*:Enabled:BlueSoleil»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Disabled:Internet Explorer»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe»=»C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe:*:Enabled:Firebird Database Server»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{21c46712-3501-11dc-a151-001583b3d7be}]
shellAutocommand — AdobeR.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{321bbbf0-4308-11dc-a15b-001583b3d7be}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — Recycledctfmon.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9e-5814-11dd-a458-00142aa0ed4b}]
shellAutoRuncommand — E:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9f-5814-11dd-a458-00142aa0ed4b}]
shellAutocommand — fun.xls.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4e7b03cc-9b39-11db-9f8a-001583b3d7be}]
shellAutocommand — E:AdobeR.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64347be4-d063-11db-a027-001583b3d7be}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — J:Recycledctfmon.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d100bb8-62b9-11dd-a473-00142aa0ed4b}]
shellAutoRuncommand — u.bat
shellexplorecommand — u.bat
shellopencommand — u.bat

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b2e2ac22-11c9-11dd-a3c8-00142aa0ed4b}]
shellAutocommand — AdobeR.exe e
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

======File associations======

.js — open — C:PROGRA~1PANDAS~2PANDAI~2PAVSCRIP.EXE «%1» %*
.vbs — open — C:PROGRA~1PANDAS~2PANDAI~2PAVSCRIP.EXE «%1» %*

======List of files/folders created in the last 1 months======

2009-02-21 13:54:48 —-SHD—- C:Config.Msi
2009-02-21 11:23:31 —-RASHD—- C:autorun.inf
2009-02-19 14:49:35 —-D—- C:Documents and SettingsAll UsersApplication DataPanda Software
2009-02-18 22:30:25 —-D—- C:Program Filestrend micro
2009-02-18 22:30:22 —-D—- C:rsit
2009-02-18 21:09:55 —-D—- C:WINDOWSInstall
2009-02-18 09:50:24 —-D—- C:Documents and SettingsdApplication DataMalwarebytes
2009-02-18 09:49:37 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-18 09:49:37 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-18 09:48:12 —-A—- C:Program Filesmbam-setup.exe
2009-02-18 09:33:14 —-A—- C:zip.exe
2009-02-18 09:33:14 —-A—- C:cleanup.exe
2009-02-18 09:33:14 —-A—- C:cleanup.bat
2009-02-16 21:20:52 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-16 21:20:19 —-A—- C:Program Fileskis8.0.0.506ru.exe
2009-02-16 15:52:36 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-16 14:34:04 —-A—- C:WINDOWScalc.exe
2009-02-13 21:32:51 —-D—- C:Documents and SettingsdApplication DataApple Computer
2009-02-13 20:35:12 —-D—- C:Program FilesQuickTime
2009-02-13 20:35:11 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2009-02-13 20:34:47 —-D—- C:Program FilesApple Software Update
2009-02-13 20:34:47 —-D—- C:Documents and SettingsAll UsersApplication DataApple
2009-02-13 20:33:57 —-A—- C:Program FilesQuickTimeInstaller.exe
2009-02-11 13:06:13 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-01 18:36:14 —-D—- C:Program FilesCommon FilesEduSetup
2009-02-01 18:36:02 —-D—- C:Program FilesCommon Files1C Education Shared
2009-02-01 18:36:02 —-D—- C:Program Files1C Education

======List of files/folders modified in the last 1 months======

2009-02-21 21:35:10 —-D—- C:WINDOWSPrefetch
2009-02-21 21:34:59 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-21 20:58:08 —-D—- C:WINDOWSTemp
2009-02-21 20:57:43 —-D—- C:WINDOWSsystem32drivers
2009-02-21 20:57:11 —-A—- C:WINDOWSModemLog_Bluetooth Fax Modem.txt
2009-02-21 20:57:11 —-A—- C:WINDOWSModemLog_Bluetooth DUN Modem.txt
2009-02-21 20:57:05 —-A—- C:WINDOWSModemLog_Стандартный модем 56000 bps.txt
2009-02-21 20:57:05 —-A—- C:WINDOWSModemLog_GPRS via Bluetooth(tm) #5.txt
2009-02-21 20:57:05 —-A—- C:WINDOWSModemLog_Conexant SC56D External PnP, V.92,V.90,Voice,Speakerphone.txt
2009-02-21 20:56:48 —-D—- C:WINDOWSsystem32
2009-02-21 20:55:49 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-21 18:07:47 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-02-21 15:06:09 —-D—- C:WINDOWS
2009-02-21 13:57:32 —-SHD—- C:WINDOWSInstaller
2009-02-21 13:57:03 —-RD—- C:Program Files
2009-02-21 13:56:25 —-HD—- C:WINDOWSinf
2009-02-21 10:41:25 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-21 10:20:08 —-A—- C:WINDOWShpqcopy.INI
2009-02-16 08:38:40 —-A—- C:WINDOWSupdate.exe
2009-02-15 21:49:16 —-D—- C:Documents and SettingsdApplication DataSkype
2009-02-15 19:24:54 —-D—- C:Documents and SettingsdApplication DataskypePM
2009-02-13 20:36:00 —-D—- C:Program FilesInternet Explorer
2009-02-11 13:06:12 —-HD—- C:WINDOWS$hf_mig$
2009-02-11 13:06:06 —-A—- C:WINDOWSimsins.BAK
2009-02-11 13:05:32 —-D—- C:WINDOWSie7updates
2009-02-09 12:54:24 —-D—- C:Program FilesMetaTrader — Masterforex
2009-02-04 04:21:12 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-01 18:36:41 —-A—- C:WINDOWSODBC.INI
2009-02-01 18:36:25 —-A—- C:WINDOWSODBCINST.INI
2009-02-01 18:36:14 —-D—- C:Program FilesCommon Files
2009-01-31 22:12:27 —-SD—- C:Documents and SettingsdApplication DataMicrosoft
2009-01-28 08:58:47 —-A—- C:WINDOWSwin.ini
2009-01-24 20:07:21 —-D—- C:WINDOWSsystem32wbem
2009-01-24 20:07:20 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-23 22:20:52 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2008-08-20 82380]
R1 APPFLT;App Filter Plugin; ??C:WINDOWSsystem32DriversAPPFLT.SYS []
R1 CProCtrl;КриптоПро CSP драйвер; C:WINDOWSsystem32DRIVERSCProCtrl.sys [2008-07-21 54024]
R1 DSAFLT;DSA Filter Plugin; ??C:WINDOWSsystem32DriversDSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; ??C:WINDOWSsystem32Driversfnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; ??C:WINDOWSsystem32DriversIDSFLT.SYS []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; ??C:WINDOWSsystem32DriversNETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:WINDOWSSystem32DRIVERSShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin; ??C:WINDOWSsystem32DriversWNMFLT.SYS []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 PAVDRV;pavdrv; C:WINDOWSsystem32DRIVERSpavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; ??C:WINDOWSsystem32DRIVERSPavProc.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-10-04 3797632]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-09-15 1339392]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-29 11988]
R3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:WINDOWSsystem32DRIVERSneti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys; ??C:WINDOWSsystem32PavTPK.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:WINDOWSsystem32DRIVERSpoint32.sys [2005-06-10 21760]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
R3 RTIFDH;RTIFDH; C:WINDOWSsystem32DRIVERSrtIFDH.sys [2008-04-16 13056]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-06-07 29440]
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2005-10-23 23000]
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modem Communication Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-18 27165]
S3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:WINDOWSsystem32driversPalmUSBD.sys [2002-09-12 16509]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 RTUSB;Rutoken; C:WINDOWSsystem32DRIVERSrtUSB.SYS [2008-04-16 29440]
S3 s3chipid;s3chipid; ??C:DOCUME~1dLOCALS~1Temps3chipid.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2006-11-10 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2006-11-10 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2006-11-10 84512]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 Via4in1;Via4in1; ??D:Via4in1.sys []
S3 viagfx;viagfx; C:WINDOWSsystem32DRIVERSvtmini.sys [2005-08-24 237312]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-09-15 376832]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 cpcsp1;КриптоПро CSP KC1; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-12 168432]
R2 Gwmsrv;Panda Goodware Cache Manager; C:WINDOWSsystem32svchost -k Panda []
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 Panda Software Controller;Panda Software Controller; C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe [2008-07-04 288512]
R2 PSHost;Panda Host Service; c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe [2008-06-25 28928]
R2 TPSrv;Panda TPSrv; C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe [2008-07-17 157440]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-09-14 516096]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]

---

EOF

---

[albash]

свежий лог avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

[Admin]

Руткитов нет, но нужно ещё немного подчистить реестр.

Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.

:Processes

explorer.exe



:reg

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{21c46712-3501-11dc-a151-001583b3d7be}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{321bbbf0-4308-11dc-a15b-001583b3d7be}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9e-5814-11dd-a458-00142aa0ed4b}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9f-5814-11dd-a458-00142aa0ed4b}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4e7b03cc-9b39-11db-9f8a-001583b3d7be}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64347be4-d063-11db-a027-001583b3d7be}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d100bb8-62b9-11dd-a473-00142aa0ed4b}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b2e2ac22-11c9-11dd-a3c8-00142aa0ed4b}]



:Commands

[emptytemp]

[start explorer]

[Reboot]

Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен вглядить так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. Так же приложите свежий RSIT лог.

[albash]

Здравствуйте!
Лог OTMoveIt3:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{21c46712-3501-11dc-a151-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{321bbbf0-4308-11dc-a15b-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9e-5814-11dd-a458-00142aa0ed4b}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9f-5814-11dd-a458-00142aa0ed4b}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4e7b03cc-9b39-11db-9f8a-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64347be4-d063-11db-a027-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d100bb8-62b9-11dd-a473-00142aa0ed4b}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b2e2ac22-11c9-11dd-a3c8-00142aa0ed4b}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF191B.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF36CF.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF36DA.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF5E40.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF5E71.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFD70.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF738.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF747.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF762.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF7CD.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF7DF.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF7EB.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_0 scheduled to be deleted on reboot.
File delete failed. C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_1 scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_1f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02242009_085349

Files moved on Reboot…
File C:DOCUME~1dLOCALS~1Temp~DF191B.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF36CF.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF36DA.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF5E40.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF5E71.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFD70.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF738.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF747.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF762.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF7CD.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF7DF.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF7EB.tmp not found!
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_0 moved successfully.
C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_1 moved successfully.
File C:WINDOWStempPerflib_Perfdata_1f0.dat not found!

[albash]

Свежий лог RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by d at 2009-02-24 09:27:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 510 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:53, on 24.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
C:PROGRAM FILESPANDA SECURITYPANDA INTERNET SECURITY 2009WebProxy.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
C:Program FilesPanda SecurityPanda Internet Security 2009AVENGINE.EXE
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009ApvxdWin.exe
C:Program FilesPanda SecurityPanda Internet Security 2009SRVLOAD.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009PavBckPT.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32msfeedssync.exe
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMicrosoft IntelliType Protype32.exe
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesQuickTimeQTTask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesHOTALBUMMyBOXMediaChecker.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsdМои документыАнтивирусыRSIT.exe
C:Program Filestrend microd.exe

R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: (no name) — {A5366673-E8CA-11D3-9CD9-0090271D075B} — (no file)
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: &Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 — HKLM..Run: [VTTimer] VTTimer.exe
O4 — HKLM..Run: [VTTrayp] VTtrayp.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe
O4 — HKLM..Run: [type32] «C:Program FilesMicrosoft IntelliType Protype32.exe»
O4 — HKLM..Run: [IntelliPoint] «C:Program FilesMicrosoft IntelliPointpoint32.exe»
O4 — HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [MBBalloon] C:Program FilesHOTALBUMMyBOXMBBalloon.exe
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 — HKLM..Run: [APVXDWIN] «C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE» /s
O4 — HKLM..Run: [SCANINICIO] «C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [feedreader.exe] «C:Program FilesFeedReader30feedreader.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesMSN MessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-19..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O4 — Startup: OpenOffice.org 3.0.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: MediaChecker.lnk = C:Program FilesHOTALBUMMyBOXMediaChecker.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MI1933~1Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} (SecureEx Class) — http://demo.bankline.ru/servlets/ibc?File=11309.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O17 — HKLMSystemCCSServicesTcpip..{85C977D4-A0C4-4E9D-A888-0CC8849B01E4}: NameServer = 213.135.97.131,195.128.128.1
O17 — HKLMSystemCS1ServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MI1933~1Office12GR99D3~1.DLL
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: cpcsp — C:Program FilesCrypto ProCSPcpcspi.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Panda Software Controller — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
O23 — Service: Panda Function Service (PAVFNSVR) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
O23 — Service: Panda Process Protection Service (PavPrSrv) — Panda Security, S.L. — C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
O23 — Service: Panda On-Access Anti-Malware Service (PAVSRV) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Panda Host Service (PSHost) — Panda Software International — c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
O23 — Service: Panda IManager Service (PSIMSVC) — Panda Security S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
O23 — Service: Panda PSK service (PskSvcRetail) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Panda TPSrv (TPSrv) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 14568 bytes

======Scheduled tasks folder======

C:WINDOWStasksUser_Feed_Synchronization-{5797FC88-E461-4A06-B2D1-D81ECB1BB3DF}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2009-01-01 657904]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll [2009-01-01 522224]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VTTimer»=C:WINDOWSSYSTEM32VTTimer.exe [2005-03-08 53248]
«VTTrayp»=C:WINDOWSSYSTEM32VTtrayp.exe [2005-03-11 147456]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-10-04 90112]
«RaidTool»=C:Program FilesVIARAIDraid_tool.exe [2005-06-20 1056768]
«type32″=C:Program FilesMicrosoft IntelliType Protype32.exe [2005-06-10 196608]
«IntelliPoint»=C:Program FilesMicrosoft IntelliPointpoint32.exe [2005-06-10 217088]
«NeroCheck»=C:WINDOWSsystem32\NeroCheck.exe [2001-07-09 155648]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-09-14 344064]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2008-04-14 110592]
«MBBalloon»=C:Program FilesHOTALBUMMyBOXMBBalloon.exe [2006-12-15 787096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«Share-to-Web Namespace Daemon»=C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe [2002-04-17 69632]
«APVXDWIN»=C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE [2008-12-03 869632]
«SCANINICIO»=C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe [2008-07-07 50432]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«feedreader.exe»=C:Program FilesFeedReader30feedreader.exe []
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe -AutoStart []
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
«MsnMsgr»=C:Program FilesMSN MessengerMsnMsgr.Exe /background []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-02-02 68856]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
MediaChecker.lnk — C:Program FilesHOTALBUMMyBOXMediaChecker.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

C:Documents and SettingsdГлавное менюПрограммыАвтозагрузка
HotSync Manager.lnk — C:Program FilesPalmHOTSYNC.EXE
OpenOffice.org 3.0.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
C:WINDOWSSYSTEM32avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycpcsp]
C:Program FilesCrypto ProCSPcpcspi.dll [2008-07-28 726528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF
«NoSetActiveDesktop»=0
«NoActiveDesktopChanges»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSetActiveDesktop»=
«NoActiveDesktopChanges»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000″=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000:*:Enabled:BlueSoleil»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Disabled:Internet Explorer»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe»=»C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe:*:Enabled:Firebird Database Server»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»

======File associations======

.js — open — C:PROGRA~1PANDAS~2PANDAI~2PAVSCRIP.EXE «%1» %*
.vbs — open — C:PROGRA~1PANDAS~2PANDAI~2PAVSCRIP.EXE «%1» %*

======List of files/folders created in the last 1 months======

2009-02-24 08:53:49 —-D—- C:_OTMoveIt
2009-02-21 22:18:25 —-D—- C:Avenger
2009-02-21 22:18:25 —-A—- C:avenger.txt
2009-02-21 13:54:48 —-SHD—- C:Config.Msi
2009-02-21 11:23:31 —-RASHD—- C:autorun.inf
2009-02-19 14:49:35 —-D—- C:Documents and SettingsAll UsersApplication DataPanda Software
2009-02-18 22:30:25 —-D—- C:Program Filestrend micro
2009-02-18 22:30:22 —-D—- C:rsit
2009-02-18 21:09:55 —-D—- C:WINDOWSInstall
2009-02-18 09:50:24 —-D—- C:Documents and SettingsdApplication DataMalwarebytes
2009-02-18 09:49:37 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-18 09:49:37 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-18 09:48:12 —-A—- C:Program Filesmbam-setup.exe
2009-02-16 21:20:52 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-16 21:20:19 —-A—- C:Program Fileskis8.0.0.506ru.exe
2009-02-16 15:52:36 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-16 14:34:04 —-A—- C:WINDOWScalc.exe
2009-02-13 21:32:51 —-D—- C:Documents and SettingsdApplication DataApple Computer
2009-02-13 20:35:12 —-D—- C:Program FilesQuickTime
2009-02-13 20:35:11 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2009-02-13 20:34:47 —-D—- C:Program FilesApple Software Update
2009-02-13 20:34:47 —-D—- C:Documents and SettingsAll UsersApplication DataApple
2009-02-13 20:33:57 —-A—- C:Program FilesQuickTimeInstaller.exe
2009-02-11 13:06:13 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-01 18:36:14 —-D—- C:Program FilesCommon FilesEduSetup
2009-02-01 18:36:02 —-D—- C:Program FilesCommon Files1C Education Shared
2009-02-01 18:36:02 —-D—- C:Program Files1C Education

======List of files/folders modified in the last 1 months======

2009-02-24 09:26:46 —-D—- C:WINDOWSPrefetch
2009-02-24 09:05:31 —-D—- C:WINDOWSTemp
2009-02-24 08:59:23 —-D—- C:WINDOWSsystem32drivers
2009-02-24 08:59:02 —-A—- C:WINDOWSModemLog_Bluetooth Fax Modem.txt
2009-02-24 08:59:02 —-A—- C:WINDOWSModemLog_Bluetooth DUN Modem.txt
2009-02-24 08:58:56 —-A—- C:WINDOWSModemLog_Conexant SC56D External PnP, V.92,V.90,Voice,Speakerphone.txt
2009-02-24 08:58:55 —-A—- C:WINDOWSModemLog_Стандартный модем 56000 bps.txt
2009-02-24 08:58:55 —-A—- C:WINDOWSModemLog_GPRS via Bluetooth(tm) #5.txt
2009-02-24 08:58:32 —-D—- C:WINDOWSsystem32
2009-02-24 08:57:36 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-24 08:52:55 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-23 20:14:42 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-02-21 22:18:25 —-RD—- C:Program Files
2009-02-21 15:06:09 —-D—- C:WINDOWS
2009-02-21 13:57:32 —-SHD—- C:WINDOWSInstaller
2009-02-21 13:56:25 —-HD—- C:WINDOWSinf
2009-02-21 10:41:25 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-21 10:20:08 —-A—- C:WINDOWShpqcopy.INI
2009-02-16 08:38:40 —-A—- C:WINDOWSupdate.exe
2009-02-15 21:49:16 —-D—- C:Documents and SettingsdApplication DataSkype
2009-02-15 19:24:54 —-D—- C:Documents and SettingsdApplication DataskypePM
2009-02-13 20:36:00 —-D—- C:Program FilesInternet Explorer
2009-02-11 13:06:12 —-HD—- C:WINDOWS$hf_mig$
2009-02-11 13:06:06 —-A—- C:WINDOWSimsins.BAK
2009-02-11 13:05:32 —-D—- C:WINDOWSie7updates
2009-02-09 12:54:24 —-D—- C:Program FilesMetaTrader — Masterforex
2009-02-04 04:21:12 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-01 18:36:41 —-A—- C:WINDOWSODBC.INI
2009-02-01 18:36:25 —-A—- C:WINDOWSODBCINST.INI
2009-02-01 18:36:14 —-D—- C:Program FilesCommon Files
2009-01-31 22:12:27 —-SD—- C:Documents and SettingsdApplication DataMicrosoft
2009-01-28 08:58:47 —-A—- C:WINDOWSwin.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2008-08-20 82380]
R1 APPFLT;App Filter Plugin; ??C:WINDOWSsystem32DriversAPPFLT.SYS []
R1 CProCtrl;КриптоПро CSP драйвер; C:WINDOWSsystem32DRIVERSCProCtrl.sys [2008-07-21 54024]
R1 DSAFLT;DSA Filter Plugin; ??C:WINDOWSsystem32DriversDSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; ??C:WINDOWSsystem32Driversfnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; ??C:WINDOWSsystem32DriversIDSFLT.SYS []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; ??C:WINDOWSsystem32DriversNETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:WINDOWSSystem32DRIVERSShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin; ??C:WINDOWSsystem32DriversWNMFLT.SYS []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 PAVDRV;pavdrv; C:WINDOWSsystem32DRIVERSpavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; ??C:WINDOWSsystem32DRIVERSPavProc.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-10-04 3797632]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-09-15 1339392]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-29 11988]
R3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:WINDOWSsystem32DRIVERSneti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys; ??C:WINDOWSsystem32PavTPK.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:WINDOWSsystem32DRIVERSpoint32.sys [2005-06-10 21760]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
R3 RTIFDH;RTIFDH; C:WINDOWSsystem32DRIVERSrtIFDH.sys [2008-04-16 13056]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-06-07 29440]
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2005-10-23 23000]
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modem Communication Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-18 27165]
S3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:WINDOWSsystem32driversPalmUSBD.sys [2002-09-12 16509]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 RTUSB;Rutoken; C:WINDOWSsystem32DRIVERSrtUSB.SYS [2008-04-16 29440]
S3 s3chipid;s3chipid; ??C:DOCUME~1dLOCALS~1Temps3chipid.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2006-11-10 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2006-11-10 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2006-11-10 84512]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 Via4in1;Via4in1; ??D:Via4in1.sys []
S3 viagfx;viagfx; C:WINDOWSsystem32DRIVERSvtmini.sys [2005-08-24 237312]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-09-15 376832]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 cpcsp1;КриптоПро CSP KC1; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-12 168432]
R2 Gwmsrv;Panda Goodware Cache Manager; C:WINDOWSsystem32svchost -k Panda []
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 Panda Software Controller;Panda Software Controller; C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe [2008-07-04 288512]
R2 PSHost;Panda Host Service; c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe [2008-06-25 28928]
R2 TPSrv;Panda TPSrv; C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe [2008-07-17 157440]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-09-14 516096]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]

---

EOF

---

[Admin]

Лог выглядит нормально, как работает компьютер ?

[albash]

Здравствуйте!
1. Компьютер все вноввь создаваемые документы сохраняет с расширением .docx
2. Замедлилось исполнение команд (Открыть файл, запустить программу)
3. Заметно упала скорость интернета, на открываемых страницах некоторые цифры выглядят сжатыми, некоторые нормальные
4. Кажется увеличился входящий трафик (точно не сравнивал).
Можно ли что-то сделать?
Спасибо.

[Admin]

1. Компьютер все вноввь создаваемые документы сохраняет с расширением .docx

Если у вас последняя версия MS офиса, то это нормально.

2. Замедлилось исполнение команд (Открыть файл, запустить программу)

Все программы медлено работают ? Или каких команд ?

3. Заметно упала скорость интернета, на открываемых страницах некоторые цифры выглядят сжатыми, некоторые нормальные

Хмм, что то странное. На всех сайтах ? В Internet Explorer`e и Firefox`e ?

4. Кажется увеличился входящий трафик (точно не сравнивал).

Тогда почему так кажется ?

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

[albash]

ComboFix 09-03-03.01 — d 2009-03-04 13:21:02.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.510.83 [GMT 5:00]
Running from: c:documents and settingsdРабочий столComboFix.exe
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem321

.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 13:19 . 2009-03-04 13:19

d

---

C:32788R22FWJFW
2009-02-23 19:34 . 2009-02-23 19:34 d—hs—- c:documents and settingsdUserData
2009-02-19 14:49 . 2009-02-19 14:49 d

---

c:documents and settingsAll UsersApplication DataPanda Software
2009-02-18 22:30 . 2009-02-24 09:27 d

---

c:program filestrend micro
2009-02-18 21:09 . 2009-02-18 21:09 d

---

c:windowsInstall
2009-02-18 09:50 . 2009-02-18 09:50 d

---

c:documents and settingsdApplication DataMalwarebytes
2009-02-18 09:49 . 2009-02-18 09:49 d

---

c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-18 09:48 . 2009-02-18 09:48 2,876,720 —a

---

c:program filesmbam-setup.exe
2009-02-17 13:00 . 2008-04-14 21:11 26,624 —a—c— c:windowssystem32dllcacheuserinit.exe
2009-02-16 21:20 . 2009-02-16 21:20 d

---

c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-16 21:20 . 2009-02-16 21:20 43,130,072 —a

---

c:program fileskis8.0.0.506ru.exe
2009-02-16 15:52 . 2009-02-16 21:40 d

---

c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-13 21:32 . 2009-02-13 21:32 d

---

c:documents and settingsdApplication DataApple Computer
2009-02-13 20:35 . 2009-02-13 20:35 d

---

c:program filesQuickTime
2009-02-13 20:35 . 2009-02-13 20:35 d

---

c:documents and settingsAll UsersApplication DataApple Computer
2009-02-13 20:34 . 2009-02-13 20:34 d

---

c:program filesApple Software Update
2009-02-13 20:34 . 2009-02-13 20:34 d

---

c:documents and settingsAll UsersApplication DataApple
2009-02-13 20:33 . 2009-02-13 20:34 21,878,064 —a

---

c:program filesQuickTimeInstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 08:11 13,880 —-a-w c:windowssystem32driversCOMFiltr.sys
2009-03-04 08:11 1,132 —-a-w c:windowssystem32driversAPPFLTR.CFG.bck
2009-03-04 08:11 1,132 —-a-w c:windowssystem32driversAPPFLTR.CFG
2009-03-03 04:31 294,752 —-a-w c:windowssystem32driversAPPFCONT.DAT.bck
2009-03-03 04:31 294,752 —-a-w c:windowssystem32driversAPPFCONT.DAT
2009-03-02 09:19

---

d

---

w c:program filesMetaTrader — Masterforex
2009-03-02 08:59

---

d

---

w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-02-25 04:53

---

d

---

w c:documents and settingsdApplication DataSkype
2009-02-25 04:52

---

d

---

w c:documents and settingsdApplication DataskypePM
2009-02-01 13:36

---

d

---

w c:program filesCommon FilesEduSetup
2009-02-01 13:36

---

d

---

w c:program filesCommon Files1C Education Shared
2009-02-01 13:36

---

d

---

w c:program files1C Education
2009-01-23 17:20

---

d

---

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-19 13:52

---

d

---

w c:program files1C Repetitor
2009-01-19 13:16

---

d

---

w c:documents and settingsAll UsersApplication DataQuickTime
2009-01-19 13:13

---

d

---

w c:program filesViewpoint
2009-01-19 13:10

---

d—h—w c:program filesInstallShield Installation Information
2009-01-17 15:43 399,360 —-a-w c:windowssystem32dllcacherpcss.dll
2009-01-15 13:27

---

d

---

r c:program filesAlfaDirect
2009-01-14 14:41

---

d

---

w c:program filesMSBuild
2009-01-14 14:41

---

d

---

w c:program filesMicrosoft Works
2009-01-14 14:39

---

d

---

w c:program filesMicrosoft.NET
2009-01-04 12:23

---

d

---

w c:program filesDisney Interactive
2008-12-20 23:03 826,368 —-a-w c:windowssystem32wininet.dll
2008-09-25 03:59 1,684,200 —-a-w c:program filesADSetup.exe
2008-09-16 04:11 164 —ha-w c:documents and settingsAll Usershpothb07.dat
2008-09-16 04:11 156 —ha-w c:documents and settingsdhpothb07.dat
2008-09-10 09:44 135,071,428 —-a-w c:program filesOOo_2.4.1_Win32Intel_install_wJRE_ru.exe
2008-09-08 08:03 6,114,816 —-a-w c:program filesrambler-icq5_1.exe
2008-08-24 14:39 1,662,925 —-a-w c:program filestetris.zip
2008-03-18 09:30 3,650,904 —-a-w c:program filesmt4setup.exe
2005-12-21 15:18 0 —-a-w c:documents and settingsdApplication Datawklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_13.04.41,04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-04 08:10:16 16,384 —-atw c:windowsTempPerflib_Perfdata_740.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-03-14 457992]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-02-02 68856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RaidTool»=»c:program filesVIARAIDraid_tool.exe» [2005-06-20 1056768]
«type32″=»c:program filesMicrosoft IntelliType Protype32.exe» [2005-06-10 196608]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointpoint32.exe» [2005-06-10 217088]
«NeroCheck»=»c:windowssystem32\NeroCheck.exe» [2001-07-09 155648]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-09-14 344064]
«MBBalloon»=»c:program filesHOTALBUMMyBOXMBBalloon.exe» [2006-12-15 787096]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«Share-to-Web Namespace Daemon»=»c:program filesHewlett-PackardHP Share-to-Webhpgs2wnd.exe» [2002-04-17 69632]
«APVXDWIN»=»c:program filesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE» [2008-12-03 869632]
«SCANINICIO»=»c:program filesPanda SecurityPanda Internet Security 2009Inicio.exe» [2008-07-07 50432]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 39792]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-10 136600]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«VTTimer»=»VTTimer.exe» [2005-03-08 c:windowssystem32VTTimer.exe]
«VTTrayp»=»VTtrayp.exe» [2005-03-11 c:windowssystem32VTTrayp.exe]
«SoundMan»=»SOUNDMAN.EXE» [2005-10-04 c:windowssoundman.exe]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 c:windowssystem32bthprops.cpl]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

c:documents and settingsdѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
HotSync Manager.lnk — c:program filesPalmHOTSYNC.EXE [2002-09-12 299008]
OpenOffice.org 3.0.lnk — c:program filesOpenOffice.org 3programquickstart.exe [2008-09-12 384000]
‚л१Є  нЄа ­  Ё Їа®Ја ¬¬  § ЇгбЄ  ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]
€­бва㬥­в Їа®ўҐаЄЁ ­®бЁвҐ«п Picture Motion Browser.lnk — c:program filesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe [2008-06-21 385024]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-04-28 872526]
MediaChecker.lnk — c:program filesHOTALBUMMyBOXMediaChecker.exe [2006-12-15 913560]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifycpcsp]
2008-07-28 14:53 726528 c:program filesCrypto ProCSPcpcspi.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2008-03-18 15:58 58672 c:windowssystem32avldr.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.ffds»= c:program filesffdshowffdshow.ax
«msacm.avis»= c:program filesffdshowffdshow.ax

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 wdigest cpssl

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Common Files\1C Education Shared\fb\bin\ibserver.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«443:UDP»= 443:UDP:*:Disabled:ooVoo UDP порт443
«37674:TCP»= 37674:TCP:*:Disabled:ooVoo TCP порт37674
«37674:UDP»= 37674:UDP:*:Disabled:ooVoo UDP порт37674
«37675:UDP»= 37675:UDP:*:Disabled:ooVoo UDP порт37675

R0 pavboot;Panda boot driver;c:windowssystem32driverspavboot.sys [2008-10-03 28544]
R0 PzWDM;PzWDM;c:windowssystem32driversPzWDM.sys [2007-08-05 15172]
R1 APPFLT;App Filter Plugin;c:windowssystem32driversAPPFLT.SYS [2008-10-03 73728]
R1 CProCtrl;КриптоПро CSP драйвер;c:windowssystem32driversCProCtrl.sys [2008-07-21 54024]
R1 DSAFLT;DSA Filter Plugin;c:windowssystem32driversdsaflt.sys [2008-10-03 52992]
R1 FNETMON;NetMon Filter Plugin;c:windowssystem32driversfnetmon.sys [2008-10-03 22072]
R1 IDSFLT;Ids Filter Plugin;c:windowssystem32driversidsflt.sys [2008-10-03 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:windowssystem32driversNETFLTDI.SYS [2008-10-03 20:47:08 158848]
R1 ShldDrv;Panda File Shield Driver;c:windowssystem32driversShlDrv51.sys [2008-10-03 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:windowssystem32driverswnmflt.sys [2008-10-03 46720]
R2 cpcsp1;КриптоПро CSP KC1;c:windowssystem32svchost.exe -k cpcsp [2004-08-18 14336]
R2 Gwmsrv;Panda Goodware Cache Manager;c:windowssystem32svchost -k Panda —> c:windowssystem32svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:windowssystem32driversPavProc.sys [2008-10-03 179640]
R2 PskSvcRetail;Panda PSK service;c:program filesPanda SecurityPanda Internet Security 2009psksvc.exe [2008-10-03 28928]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:windowssystem32driversneti1634.sys [2008-10-03 197888]
R3 PavTPK.sys;PavTPK.sys;??c:windowssystem32PavTPK.sys —> c:windowssystem32PavTPK.sys [?]
R3 RTIFDH;RTIFDH;c:windowssystem32driversrtIFDH.sys [2007-03-23 13056]
S3 RTUSB;Rutoken;c:windowssystem32driversrtUSB.sys [2008-09-24 29440]
S3 s3chipid;s3chipid;??c:docume~1dLOCALS~1Temps3chipid.sys —> c:docume~1dLOCALS~1Temps3chipid.sys [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
cpcsp REG_MULTI_SZ cpcsp1
panda REG_MULTI_SZ Gwmsrv
.
Contents of the ‘Scheduled Tasks’ folder

2009-03-04 c:windowsTasksUser_Feed_Synchronization-{5797FC88-E461-4A06-B2D1-D81ECB1BB3DF}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 10:58]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MI1933~1Office12EXCEL.EXE/3000
IE: Закачать все при помощи FlashGet — c:program filesFlashGetjc_all.htm
IE: Закачать при помощи FlashGet — c:program filesFlashGetjc_link.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
Trusted Zone: webmoney.rubanking
Trusted Zone: webmoney.ruwww
TCP: {85C977D4-A0C4-4E9D-A888-0CC8849B01E4} = 213.135.97.131,195.128.128.1
DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} — hxxp://demo.bankline.ru/servlets/ibc?File=11309.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 13:25:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(1472)
c:windowssystem32Ati2evxx.dll
c:windowssystem32avldr.dll
.
Completion time: 2009-03-04 13:28:51
ComboFix-quarantined-files.txt 2009-03-04 08:28:33
ComboFix2.txt 2009-03-04 08:06:20

Pre-Run: 35 679 416 320 байт свободно
Post-Run: 35,664,580,608 байт свободно

202 — E O F — 2009-02-11 08:

Медленно открываются сайты.
Скорость скачивания программ (например Combofix) нормальная в соответствии с тарифом.
с цифрами всё нормально были сбиты настройки рабочего стола.

[Admin]

Лог выглядит нормально.

Медленно открываются сайты.

Файлы скачиваются нормально, а вот любые сайты открываются медленно в обоих браузерах ?

[Автор]

Сообщения