Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:40, on 28.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\Program Files\DrWeb\spiderml.exe C:\PROGRA~1\DrWeb\spiderui.exe C:\Program Files\Bazarbox\bazarbox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\LouderIt\LouderIt.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\EKA2\Eka.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Punto Switcher\punto.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\Admin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Documents and Settings\Admin\Application Data\Mail.Ru\Agent\MAgent.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\PROGRA~1\DrWeb\spidernt.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\DLink\Bluetooth Software\BTTray.exe C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\VistaDriveIcon\VistaDrv.exe C:\PROGRA~1\DLink\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\QIP Infium\infium.exe C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe C:\Program Files\ABBYY Lingvo 13\LvAgent.exe C:\Program Files\ABBYY Lingvo 13\Lingvo.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX09.765\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtreme.ws/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки R3 - URLSearchHook: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Documents and Settings\Admin\Application Data\Mail.Ru\Agent\Mra\dll\newmrasearch.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: QTToolBar2 - {a84524f0-d48b-4cff-8012-5e67decaf1d5} - mscoree.dll (file missing) O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe" O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent O4 - HKLM\..\Run: [BAZARBOX] C:\Program Files\Bazarbox\bazarbox.exe O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 13\LvAgent.exe" /STARTUP O4 - HKCU\..\Run: [LouderIt.exe] C:\Program Files\LouderIt\LouderIt.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [Extra keys assigner] C:\Program Files\EKA2\Eka.exe /m /inv O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\punto.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Admin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [MAgent] C:\Documents and Settings\Admin\Application Data\Mail.Ru\Agent\MAgent.exe -CU O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: VistaDrv.lnk = C:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - .DEFAULT Startup: VistaDrv.lnk = C:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: VistaDrv.lnk = C:\Program Files\VistaDriveIcon\VistaDrv.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: &Перевести с помощью ABBYY Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000 O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Заполнить формы - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Настроить Меню - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Перевести с помощью ABBYY Lingvo x&3 - res://C:\Program Files\ABBYY Lingvo 13\Lingvo.exe/3000 O8 - Extra context menu item: Поиск@Mail.Ru - res://c:\program files\mail.ru\sputnik\MailRuSputnik.dll/282 O8 - Extra context menu item: Словари@Mail.Ru - res://c:\program files\mail.ru\sputnik\MailRuSputnik.dll/283 O8 - Extra context menu item: Сохранить формы - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Тулбар RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Добавить в избранное мобильного устройства... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Заполнить - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Заполнить формы - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Сохранить - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Сохранить формы - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Тулбар RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Admin\Application Data\Mail.Ru\Agent\magent.exe (HKCU) O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Admin\Application Data\Mail.Ru\Agent\magent.exe (HKCU) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Сервис лицензирования ABBYY Lingvo x3 (ABBYY.Licensing.Lingvo.Desktop.14.0) - ABBYY - C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 14409 bytes