Sorry for a delay, but Internet was unavailable for me for some time. I've run SDFix and ComboFix.
Here's the logs.
Also, please, advice some free spyware scanner, because COMODO BOClean is not doing a very good job.
SDFix
SDFix: Version 1.171
Run by Dimkin on 17.04.2008 at 00:03
Microsoft Windows XP ['_абЁп 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 00:13:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2????wd??w????????\???\??????????????w-??w\???\??????? ?`??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"D:\\#Install\\_development\\+monitors\\DBGVIEW_forNT\\DBWIN32.EXE"="D:\\#Install\\_development\\+monitors\\DBGVIEW_forNT\\DBWIN32.EXE:*:Enabled:DBWin32 - Debug ouput capture utility"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 8 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Finished!
COMBOFIX log
ComboFix 08-04-15.2 - Dimkin 2008-04-17 0:24:47.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.165 [GMT 3:00]
Running from: C:\Documents and Settings\Dimkin\Рабочий стол\combofix.exe
Command switches used :: /killall
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-17 00:15 . 2008-04-17 00:15 <DIR> d-------- C:\Reports
2008-04-17 00:00 . 2008-04-17 00:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 23:53 . 2008-04-15 11:39 <DIR> d-------- C:\SDFix
2008-04-10 08:52 . 2008-04-10 08:52 <DIR> d-------- C:\Documents and Settings\Dimkin\JaBack7-Backup
2008-04-07 21:45 . 2008-04-07 21:45 <DIR> d-------- C:\Program Files\JaBack8
2008-04-07 21:37 . 2008-04-07 21:37 <DIR> d-------- C:\Program Files\Karen's Power Tools
2008-04-07 21:36 . 2008-04-07 21:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Karen's Power Tools
2008-04-07 20:57 . 2008-04-07 20:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-04-07 19:52 . 2008-04-07 19:52 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-02 13:46 . 2004-06-10 17:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe
2008-04-02 13:46 . 2004-06-10 17:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys
2008-04-02 13:46 . 2004-06-10 02:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys
2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Program Files\AClient
2008-03-31 23:08 . 2008-03-31 23:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-03-31 22:52 . 2008-03-31 22:52 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-03-31 22:44 . 2008-03-31 22:44 <DIR> d-------- C:\My InstallShield 10.5 Projects
2008-03-31 22:42 . 2008-03-31 22:42 <DIR> d-------- C:\Program Files\InstallShield 10.5
2008-03-31 22:42 . 2004-08-09 06:04 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-03-26 19:14 . 2008-03-26 22:41 140,186,218 --a------ C:\Zerg_Reveal_FINAL_EnglishUS_XVid.avi
2008-03-17 17:39 . 2008-03-17 17:39 475,136 --a------ C:\WINDOWS\boinc.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 16:07 85,752 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-03-17 18:19 23,800 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-03-17 18:19 139,008 ----a-w C:\WINDOWS\system32\guard32.dll
2005-05-12 22:22 367 ----a-w C:\Program Files\INSTALL.LOG
2003-12-18 08:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 04:46 10,960 ----a-w C:\Program Files\EULA.txt
1999-03-15 15:00 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1236D836-E9BA-4175-894F-2072A14D5A26}]
2008-03-05 18:19 2465792 --a------ C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}"= "C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll" [2008-03-05 18:19 2465792]
[HKEY_CLASSES_ROOT\clsid\{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOT\TBSB00196.TBSB00196.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00196.TBSB00196]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}"= C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll [2008-03-05 18:19 2465792]
[HKEY_CLASSES_ROOT\clsid\{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOT\TBSB00196.TBSB00196.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00196.TBSB00196]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:04 15360]
"Download Master"="C:\Program Files\Download Master\dmaster.exe" [2008-01-25 14:42 3280896]
"Executor"="C:\Program Files\Executor\executor.exe" [2007-12-22 11:11 1000960]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 17:59 2289664]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 17:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-05 00:14 77824]
"RivaTuner"="C:\Program Files\RivaTuner v2.0 RC 15.7\RivaTuner.exe" [2005-09-09 09:25 2195456]
"TrafficCompressor"="C:\Program Files\TrafficCompressor\TCompres.exe" [2007-01-05 12:27 1511424]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-16 09:29 579584]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49 338432]
"VEngine"="C:\Program Files\Comodo\VEngine\VEngine.exe" [2007-10-19 22:07 315136]
"SafeSex_Safesex"="C:\Program Files\SafeSex\Safesex.exe" [2002-12-21 02:59 26624]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-17 21:08 1503488]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:04 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 03:01 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"D:\\#Install\\_development\\+monitors\\DBGVIEW_forNT\\DBWIN32.EXE"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-03-30 19:07]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-03-17 21:19]
R2 InterBaseGuardian;InterBase Guardian;C:\PROGRA~1\FIREBIRD\Bin\ibguard.exe [2001-08-08 15:43]
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 12:15]
R2 nnCron;nnCron;C:\Program Files\nnCron\nncron.exe [2006-03-21 17:48]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-09-29 15:53]
R3 InterBaseServer;InterBase Server;C:\PROGRA~1\FIREBIRD\Bin\ibserver.exe [2001-08-08 15:43]
S2 DbgMsg;Debug Message;C:\WINDOWS\System32\Drivers\DbgMsg.sys []
S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-04-14 08:52]
S3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 20:50]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-12-22 22:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dddde60-094a-11dd-af2a-001cea2c4671}]
\shell\explore\Command - boot.exe
\shell\open\Command - boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 00:32:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2????wd??w????????\???\??????????????w-??w\???\???????p?a??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Executor\hookwinr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGUPSVC.EXE
C:\PROGRAM FILES\COMODO\CBOCLEAN\BOCORE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\COMODO\FIREWALL\CMDAGENT.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\FIREBIRD\BIN\IBGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\MAGICTUNE PREMIUM\MAGICTUNEENGINE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICE.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\nnCron\nnguard.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\UniChat\unichat.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\wscntfy.exe
C:projects\www.worldcommunitygrid.org\wcg_beta4_6.03_windows_intelx86
.
**************************************************************************
.
Completion time: 2008-04-17 0:39:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 21:38:58
25 папок 1,769,619,456 байт свободно
28 Ї ЇRЄ 1,976,139,776 Ў cв бўRЎR¤-R
New HIJACKTHIS log
Logfile of HijackThis v1.99.1
Scan saved at 01:05, on 2008-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\FIREBIRD\Bin\ibguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\FIREBIRD\Bin\ibserver.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\RivaTuner v2.0 RC 15.7\RivaTuner.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Comodo\VEngine\VEngine.exe
C:\Program Files\SafeSex\Safesex.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Download Master\dmaster.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_beta4_6.03_windows_intelx86
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about::blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: (no name) - {32962DFA-1380-4AD1-A288-1B7611F08E10} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB00196 - {1236D836-E9BA-4175-894F-2072A14D5A26} - C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: Comodo VerificationEngine Browser Helper - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\ESigil.dll
O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /T
O4 - HKLM\..\Run: [TrafficCompressor] C:\Program Files\TrafficCompressor\TCompres.exe /Autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [VEngine] C:\Program Files\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [SafeSex_Safesex] "C:\Program Files\SafeSex\Safesex.exe" /PROFILE=Safesex
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Download Master] C:\Program Files\Download Master\dmaster.exe -autorun
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Ярлык для unichat.lnk = C:\Program Files\UniChat\unichat.exe
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll
O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\tbu02037\wmadvisor.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\trafficcompressor\tcomplsp.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\FIREBIRD\Bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\FIREBIRD\Bin\ibserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Служба сетевого DDE (NetDDE) - Корпорация Майкрософт - C:\WINDOWS\system32\netdde.exe
O23 - Service: Диспетчер сетевого DDE (NetDDEdsdm) - Корпорация Майкрософт - C:\WINDOWS\system32\netdde.exe
O23 - Service: nnCron - nnSoft - C:\Program Files\nnCron\nncron.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Корпорация Майкрософт - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe