Logfile of random’s system information tool 1.05 (written by random/random)
Run by Наталия Новикова at 2009-01-09 19:05:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (26%) free of 15 GB
Total RAM: 511 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:41, on 09.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32ufdsvc.exe
C:WINDOWSS4TSR.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSmsauc.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesAntivirus 2009av2009.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsНаталия НовиковаРабочий столRSIT.exe
C:Program Filestrend microНаталия Новикова.exe
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: toylibP — {6FF9CCE7-EE1B-47B5-A33B-D0519D922547} — C:WINDOWSsystem32toylib.dll
O4 — HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 — HKLM..Run: [ASUS Probe] C:Program FilesASUSAsus ProbeAsusProb.exe
O4 — HKLM..Run: [DisableEHCI] C:WINDOWSS4TSR.EXE
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [lsass driver] C:WINDOWSmsauc.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [29800100628240979157008890236031] C:Program FilesAntivirus 2009av2009.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689}: NameServer = 62.112.106.130 195.34.31.50
O17 — HKLMSystemCS1ServicesTcpip..{4C8644B2-CBDE-44CB-8F4D-0C2BCA94C689}: NameServer = 62.112.106.130 195.34.31.50
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: CbEvtSvc — Unknown owner — C:WINDOWSSystem32CbEvtSvc.exe
O23 — Service: Eset HTTP Server (ehttpsrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: UFD Command Service (UFDSVC) — Generic — C:WINDOWSsystem32ufdsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
—
End of file — 5323 bytes
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6FF9CCE7-EE1B-47B5-A33B-D0519D922547}]
AAC-SLS Video Feeder — C:WINDOWSsystem32toylib.dll [2008-12-05 315392]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=C:WINDOWSSiSUSBrg.exe [2002-07-12 106496]
«ASUS Probe»=C:Program FilesASUSAsus ProbeAsusProb.exe [2002-12-06 617984]
«DisableEHCI»=C:WINDOWSS4TSR.EXE [2002-08-26 28672]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-11-15 77824]
«lsass driver»=C:WINDOWSmsauc.exe [2008-12-21 73728]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2003-08-18 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe []
«29800100628240979157008890236031»=C:Program FilesAntivirus 2009av2009.exe [2008-12-25 1597440]
C:Documents and SettingsAll Users.WINDOWSГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-08-04 46080]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:GamesNHL08nhl2008.exe»=»D:GamesNHL08nhl2008.exe:*:Disabled:nhl2008»
«D:Program FilesGameSpy ArcadeAphex.exe»=»D:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade»
«C:Documents and SettingsНаталия НовиковаLocal SettingsTempusmtmigwiz.exe»=»C:Documents and SettingsНаталия НовиковаLocal SettingsTempusmtmigwiz.exe:*:Enabled:Мастер переноса файлов и параметров»
«C:Program FilesGameSpy ArcadeAphex.exe»=»C:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«D:Gamesiw3mp.exe»=»D:Gamesiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«D:Half Life 2hl2.exe»=»D:Half Life 2hl2.exe:*:Enabled:hl2»
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9f126e1b-a40a-11db-9269-0015f2a81198}]
shellautoruncommand — H:
shellopencommand — rundll32.exe .\nsdll.dll,InstallM
======List of files/folders created in the last 1 months======
2009-01-04 23:40:47 —-DC—- C:Program Filestrend micro
2009-01-04 23:40:46 —-DC—- C:rsit
2008-12-30 10:01:45 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2008-12-30 10:01:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2008-12-30 10:01:26 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-30 10:01:13 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2008-12-30 10:00:53 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2008-12-30 10:00:43 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-30 10:00:33 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2008-12-30 10:00:24 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2008-12-30 10:00:10 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-30 09:59:57 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2008-12-30 09:59:46 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2008-12-30 09:59:35 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-30 09:59:26 —-HDC—- C:WINDOWS$NtUninstallKB923689$
2008-12-30 09:58:53 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-12-30 09:58:44 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-12-30 09:58:35 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-30 09:58:26 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-30 09:58:17 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-30 09:58:07 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-30 09:57:54 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2008-12-30 00:08:47 —-DC—- C:Avenger
2008-12-30 00:08:47 —-AC—- C:avenger.txt
2008-12-29 23:08:11 —-DC—- C:Program FilesEnigma Software Group
2008-12-29 20:58:37 —-DC—- C:Program FilesMalwarebytes’ Anti-Malware
2008-12-29 19:58:35 —-DC—- C:Program FilesCommon FilesDownload Manager
2008-12-29 18:01:10 —-DC—- C:Documents and SettingsНаталия НовиковаApplication DataMalwarebytes
2008-12-29 18:01:04 —-DC—- C:Documents and SettingsAll Users.WINDOWSApplication DataMalwarebytes
2008-12-29 15:52:58 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-29 15:52:47 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-29 15:52:16 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2008-12-29 15:51:53 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-29 15:51:32 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2008-12-29 15:51:08 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2008-12-29 15:50:41 —-HDC—- C:WINDOWS$NtUninstallKB929399$
2008-12-29 15:49:57 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-28 22:12:16 —-DC—- C:Documents and SettingsAll Users.WINDOWSApplication DataESET
2008-12-25 20:14:01 —-DC—- C:Program FilesAntivirus 2009
2008-12-21 01:22:24 —-AC—- C:WINDOWSsystem32shell31.dll
2008-12-21 01:22:24 —-AC—- C:WINDOWSmsauc.exe
======List of files/folders modified in the last 1 months======
2009-01-09 19:05:12 —-DC—- C:WINDOWSTemp
2009-01-09 18:32:43 —-AC—- C:WINDOWSufdsvclog.txt
2009-01-05 00:14:28 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-04 23:41:02 —-DC—- C:WINDOWSPrefetch
2009-01-04 23:40:47 —-RDC—- C:Program Files
2009-01-04 21:35:18 —-DC—- C:WINDOWS
2009-01-04 07:05:02 —-DC—- C:WINDOWSsystem32CatRoot
2009-01-04 07:03:06 —-HDC—- C:WINDOWSinf
2009-01-04 07:03:05 —-DC—- C:WINDOWSsystem32
2009-01-04 07:03:03 —-DC—- C:WINDOWSsystem32CatRoot2
2009-01-01 20:15:55 —-DC—- C:WINDOWSsystem32drivers
2008-12-31 17:04:51 —-AC—- C:WINDOWSsystem32PnkBstrB.exe
2008-12-30 20:49:52 —-DC—- C:WINDOWSMinidump
2008-12-30 10:01:47 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-30 10:01:41 —-AC—- C:WINDOWSimsins.BAK
2008-12-30 10:01:38 —-DC—- C:Program FilesMessenger
2008-12-30 10:01:35 —-HDC—- C:WINDOWS$hf_mig$
2008-12-29 22:48:45 —-DC—- C:WINDOWSsystem32CatRoot_bak
2008-12-29 19:58:35 —-DC—- C:Program FilesCommon Files
2008-12-29 15:52:21 —-DC—- C:Program FilesInternet Explorer
2008-12-29 10:09:06 —-DC—- C:WINDOWSAppPatch
2008-12-28 23:07:08 —-DC—- C:Program FilesWindows Media Player
2008-12-28 23:07:03 —-DC—- C:WINDOWSRegisteredPackages
2008-12-28 23:04:25 —-DC—- C:Program FilesESET
2008-12-28 22:17:46 —-SHDC—- C:WINDOWSInstaller
2008-12-28 22:17:33 —-SDC—- C:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft
2008-12-19 18:43:01 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-12 20:36:26 —-AC—- C:WINDOWSsystem32mshtml.dll
2008-12-10 02:24:37 —-AC—- C:WINDOWSsystem32MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aslm75;aslm75; ??C:WINDOWSsystem32driversaslm75.sys []
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2003-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2003-08-18 14848]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-11-17 2297664]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-08-04 1273344]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2003-08-18 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2003-08-18 12160]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2003-08-18 12672]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2003-08-18 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2003-08-18 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2003-08-18 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2003-08-18 17024]
S1 346d0bc6;346d0bc6; C:WINDOWSSystem32drivers346d0bc6.sys []
S1 ae9fec7d;ae9fec7d; C:WINDOWSSystem32driversae9fec7d.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:WINDOWSsystem32DRIVERSR8139n51.SYS [2003-07-31 46976]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 win32x;win32x; ??C:WINDOWSsystem32driverswin32x.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2003-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-08-04 380928]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-12-03 66872]
R2 UFDSVC;UFD Command Service; C:WINDOWSsystem32ufdsvc.exe [2006-08-02 77824]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 ehttpsrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe []
EOF
