Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-09 01:00:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 165 GB (80%) free of 206 GB
Total RAM: 2046 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:20, on 09.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32brsvc01a.exe
C:WINDOWSsystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesEA GamesNeed for Speed UndercoverPBPnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32taskmgr.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:WINDOWSVMSnap3.EXE
C:WINDOWSDomino.EXE
C:Program FilesA4TechMouseAmoumain.exe
C:PROGRA~1MEDIAK~1MagicKey.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:PROGRA~1MEDIAK~1OSD.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesBrotherControlCenter2brctrcen.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesVista Drive IconDrvIcon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPunto SwitcherPS.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesQIP Infiuminfium.exe
C:PROGRA~1MI3AA1~1wcescomm.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesSDF LabLclockLClock.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
E:RSIT.exe
C:WINDOWSsystem32wscntfy.exe
C:Program Filestrend microАдминистратор.exe
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: IE7Pro — {00011268-E188-40DF-A514-835FCD78B1BF} — C:Program FilesIEProIEPro.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [VMSnap3] C:WINDOWSVMSnap3.EXE
O4 — HKLM..Run: [Domino] C:WINDOWSDomino.EXE
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [MagicKey] C:PROGRA~1MEDIAK~1MagicKey.exe
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [OutpostMonitor] C:PROGRA~1AgnitumOUTPOS~1op_mon.exe /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «C:Program FilesAgnitumOutpost Security Suite Profeedback.exe» /dump:os_startup
O4 — HKLM..Run: [SSBkgdUpdate] «C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» -Embedding -boot
O4 — HKLM..Run: [PaperPort PTD] C:Program FilesScanSoftPaperPortpptd40nt.exe
O4 — HKLM..Run: [IndexSearch] C:Program FilesScanSoftPaperPortIndexSearch.exe
O4 — HKLM..Run: [SetDefPrt] C:Program FilesBrotherBrmfl05aBrStDvPt.exe
O4 — HKLM..Run: [ControlCenter2.0] C:Program FilesBrotherControlCenter2brctrcen.exe /autorun
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 — HKLM..Run: [DrvIcon] C:Program FilesVista Drive IconDrvIcon.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto SwitcherPS.exe
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [Infium] «C:Program FilesQIP Infiuminfium.exe»
O4 — HKCU..Run: [H/PC Connection Agent] «C:PROGRA~1MI3AA1~1wcescomm.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O4 — Startup: LClock.lnk = C:Program FilesSDF LabLclockLClock.exe
O4 — Global Startup: APC UPS Status.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: IE7Pro Grab and Drag — {000002a3-84fe-43f1-b958-f2c3ca804f1a} — C:Program FilesIEProIEPro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Grab and Drag — {000002a3-84fe-43f1-b958-f2c3ca804f1a} — C:Program FilesIEProIEPro.dll
O9 — Extra button: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProIEPro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProIEPro.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Быстрая настройка Outpost Security Suite Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — C:Program FilesAgnitumOutpost Security Suite Proie_bar.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) — https://my.sabmillerrus.ru/InternalSite/WhlCompMgr.cab
O17 — HKLMSystemCCSServicesTcpip..{32978208-8199-4E0C-88B2-043ED06A10CA}: NameServer = 85.113.128.136,85.113.147.110
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 — Service: BrSplService (Brother XP spl Service) — brother Industries Ltd — C:WINDOWSsystem32brsvc01a.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PunkBuster (PnkBstrA) — Unknown owner — C:Program FilesEA GamesNeed for Speed UndercoverPBPnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
—
End of file — 9128 bytes
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO — C:Program FilesIEProIEPro.dll [2008-09-23 756840]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
«VMSnap3″=C:WINDOWSVMSnap3.EXE [2006-08-30 49152]
«Domino»=C:WINDOWSDomino.EXE [2006-06-28 49152]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2008-03-06 241664]
«MagicKey»=C:PROGRA~1MEDIAK~1MagicKey.exe [2004-03-15 45056]
«OrderReminder»=C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe [2006-01-30 98304]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]
«OutpostMonitor»=C:PROGRA~1AgnitumOUTPOS~1op_mon.exe [2008-07-15 1207128]
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Security Suite Profeedback.exe [2008-07-15 435544]
«SSBkgdUpdate»=C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe [2003-09-29 155648]
«PaperPort PTD»=C:Program FilesScanSoftPaperPortpptd40nt.exe [2005-08-25 57393]
«IndexSearch»=C:Program FilesScanSoftPaperPortIndexSearch.exe [2005-08-25 40960]
«SetDefPrt»=C:Program FilesBrotherBrmfl05aBrStDvPt.exe [2005-01-26 49152]
«ControlCenter2.0″=C:Program FilesBrotherControlCenter2brctrcen.exe [2005-07-19 933888]
«BluetoothAuthenticationAgent»=C:WINDOWSsystem32bthprops.cpl [2008-04-15 110592]
«C6501Sound»=RunDll32 c6501.cpl []
«DrvIcon»=C:Program FilesVista Drive IconDrvIcon.exe [2008-04-13 49152]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]
«Punto Switcher»=C:Program FilesPunto SwitcherPS.exe [2008-05-30 722112]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2008-10-10 270128]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-11-07 21633320]
«Infium»=C:Program FilesQIP Infiuminfium.exe [2008-12-09 5062144]
«H/PC Connection Agent»=C:PROGRA~1MI3AA1~1wcescomm.exe [2006-11-13 1289000]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exe
C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
LClock.lnk — C:Program FilesSDF LabLclockLClock.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«ForceClassicControlPanel»=1
«NoInstrumentation»=1
«NoStartMenuMFUprogramsList»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe»=»C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club»
«C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
