﻿Лог утилиты random's system information tool 1.08 (автор: random/random)
Run by Admin at 2012-02-20 15:18:58
Microsoft Windows XP Professional Service Pack 3
Системный раздел D: размер 6 GB (36%) Свободно 15 GB
Total RAM: 1015 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:19:47, on 20.02.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\VistaDriveIcon\VistaDrv.exe
D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\svchost.exe
D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Admin\Мои документы\Downloads\HiJackThis.exe
D:\Documents and Settings\Admin\Мои документы\Downloads\RSIT.exe
D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaIcon] D:\Program Files\VistaDriveIcon\VistaDrv.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Policies\Explorer\Run: [Macromedia] D:\Documents and Settings\Admin\Application Data\6E4E5C.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VistaIcon] D:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User 'Default user')
O4 - Startup: BmtPno1zbHs.exe
O4 - Startup: CQESZuQprXE.exe
O4 - Startup: vMNMTbSNG3o.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E96660C-06E3-4AE8-BBDC-103C1551CA7C}: NameServer = 82.209.240.241,82.209.243.241
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINDOWS\system32\imapi.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7217 bytes

======Папка назначеных зданий======

D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2139871995-299502267-500Core1cce1452d842af2.job

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2009-06-12 17887232]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2010-08-07 30208]
"VistaIcon"=D:\Program Files\VistaDriveIcon\VistaDrv.exe [2008-01-02 132096]
"Google Update"=D:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Macromedia"=D:\Documents and Settings\Admin\Application Data\6E4E5C.exe [2010-08-07 33792]

D:\Documents and Settings\Admin\Главное меню\Программы\Автозагрузка
BmtPno1zbHs.exe
CQESZuQprXE.exe
vMNMTbSNG3o.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======Список файлов и папок, созданных за последние 1 месяц======

2012-02-20 15:19:04 ----D---- D:\Program Files\trend micro
2012-02-20 15:18:58 ----D---- D:\rsit
2012-02-20 14:11:29 ----D---- D:\kFv3DjpT2zoxUWd
2012-02-20 14:11:29 ----D---- D:\Documents and Settings\Admin\Application Data\kFv3DjpT2zoxUWd
2012-02-20 14:11:27 ----D---- D:\Documents and Settings\Admin\Application Data\7a6vHav3hoNfVzI
2012-02-20 14:11:27 ----D---- D:\7a6vHav3hoNfVzI
2012-02-19 12:24:17 ----A---- D:\WINDOWS\system32\drivers\ujmynjmz.sys
2012-02-19 12:08:46 ----A---- D:\WINDOWS\system32\drivers\utmynjmz.sys
2012-02-19 11:14:17 ----D---- D:\WINDOWS\pss
2012-02-05 13:11:23 ----SHD---- D:\Config.Msi
2012-02-04 15:44:01 ----D---- D:\Documents and Settings\Admin\Application Data\ZFBBUAKNlAv5Udc

======Список файлов и папок, измененных за последние 1 месяц======

2012-02-20 15:19:04 ----RD---- D:\Program Files
2012-02-20 15:11:38 ----D---- D:\Documents and Settings\Admin\Application Data\Skype
2012-02-20 14:53:00 ----D---- D:\WINDOWS\Temp
2012-02-20 14:22:36 ----D---- D:\WINDOWS\system32\CatRoot2
2012-02-20 14:09:46 ----D---- D:\WINDOWS\system32\drivers
2012-02-20 12:19:59 ----D---- D:\Program Files\Mozilla Thunderbird
2012-02-19 13:17:09 ----RSHDC---- D:\WINDOWS\system32\dllcache
2012-02-19 12:24:51 ----D---- D:\WINDOWS
2012-02-16 18:49:09 ----D---- D:\WINDOWS\Network Diagnostic
2012-02-05 13:21:13 ----SHD---- D:\WINDOWS\Installer
2012-02-05 13:09:01 ----D---- D:\WINDOWS\system32
2012-02-02 03:54:11 ----SD---- D:\WINDOWS\Tasks

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R1 intelppm;Драйвер Intel процессора; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40704]
R2 exFat;exFat; D:\WINDOWS\system32\drivers\exFat.sys [2009-01-28 133632]
R2 rspndr;Ответчик обнаружения топологии уровня связи; D:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-10-11 62848]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-16 5095936]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; D:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2010-03-19 46632]
R3 RT80x86;Ralink 802.11n Wireless Driver; D:\WINDOWS\system32\DRIVERS\RT2860.sys [2010-04-02 1023872]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 usbvideo;USB-видеоустройство (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Ambfilt;Ambfilt; D:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Closed Caption декодер; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; D:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 ujmynjmz;AVZ-SG Kernel Driver; \??\D:\WINDOWS\system32\Drivers\ujmynjmz.sys []
S3 usbstor;Драйвер запоминающих устройств для USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
S3 utmynjmz;AVZ Kernel Driver; \??\D:\WINDOWS\system32\Drivers\utmynjmz.sys []
S3 WSTCODEC;World Standard Teletext кодек; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-18 82944]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; D:\Program Files\Windows Media Player\wmpnetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2011-04-27 153376]

-----------------EOF-----------------
