Mordavorot
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:38, on 24.08.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\rundll32.exe
J:\WINDOWS\RTHDCPL.EXE
J:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
J:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
J:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
J:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
J:\Program Files\Common Files\Java\Java Update\jusched.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
J:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
J:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
J:\Total\Soft\-soft\Unlocker\App\Unlocker\UnlockerAssistant.exe
J:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
J:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
J:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
J:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
J:\Program Files\VistaDriveIcon\VistaDrv.exe
J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
J:\Total\Soft\USD\USDownloader.exe
J:\Documents and Settings\Администратор\Application Data\Mail.Ru\Agent\magent.exe
J:\Program Files\Skype\Phone\Skype.exe
J:\Program Files\BitTorrent\BitTorrent.exe
J:\Program Files\DAEMON Tools Lite\DTLite.exe
J:\Program Files\ActiveMultiwallpaper\Changer.exe
D:\FRAPS\FRAPS.EXE
J:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
J:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
J:\Program Files\Sippoint\Sippoint.exe
J:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
J:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
J:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
J:\Program Files\Google\Update\GoogleUpdate.exe
J:\Program Files\Java\jre7\bin\jqs.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
J:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
J:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
J:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
J:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Total\TOTALCMD.EXE
J:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
J:\WINDOWS\system32\wbem\wmiapsrv.exe
J:\Program Files\FastStone Capture\FSCapture.exe
J:\Program Files\Yandex\Punto Switcher\punto.exe
J:\Total\Utilites\SwitchOff\swoff.exe
J:\Total\TOTALCMD.EXE
j:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodfindings.info/?unqvl=32
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodfindings.info/?unqvl=32
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - J:\Program Files\Get-Styles 2.0\utils\updatebho.dll (file missing)
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LWS] J:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "J:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] J:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "J:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] J:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IAAnotif] J:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "J:\Total\Soft\-soft\Unlocker\App\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AlterGeoUpdater] J:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe
O4 - HKLM\..\Run: [PowerDVD12DMREngine] "J:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
O4 - HKLM\..\Run: [PowerDVD12Agent] "J:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
O4 - HKLM\..\Run: [SearchSettings] "J:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [StartCCC] "J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE J:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VistaIcon] J:\Program Files\VistaDriveIcon\VistaDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed] "J:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe" -UseTray
O4 - HKCU\..\Run: [USDownloader] "J:\Total\Soft\USD\USDownloader.exe"
O4 - HKCU\..\Run: [MAgent] J:\Documents and Settings\Администратор\Application Data\Mail.Ru\Agent\magent.exe -CU
O4 - HKCU\..\Run: [Skype] "J:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [BitTorrent] "J:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "J:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ActiveMultiWallpaper] J:\Program Files\ActiveMultiwallpaper\Changer.exe
O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VistaIcon] J:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Beeline.lnk = ?
O4 - Startup: FastStone Capture.lnk = J:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Punto Switcher.lnk = J:\Program Files\Yandex\Punto Switcher\punto.exe
O4 - Startup: swoff.lnk = J:\Total\Utilites\SwitchOff\swoff.exe
O4 - Startup: TOTALCMD.lnk = J:\Total\TOTALCMD.EXE
O4 - Global Startup: Sippoint.lnk = J:\Program Files\Sippoint\Sippoint.exe
O8 - Extra context menu item: &CHMSaver - Save to chm... - J:\Program Files\CHMSaver\run.html
O8 - Extra context menu item: &CHMSaver - Settings... - J:\Program Files\CHMSaver\run_settings.html
O8 - Extra context menu item: Добавить в Анти-Баннер - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O9 - Extra button: Виртуальная клавиатура - {0C4CC089-D306-440D-9772-464E226F6539} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Проверка ссылок - {CCF151D8-D089-449F-A5A4-D9909053F20F} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D90905-AB75-417D-81D7-31D68C51867F}: NameServer = 213.234.192.7 195.14.50.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: j:\progra~1\simple~1\sprote~1.dll j:\progra~1\websea~1\sprote~1.dll
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - J:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - J:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - J:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - J:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - J:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - J:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - J:\WINDOWS\system32\services.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - J:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - J:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - J:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - J:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - J:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - J:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - J:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Активатор Acronis OS Selector (OS Selector) - Unknown owner - J:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - J:\WINDOWS\system32\services.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - J:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - J:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: UMVPFSrv - Logitech Inc. - J:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - J:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - J:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 13898 bytes
|
