Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:26:09, on 16.03.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Windows folder: E:\WINDOWS
System folder: E:\WINDOWS\SYSTEM32
Hosts file: E:\WINDOWS\System32\drivers\etc\hosts
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
E:\Program Files\ATKGFNEX\GFNEXSrv.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
E:\WINDOWS\system32\hasplms.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
E:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXKERNL.Exe
E:\WINDOWS\ATK0100\HControl.exe
E:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ATKOSD2\ATKOSD2.exe
E:\Program Files\Elantech\ETDCtrl.exe
E:\WINDOWS\ATK0100\ATKOSD.exe
E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
E:\Program Files\ASUS\ATK Media\DMedia.exe
E:\Program Files\ASUS\Splendid\ACMON.exe
E:\Program Files\USBDiskSecurity\USBGuard.exe
E:\WINDOWS\system32\ACEngSvr.exe
E:\Program Files\WebMoney Agent\wmagent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\VistaDriveIcon\VistaDrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://localhost/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 178.33.26.119:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - E:\Program Files\WebMoney Advisor\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75200 bytes, MD5 203A74767EB81F96A5166B1933DB46D0)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41368 bytes, MD5 192E39C717013A0BD532B33AC29D6E7D)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 9A0CA264EC3210E77764C45AD7C5F339)
O2 - BHO: TBSB03374 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files\WebMoney Advisor\tbcore3.dll (filesize 2559608 bytes, MD5 3E348DD201E4A1B6B0F03EEAA387E2AF)
O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - E:\Program Files\WebMoney Advisor\tbcore3.dll (filesize 2559608 bytes, MD5 3E348DD201E4A1B6B0F03EEAA387E2AF)
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exeE:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (filesize 61440 bytes, MD5 42BA3584F05842350066B6AA0C867C6F)
O4 - HKLM\..\Run: [HControlUser] E:\Program Files\ASUS\ATK Hotkey\HControlUser.exeE:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] E:\Program Files\ASUS\ATK Hotkey\HControl.exeE:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] "E:\Program Files\ATKOSD2\ATKOSD2.exe" (filesize 7766016 bytes, MD5 2299E0CBEFB41A9DD72E293CE0B00C8B)
O4 - HKLM\..\Run: [ETDWare] E:\Program Files\Elantech\ETDCtrl.exeE:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [HDAudDeck] E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 (filesize 33619968 bytes, MD5 F12F353C3708D755CA89912DB86503B7)
O4 - HKLM\..\Run: [ATKMEDIA] E:\Program Files\ASUS\ATK Media\DMedia.exeE:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ACMON] E:\Program Files\ASUS\Splendid\ACMON.exeE:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [USB Antivirus] E:\Program Files\USBDiskSecurity\USBGuard.exeE:\Program Files\USBDiskSecurity\USBGuard.exe
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 932288 bytes, MD5 BAD6BEA0DE1F69C82BDB74378CE0C20A)
O4 - HKLM\..\Run: [wmagent.exe] "E:\Program Files\WebMoney Agent\wmagent.exe" (filesize 210400 bytes, MD5 7275BF729E7050005328104BED942135)
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (filesize 1039360 bytes, MD5 A81C2966F7D74E9710D58F359DE363B8)
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exeE:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaIcon] E:\Program Files\VistaDriveIcon\VistaDrv.exeE:\Program Files\VistaDriveIcon\VistaDrv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VistaIcon] E:\Program Files\VistaDriveIcon\VistaDrv.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8_02] rundll32 advpack.dll,LaunchINFSectionEx IE8int.inf,AfterUserStart,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User 'Default user')
O4 - Startup: Create virtual drive for Denwer.lnk = C:\WebServers\denwer\Boot.exe (filesize 6656 bytes, MD5 18D946FCE311A819BABE5AEFF8D31EBD)
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - E:\Program Files\WebMoney Advisor\tbcore3.dll (filesize 2559608 bytes, MD5 3E348DD201E4A1B6B0F03EEAA387E2AF)
O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - E:\Program Files\WebMoney Advisor\tbcore3.dll (filesize 2559608 bytes, MD5 3E348DD201E4A1B6B0F03EEAA387E2AF)
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) -
https://w3s.webmoney.ru/WMAcceptor.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 2135336 bytes, MD5 028FF74DAFDC7BB45C956A5EC8926CEE)
O20 - Winlogon Notify: Aspwdflt - E:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dllE:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll (filesize 1030144 bytes, MD5 54A4659B52E6BE484C36442B63B00A09)
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll (filesize 1030144 bytes, MD5 54A4659B52E6BE484C36442B63B00A09)
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exeE:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - E:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exeE:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - E:\Program Files\ATKGFNEX\GFNEXSrv.exeE:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - E:\WINDOWS\system32\services.exeE:\WINDOWS\system32\services.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - E:\WINDOWS\system32\hasplms.exeE:\WINDOWS\system32\hasplms.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - E:\WINDOWS\system32\imapi.exeE:\WINDOWS\system32\imapi.exe
O23 - Service: Nexus Server (Carbon Coder) (Nexus Server) - Unknown owner - E:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exeE:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - E:\WINDOWS\system32\services.exeE:\WINDOWS\system32\services.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeE:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - E:\WINDOWS\system32\sessmgr.exeE:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - E:\WINDOWS\System32\SCardSvr.exeE:\WINDOWS\System32\SCardSvr.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - E:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exeE:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - E:\WINDOWS\system32\smlogsvc.exeE:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\WINDOWS\system32\ZoneLabs\vsmon.exeE:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - E:\WINDOWS\System32\vssvc.exeE:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - E:\WINDOWS\system32\wbem\wmiapsrv.exeE:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 12298 bytes