- This topic has 12 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Были частые перебои с сетью при включении компа, решил ручками поискать неизвестные файлы, в пути
C:WINDOWSTemp нашел файл etilqs_kt6RcIGeePeC63V2Q7Go, который не удаляется, без расширения,
и пишет типа что нельзя получить доступ к файлу , так как файл занят другим процессом(пытался открыть блокнотом)
Антивирус Nod32 не реагирует, У меня WinXP SP3 GameEdition
Просьба помочь@EKo-rus wrote:
Забыл сказать, в Диспетчере Задач найден неизвестный процесс mdm.exe
Спустя некоторое время файл пропал
Здравствуйте.
Процесс mdm.exe это легальный процесс Windows, но некоторые паразиты могут использовать такое же имя.
Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте оба RSIT лога в ваш ответ.
LOG.TXT
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-31 20:23:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 511 MB (58% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:19, on 31.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:Documents and SettingsАдминистраторРабочий столRSIT(3).exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://forum.spark-media.ru/index.php?s=&showtopic=10450&view=findpost&p=123522
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 — HKLM..Run: [AcronisTimounterMonitor] C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
O4 — HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
O4 — HKLM..Run: [Acronis Scheduler2 Service] «C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe»
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Копия cftmon.exe] C:Program FilesToS TrialКопия cftmon.exe
O4 — HKCU..Run: [Lan_service] C:Documents and SettingsAll UsersApplication DataADMINsvchost.exe
O4 — HKCU..Run: [cftmon.exe] C:Program FilesToS Trialcftmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7380 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-03-13 1443072]
«Cmaudio»=RunDll32 cmicnfg.cpl []
«AcronisTimounterMonitor»=C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe [2008-11-04 962136]
«TrueImageMonitor.exe»=C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe [2008-11-04 4382376]
«Acronis Scheduler2 Service»=C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe [2008-11-04 165144][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-08-19 30208]
«Копия cftmon.exe»=C:Program FilesToS TrialКопия cftmon.exe []
«Lan_service»=C:Documents and SettingsAll UsersApplication DataADMINsvchost.exe []
«cftmon.exe»=C:Program FilesToS Trialcftmon.exe []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-05-03 61440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=1
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMHelp»=1
«NoSMMyPictures»=1
«NoSMConfigurePrograms»=1
«StartMenuLogoff»=1
«ForceStartMenuLogoff»=0
«ForceClassicControlPanel»=1
«NoResolveTrack»=1
«NoResolveSearch»=1
«NoThumbnailCache»=1
«NoInstrumentation»=1
«NoStartMenuMFUprogramsList»=1
«NoUserNameInStartMenu»=1
«NoCommonGroups»=1
«GreyMSIAds»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E]
shellAutoRuncommand — E:autorun.exe======List of files/folders created in the last 1 months======
2009-01-31 20:23:07 —-D—- C:rsit
2009-01-31 20:23:07 —-D—- C:Program Filestrend micro
2009-01-30 15:22:32 —-A—- C:Текстовый документ.txt
2009-01-26 20:16:03 —-D—- C:gtabttf2
2009-01-26 19:18:07 —-D—- C:GTA BTTF
2009-01-26 19:11:02 —-A—- C:WINDOWSsystem32tsccvid.dll
2009-01-26 19:11:01 —-D—- C:WINDOWSsystem32QuickTime
2009-01-26 19:10:53 —-D—- C:Documents and SettingsAll UsersApplication DataTechSmith
2009-01-26 19:10:39 —-D—- C:Program FilesCommon FilesTechSmith Shared
2009-01-26 19:10:37 —-D—- C:Program FilesTechSmith
2009-01-26 18:32:00 —-D—- C:Fraps2
2009-01-26 18:17:38 —-D—- C:Program FilesBattlejeep
2009-01-26 18:00:22 —-A—- C:WINDOWSzip.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSVFIND.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSSWREG.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSsed.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSNIRCMD.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSgrep.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSfdsv.exe
2009-01-26 18:00:21 —-A—- C:WINDOWSSWXCACLS.exe
2009-01-26 18:00:21 —-A—- C:WINDOWSSWSC.exe
2009-01-26 18:00:16 —-D—- C:WINDOWSERDNT
2009-01-26 18:00:16 —-D—- C:Qoobox
2009-01-26 18:00:09 —-D—- C:ComboFix
2009-01-25 19:35:34 —-D—- C:avz_upd
2009-01-25 19:33:46 —-D—- C:Program FilesUnlocker
2009-01-25 18:20:15 —-A—- C:WINDOWSsystem32svchost.exe
2009-01-25 15:29:41 —-A—- C:WINDOWSntbtlog.txt
2009-01-25 15:19:08 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-01-25 15:19:02 —-HD—- C:WINDOWS$hf_mig$
2009-01-25 15:11:46 —-D—- C:avz4
2009-01-25 14:46:27 —-D—- C:WINDOWSsystem32appmgmt
2009-01-24 23:10:54 —-D—- C:Car Models
2009-01-24 23:08:39 —-D—- C:KITT
2009-01-24 23:07:38 —-D—- C:Program FilesText
2009-01-24 23:07:38 —-D—- C:Program FilesModels
2009-01-24 23:07:37 —-D—- C:Program FilesData
2009-01-24 23:07:37 —-D—- C:Program FilesAudio
2009-01-24 23:03:18 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-24 23:03:16 —-D—- C:Fraps
2009-01-24 21:48:24 —-D—- C:Мои документы
2009-01-24 20:51:41 —-D—- C:Program FilesMoo Mapper 0.90 Rus
2009-01-24 18:57:37 —-D—- C:Program FilesMoo Mapper
2009-01-23 18:26:33 —-D—- C:Новая папка
2009-01-23 00:10:12 —-D—- C:GTA-Vice-City-Back-To-The-Future-Hill-Valley
2009-01-22 23:24:53 —-D—- C:Battlejeep
2009-01-22 20:36:20 —-D—- C:resb
2009-01-22 20:08:43 —-D—- C:QUQ
2009-01-22 20:06:57 —-D—- C:WINDOWSAoRE-UnPaCkTools
2009-01-22 20:06:57 —-D—- C:Program FilesAoRE-UnPaCkTools
2009-01-22 20:06:52 —-A—- C:WINDOWSAoRE-UnPaCkTools Setup Log.txt
2009-01-22 19:03:07 —-D—- C:Volf
2009-01-22 17:25:16 —-D—- C:unpack
2009-01-22 17:19:51 —-D—- C:Upack
2009-01-22 16:55:14 —-D—- C:ImpRec
2009-01-22 16:53:02 —-D—- C:lordpe
2009-01-22 16:00:42 —-D—- C:UPX
2009-01-22 14:42:36 —-A—- C:WINDOWSODBC.INI
2009-01-22 14:41:38 —-D—- C:Program FilesMicrosoft Visual Studio
2009-01-22 14:41:38 —-D—- C:Program FilesCommon FilesDesigner
2009-01-22 14:40:55 —-D—- C:WINDOWSMsagent
2009-01-22 14:40:52 —-D—- C:WINDOWSShellNew
2009-01-22 14:40:50 —-D—- C:Program FilesMicrosoft Office
2009-01-22 00:46:51 —-D—- C:Documents and SettingsАдминистраторApplication DataSPORE Creature Creator
2009-01-22 00:45:08 —-D—- C:Program FilesElectronic Arts
2009-01-21 23:21:32 —-A—- C:WINDOWSsystem32WintSys.dll
2009-01-21 23:21:24 —-D—- C:Documents and SettingsAll UsersApplication Datawinsys
2009-01-21 23:18:20 —-D—- C:Program FilesFree Keylogger
2009-01-21 20:13:16 —-A—- C:WINDOWSsystem32tumble.txt
2009-01-21 20:00:25 —-D—- C:Program FilesKGB Archiver
2009-01-21 18:22:07 —-D—- C:ol10xp
2009-01-21 18:20:18 —-A—- C:CmdBar.ini
2009-01-21 18:11:04 —-D—- C:Documents and SettingsАдминистраторApplication DataIdentities
2009-01-21 18:09:50 —-D—- C:AoRE_Unpacker_0.4
2009-01-21 18:09:37 —-D—- C:RLdePacker1.41
2009-01-21 18:09:28 —-D—- C:QuickUnpack_v2.1
2009-01-21 18:09:18 —-D—- C:VMUnpacker_v1.5
2009-01-21 18:06:49 —-D—- C:Набор распаковщиков 3
2009-01-21 16:44:18 —-D—- C:ArmadilloKiller_2.6
2009-01-21 16:25:33 —-D—- C:Program FilesTeleport Pro
2009-01-20 00:35:32 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2009-01-20 00:32:54 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-20 00:32:09 —-D—- C:Program FilesBonjour
2009-01-20 00:24:23 —-D—- C:Program FilesAdobe
2009-01-20 00:23:39 —-D—- C:Program FilesCommon FilesMacrovision Shared
2009-01-20 00:22:00 —-D—- C:Program FilesCommon FilesAdobe
2009-01-19 22:07:39 —-D—- C:Documents and SettingsАдминистраторApplication DataCrayon Physics Deluxe
2009-01-19 22:07:15 —-D—- C:Program FilesCrayon Physics Deluxe
2009-01-19 21:49:55 —-D—- C:crayon
2009-01-19 21:19:16 —-D—- C:nod_upd
2009-01-19 21:19:16 —-D—- C:eset_upd
2009-01-19 20:24:27 —-D—- C:Program FilesWinHex
2009-01-19 20:23:56 —-D—- C:winhex
2009-01-19 20:23:36 —-D—- C:TRSHREG
2009-01-19 20:10:40 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-01-19 20:10:12 —-D—- C:petools
2009-01-19 20:04:34 —-D—- C:Program FilesAlawar.ru
2009-01-19 20:03:51 —-D—- C:Игры
2009-01-19 19:21:27 —-D—- C:WINDOWSRegisteredPackages
2009-01-19 19:20:43 —-A—- C:WINDOWSsystem32psisdecd.dll
2009-01-19 19:20:41 —-A—- C:WINDOWSsystem32dxdllreg.exe
2009-01-19 19:20:38 —-D—- C:WINDOWSsystem32DirectX
2009-01-19 17:47:24 —-D—- C:Program FilesAvaLink DC++
2009-01-19 17:26:52 —-D—- C:Program FilesSMM
2009-01-19 16:19:28 —-A—- C:WINDOWSsystem32RestoratorContextMenu.dll
2009-01-19 16:19:20 —-D—- C:Program FilesRestorator 2007
2009-01-19 16:13:54 —-D—- C:Restorator 2007.3.70.1729.Rus
2009-01-19 16:05:16 —-A—- C:WINDOWSsystem32msvcr71.dll
2009-01-19 16:05:13 —-A—- C:WINDOWSmsvcr71.dll
2009-01-19 16:05:08 —-A—- C:Program Filesmsvcr71.dll
2009-01-19 16:04:36 —-A—- C:msvcr71.dll
2009-01-19 15:58:11 —-A—- C:Program Filesmsvcr70.dll
2009-01-19 15:58:01 —-A—- C:msvcr70.dll
2009-01-19 15:57:34 —-D—- C:заработок в интернете
2009-01-19 15:57:32 —-D—- C:Xilisoft_HD_Video_Converter_5.1.17.1114_Portable
2009-01-19 01:16:53 —-D—- C:Documents and SettingsАдминистраторApplication DataMedia Player Classic
2009-01-19 01:15:21 —-A—- C:WINDOWSsystem32unrar.dll
2009-01-19 01:15:12 —-D—- C:Program FilesK-Lite Codec Pack
2009-01-19 00:06:26 —-A—- C:PatchLanGrabber v1.0.EXE
2009-01-19 00:03:27 —-A—- C:SkyGrabber.exe
2009-01-18 23:50:30 —-A—- C:WINDOWSsystem32msvcr70.dll
2009-01-18 23:50:26 —-A—- C:WINDOWSmsvcr70.dll
2009-01-18 23:24:22 —-D—- C:OllyDBG
2009-01-18 23:23:53 —-D—- C:petit
2009-01-18 23:11:44 —-D—- C:PeId
2009-01-18 22:55:21 —-D—- C:ProgDVB
2009-01-18 22:52:20 —-D—- C:Program FilesMaCsKy 0.4
2009-01-18 22:47:55 —-D—- C:12
2009-01-18 22:44:45 —-A—- C:ProgDVB.ini
2009-01-18 22:42:21 —-D—- C:Program FilesSkyGrabber
2009-01-18 22:11:28 —-D—- C:Documents and SettingsАдминистраторApplication DataShareaza
2009-01-18 21:46:24 —-D—- C:Program FilesLanGrabber10
2009-01-18 21:45:12 —-D—- C:Program FilesTuner4PC
2009-01-18 16:52:39 —-A—- C:SPEED2.EXE
2009-01-18 16:28:12 —-N—- C:WINDOWSsystem32ati2sgag.exe
2009-01-18 14:56:22 —-D—- C:Games
2009-01-17 22:51:11 —-D—- C:Program FilespLan2
2009-01-17 22:40:24 —-D—- C:Program FilespLan
2009-01-17 22:23:45 —-D—- C:Program FilesOpenVPN
2009-01-17 22:14:08 —-D—- C:Program FilesDetectiveStory
2009-01-17 21:48:21 —-D—- C:Program FilesCommon FilesDirectX
2009-01-17 21:43:37 —-D—- C:Program FilesRivaTuner v2.11
2009-01-17 21:38:09 —-D—- C:Program FilesATI Technologies
2009-01-17 21:37:34 —-D—- C:ATI
2009-01-17 21:10:49 —-D—- C:Program FilesEA GAMES
2009-01-17 21:08:51 —-D—- C:Program FilesCommon FilesEasyInfo
2009-01-17 21:05:07 —-D—- C:Program FilesuTorrent
2009-01-17 20:57:43 —-D—- C:Program FilesAlcohol Soft
2009-01-17 20:55:20 —-D—- C:Alcohol_120_1.9.6.4629_Ret_www.maxhard.ru
2009-01-17 00:09:07 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-01-17 00:01:11 —-D—- C:Documents and SettingsАдминистраторApplication DataTuneUp Software
2009-01-16 23:56:10 —-D—- C:PortableSoft
2009-01-16 23:50:35 —-D—- C:Темы
2009-01-16 23:08:24 —-D—- C:Program FilesMovie Maker
2009-01-16 22:55:31 —-D—- C:New Folder
2009-01-16 18:18:24 —-D—- C:EKo(copy please)
2009-01-16 18:08:00 —-D—- C:настя
2009-01-16 02:43:54 —-D—- C:WINLITE
2009-01-15 21:41:26 —-A—- C:WINDOWSsystem32AutoPartNt.exe
2009-01-15 21:37:27 —-D—- C:Documents and SettingsАдминистраторApplication DataAcronis
2009-01-15 21:28:04 —-D—- C:Documents and SettingsAll UsersApplication DataAcronis
2009-01-15 21:26:07 —-D—- C:Program FilesAcronis
2009-01-15 21:25:51 —-D—- C:Program FilesCommon FilesAcronis
2009-01-15 20:53:53 —-D—- C:TRueIm
2009-01-15 20:44:39 —-D—- C:WINDOWSpss
2009-01-15 19:04:32 —-D—- C:HD
2009-01-15 17:16:00 —-A—- C:WINDOWSsystem32setupnt.dll
2009-01-15 16:56:02 —-A—- C:WINDOWSwebica.ini
2009-01-15 16:50:53 —-D—- C:Documents and SettingsАдминистраторApplication DataICAClient
2009-01-15 16:44:23 —-D—- C:Program FilesIDAutomation.com Code 39 Font
2009-01-15 16:41:57 —-D—- C:WINDOWSDownloaded Installations
2009-01-15 16:40:53 —-D—- C:WINDOWSsystem32Resource
2009-01-15 16:40:45 —-D—- C:Program FilesCitrix
2009-01-14 22:47:06 —-D—- C:Downloads
2009-01-14 22:46:53 —-D—- C:Documents and SettingsАдминистраторApplication DataDownload Master
2009-01-14 22:46:30 —-D—- C:Program FilesDownload Master
2009-01-14 18:06:35 —-D—- C:FileZillaPortable
2009-01-14 16:30:20 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-14 16:29:42 —-D—- C:Program FilesOntrack
2009-01-14 16:23:12 —-D—- C:Documents and SettingsАдминистраторApplication DataHelp======List of files/folders modified in the last 1 months======
2009-01-31 20:23:19 —-D—- C:WINDOWS
2009-01-31 20:23:07 —-RD—- C:Program Files
2009-01-31 20:17:07 —-D—- C:Program FilesMinefield
2009-01-31 20:16:13 —-D—- C:WINDOWSsystem32
2009-01-26 19:10:58 —-SHD—- C:WINDOWSInstaller
2009-01-26 19:10:39 —-D—- C:Program FilesCommon Files
2009-01-25 23:21:17 —-ASH—- C:boot.ini
2009-01-25 23:21:17 —-A—- C:WINDOWSwin.ini
2009-01-25 23:21:17 —-A—- C:WINDOWSsystem.ini
2009-01-25 19:36:06 —-A—- C:NOD32view.ini
2009-01-25 19:35:56 —-D—- C:Temp
2009-01-25 18:26:42 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-25 17:45:20 —-D—- C:WINDOWSsystem32drivers
2009-01-25 15:19:10 —-D—- C:WINDOWSsystem32dllcache
2009-01-25 15:19:08 —-HD—- C:WINDOWSinf
2009-01-23 18:39:01 —-D—- C:Total Commander
2009-01-22 14:53:29 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2009-01-22 14:42:39 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-22 14:41:47 —-D—- C:WINDOWSime
2009-01-22 14:41:45 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-22 14:41:23 —-D—- C:WINDOWSHelp
2009-01-22 14:41:10 —-D—- C:Program FilesCommon FilesSystem
2009-01-22 14:38:22 —-D—- C:WINDOWSsystem
2009-01-20 00:40:13 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-01-19 16:36:46 —-D—- C:Program FilesWinRAR
2009-01-17 22:25:41 —-D—- C:Program FilesWindows Media Connect 2
2009-01-17 21:52:09 —-D—- C:Program FilesC-Media 3D Audio
2009-01-17 21:37:50 —-D—- C:Program FilesCommon FilesInstallShield
2009-01-16 23:53:30 —-SHD—- C:RECYCLER
2009-01-16 23:26:39 —-RSD—- C:WINDOWSFonts
2009-01-16 23:20:35 —-RD—- C:WINDOWSWeb
2009-01-16 23:08:51 —-D—- C:Program FilesWindows Media Player
2009-01-16 02:51:42 —-D—- C:Documents and Settings
2009-01-14 19:05:24 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-03-13 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-03-13 71176]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R2 tifsfilter;Acronis True Image FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2009-01-15 44704]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-05-03 1540608]
R3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys [2004-02-20 815296]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-03-13 30728]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2008-04-13 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
S3 akjeyd6c;akjeyd6c; C:WINDOWSsystem32driversakjeyd6c.sys []
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-15 40320]
S3 PsSdk41;PsSdk41; ??C:WINDOWSsystem32Driverspssdk41.sys []
S3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.11RivaTuner32.sys []
S3 rvtracer;rvtracer; C:WINDOWSsystem32driversrvtracer.sys []
S3 tap0801;TAP-Win32 Adapter V8; C:WINDOWSsystem32DRIVERStap0801.sys [2006-10-01 26624]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2008-11-04 554264]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-05-03 413696]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-03-13 472320]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-05-03 520192]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-03-13 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-01-20 654848]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
INFO.TXTinfo.txt logfile of random’s system information tool 1.05 2009-01-31 20:23:22
======Uninstall list======
.print Client Windows—>MsiExec.exe /X{FBB862E3-4F8F-4C7C-8D15-1A9FB16A3E41}
Acronis True Image Home—>MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings—>MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings—>MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings—>MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers�d5fe1f44895aadff2baacf24fe1402Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{FD0399AC-A38B-4D4B-8164-D7B73AC24030}
Adobe Setup—>MsiExec.exe /I{30981FCD-4150-4AB4-BAC5-75C9E914347D}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AoRE-UnPaCkTools—>»C:WINDOWSAoRE-UnPaCkToolsuninstall.exe» «/U:C:Program FilesAoRE-UnPaCkToolsUninstalluninstall.xml»
ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AvaLink DC++ 1.55—>C:Program FilesAvaLink DC++Uninstall.exe
Battlejeep—>C:Program FilesBattlejeepuninstall.exe
Camtasia Studio 5—>MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
C-Media 3D Audio—>C:WINDOWSCMIUnInstall.exe
Crayon Physics Deluxe — release 51—>»C:Program FilesCrayon Physics Deluxeunins000.exe»
Download Master version 5.5.7.1145—>»C:Program FilesDownload Masterunins000.exe»
EasyRecovery Professional—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
ESET Smart Security—>MsiExec.exe /I{C8D0BD52-A9A6-4AC0-8223-DB6CD7F1499C}
Fraps (remove only)—>»C:Fraps2uninstall.exe»
GTAVC Replays Manager 1.0—>»C:Мои документыGTA Vice City User FilesRepManRepManUninstall.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
IDAutomation.com Code 39 Font—>C:Program FilesIDAutomation.com Code 39 Fontuninstall.exe
KGB Archiver 1.2.1.24—>»C:Program FilesKGB Archiverunins000.exe»
K-Lite Codec Pack 4.5.3 (Standard)—>»C:Program FilesK-Lite Codec Packunins000.exe»
LanGrabber v1.0—>»C:Program FilesLanGrabber10unins000.exe»
MetaFrame Presentation Server Web Client for Win32—>C:WINDOWSsystem32ctxsetup.exe /uninst C:PROGRA~1Citrixicaweb32uninst.inf
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Minefield (3.2a1pre)—>C:Program FilesMinefielduninstallhelper.exe
Moo Mapper 0.90 Rus—>C:Program FilesMoo Mapper 0.90 Rusuninstall.exe
Moo Mapper Beta 0.72 — Uninstall—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:WINDOWSINFmoomapperi.inf
MSXML 4.0 SP2 (KB941833)—>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NevoSoft Dead Planet (remove only)—>»C:ИгрыDead Planetuninstall.exe»
Norton PartitionMagic 8.0—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
PDF Settings—>MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
pLan OpenVPN Edition—>C:PROGRA~1pLan2UNWISE.EXE C:PROGRA~1pLan2INSTALL.LOG
Restorator 2007—>»C:Program FilesRestorator 2007unins000.exe»
Simple Mail 7.1.365—>C:Program FilesSMMSimple Mail 7Uninstall.exe
SkyGrabber v2.8.6.4—>»C:Program FilesSkyGrabberunins000.exe»
Teleport Pro—>C:Program FilesTeleport ProUninstall.exe
Total Commander 7.03 PowerPack—>»C:Total Commanderuninstall.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
WinHex—>C:Program FilesWinHexWinHex.exe uninst
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Блоттергейст—>C:Program FilesAlawar.ruБлоттергейстUninstall.exe
Лаборатория существ SPORE™—>»C:Program FilesInstallShield Installation Information{8CC42289-E228-4A35-B8A9-015242283BB2}SCCSetup.exe» -runfromtemp -l0x0019 -removeonly
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /UninstallSecuritycenter WMI appears to be broken
System event log
Computer Name: VISTA
Event Code: 6011
Message: NetBIOS-имя и имя DNS-узла этого компьютера были изменены с «MACHINENAME» на «VISTA».Record Number: 5
Source Name: EventLog
Time Written: 20081230201501.000000+180
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 2
Message: При проверке, что DeviceSerial0 является последовательным портом, обнаружена и будет использоваться прямая очередь.Record Number: 4
Source Name: Serial
Time Written: 20081230230841.000000+180
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 2
Message: При проверке, что DeviceSerial1 является последовательным портом, обнаружена и будет использоваться прямая очередь.Record Number: 3
Source Name: Serial
Time Written: 20081230230841.000000+180
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 2
Source Name: EventLog
Time Written: 20081230230838.000000+180
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.Record Number: 1
Source Name: EventLog
Time Written: 20081230230838.000000+180
Event Type: информация
User:Application event log
Computer Name: VISTA
Event Code: 1000
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20081230201831.000000+180
Event Type: информация
User:Computer Name: VISTA
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20081230201824.000000+180
Event Type: информация
User:Computer Name: VISTA
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20081230201632.000000+180
Event Type: информация
User:Computer Name: VISTA
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20081230201548.000000+180
Event Type: информация
User:Computer Name: VISTA
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20081230201517.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 3 Stepping 4, GenuineIntel
«PROCESSOR_REVISION»=0304
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
В логе есть кое-что для удаления.
Запустите HijackThis, для этого кликните Пуск, Выполнить, введите C:Program Filestrend microАдминистратор.exe и нажмите Enter.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:O4 - HKCU..Run: [Копия cftmon.exe] C:Program FilesToS TrialКопия cftmon.exe
O4 - HKCU..Run: [Lan_service] C:Documents and SettingsAll UsersApplication DataADMINsvchost.exe
O4 - HKCU..Run: [cftmon.exe] C:Program FilesToS Trialcftmon.exeКликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Просканируйте компьютер снова используя RSIT и получившийся лог вставьте в ваше следующее сообщение.
Дело в том, что эт я баловался, и уже давно их удалил, их уже нет, но логи ща отправлю
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-02-01 19:08:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (44%) free of 76 GB
Total RAM: 511 MB (51% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:26, on 01.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:Documents and SettingsАдминистраторРабочий столRSIT(3).exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 — HKLM..Run: [AcronisTimounterMonitor] C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
O4 — HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
O4 — HKLM..Run: [Acronis Scheduler2 Service] «C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe»
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7064 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-03-13 1443072]
«Cmaudio»=RunDll32 cmicnfg.cpl []
«AcronisTimounterMonitor»=C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe [2008-11-04 962136]
«TrueImageMonitor.exe»=C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe [2008-11-04 4382376]
«Acronis Scheduler2 Service»=C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe [2008-11-04 165144][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-08-19 30208]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-05-03 61440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=1
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMHelp»=1
«NoSMMyPictures»=1
«NoSMConfigurePrograms»=1
«StartMenuLogoff»=1
«ForceStartMenuLogoff»=0
«ForceClassicControlPanel»=1
«NoResolveTrack»=1
«NoResolveSearch»=1
«NoThumbnailCache»=1
«NoInstrumentation»=1
«NoStartMenuMFUprogramsList»=1
«NoUserNameInStartMenu»=1
«NoCommonGroups»=1
«GreyMSIAds»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E]
shellAutoRuncommand — E:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{07511351-e804-11dd-9fb0-000129ff3f73}]
shellAutoRuncommand — E:autorun.exe======List of files/folders created in the last 1 months======
2009-01-31 22:34:45 —-A—- C:WINDOWSUnGins.exe
2009-01-31 22:34:43 —-D—- C:Bubble Bobble Planet
2009-01-31 22:34:22 —-D—- C:GTA-Vice-City-Back-To-The-Future-Hill-Valley
2009-01-31 22:02:36 —-A—- C:bbultima.exe
2009-01-31 22:02:27 —-A—- C:bbplanet.exe
2009-01-31 22:01:24 —-A—- C:bbworld.exe
2009-01-31 21:23:42 —-A—- C:WINDOWSsystem32xmltok.dll
2009-01-31 21:23:42 —-A—- C:WINDOWSsystem32xmlparse.dll
2009-01-31 21:23:42 —-A—- C:WINDOWSsystem32xmlinst.exe
2009-01-31 21:23:42 —-A—- C:WINDOWSsystem32vp6vfw.dll
2009-01-31 21:23:42 —-A—- C:WINDOWSsystem32vp6install.exe
2009-01-31 21:23:42 —-A—- C:WINDOWSsystem32Cc3250mt.dll
2009-01-31 21:23:41 —-A—- C:WINDOWSsystem32MFC71u.dll
2009-01-31 21:23:41 —-A—- C:WINDOWSsystem32mfc71.dll
2009-01-31 21:23:41 —-A—- C:WINDOWSsystem32mfc70u.dll
2009-01-31 21:23:41 —-A—- C:WINDOWSsystem32mfc70.dll
2009-01-31 21:23:41 —-A—- C:WINDOWSsystem32eax.dll
2009-01-31 21:23:40 —-A—- C:WINDOWSsystem32msxml3a.dll
2009-01-31 21:23:40 —-A—- C:WINDOWSsystem32msvcp71.dll
2009-01-31 21:23:40 —-A—- C:WINDOWSsystem32Msvcp70.dll
2009-01-31 21:23:40 —-A—- C:WINDOWSsystem32msvci70.dll
2009-01-31 21:23:39 —-A—- C:WINDOWSsystem32Vb5db.dll
2009-01-31 21:17:47 —-D—- C:GTA — Vice City Back To The Future Hill Valley
2009-01-31 20:49:15 —-D—- C:WINDOWSTEMP
2009-01-31 20:23:07 —-D—- C:rsit
2009-01-31 20:23:07 —-D—- C:Program Filestrend micro
2009-01-30 15:22:32 —-A—- C:Текстовый документ.txt
2009-01-26 20:16:03 —-D—- C:gtabttf2
2009-01-26 19:18:07 —-D—- C:GTA BTTF
2009-01-26 19:11:02 —-A—- C:WINDOWSsystem32tsccvid.dll
2009-01-26 19:11:01 —-D—- C:WINDOWSsystem32QuickTime
2009-01-26 19:10:53 —-D—- C:Documents and SettingsAll UsersApplication DataTechSmith
2009-01-26 19:10:39 —-D—- C:Program FilesCommon FilesTechSmith Shared
2009-01-26 19:10:37 —-D—- C:Program FilesTechSmith
2009-01-26 18:32:00 —-D—- C:Fraps2
2009-01-26 18:17:38 —-D—- C:Program FilesBattlejeep
2009-01-26 18:00:22 —-A—- C:WINDOWSzip.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSVFIND.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSSWREG.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSsed.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSNIRCMD.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSgrep.exe
2009-01-26 18:00:22 —-A—- C:WINDOWSfdsv.exe
2009-01-26 18:00:21 —-A—- C:WINDOWSSWXCACLS.exe
2009-01-26 18:00:21 —-A—- C:WINDOWSSWSC.exe
2009-01-26 18:00:16 —-D—- C:WINDOWSERDNT
2009-01-26 18:00:16 —-D—- C:Qoobox
2009-01-26 18:00:09 —-D—- C:ComboFix
2009-01-25 19:35:34 —-D—- C:avz_upd
2009-01-25 19:33:46 —-D—- C:Program FilesUnlocker
2009-01-25 18:20:15 —-A—- C:WINDOWSsystem32svchost.exe
2009-01-25 15:29:41 —-A—- C:WINDOWSntbtlog.txt
2009-01-25 15:19:08 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-01-25 15:19:02 —-HD—- C:WINDOWS$hf_mig$
2009-01-25 15:11:46 —-D—- C:avz4
2009-01-25 14:46:27 —-D—- C:WINDOWSsystem32appmgmt
2009-01-24 23:10:54 —-D—- C:Car Models
2009-01-24 23:08:39 —-D—- C:KITT
2009-01-24 23:07:38 —-D—- C:Program FilesText
2009-01-24 23:07:38 —-D—- C:Program FilesModels
2009-01-24 23:07:37 —-D—- C:Program FilesData
2009-01-24 23:07:37 —-D—- C:Program FilesAudio
2009-01-24 23:03:18 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-24 23:03:16 —-D—- C:Fraps
2009-01-24 21:48:24 —-D—- C:Мои документы
2009-01-24 20:51:41 —-D—- C:Program FilesMoo Mapper 0.90 Rus
2009-01-24 18:57:37 —-D—- C:Program FilesMoo Mapper
2009-01-23 18:26:33 —-D—- C:Новая папка
2009-01-22 23:24:53 —-D—- C:Battlejeep
2009-01-22 20:36:20 —-D—- C:resb
2009-01-22 20:08:43 —-D—- C:QUQ
2009-01-22 20:06:57 —-D—- C:WINDOWSAoRE-UnPaCkTools
2009-01-22 20:06:57 —-D—- C:Program FilesAoRE-UnPaCkTools
2009-01-22 20:06:52 —-A—- C:WINDOWSAoRE-UnPaCkTools Setup Log.txt
2009-01-22 19:03:07 —-D—- C:Volf
2009-01-22 17:25:16 —-D—- C:unpack
2009-01-22 17:19:51 —-D—- C:Upack
2009-01-22 16:55:14 —-D—- C:ImpRec
2009-01-22 16:53:02 —-D—- C:lordpe
2009-01-22 16:00:42 —-D—- C:UPX
2009-01-22 14:42:36 —-A—- C:WINDOWSODBC.INI
2009-01-22 14:41:38 —-D—- C:Program FilesMicrosoft Visual Studio
2009-01-22 14:41:38 —-D—- C:Program FilesCommon FilesDesigner
2009-01-22 14:40:55 —-D—- C:WINDOWSMsagent
2009-01-22 14:40:52 —-D—- C:WINDOWSShellNew
2009-01-22 14:40:50 —-D—- C:Program FilesMicrosoft Office
2009-01-22 00:46:51 —-D—- C:Documents and SettingsАдминистраторApplication DataSPORE Creature Creator
2009-01-22 00:45:08 —-D—- C:Program FilesElectronic Arts
2009-01-21 23:21:32 —-A—- C:WINDOWSsystem32WintSys.dll
2009-01-21 23:21:24 —-D—- C:Documents and SettingsAll UsersApplication Datawinsys
2009-01-21 23:18:20 —-D—- C:Program FilesFree Keylogger
2009-01-21 20:13:16 —-A—- C:WINDOWSsystem32tumble.txt
2009-01-21 20:00:25 —-D—- C:Program FilesKGB Archiver
2009-01-21 18:22:07 —-D—- C:ol10xp
2009-01-21 18:20:18 —-A—- C:CmdBar.ini
2009-01-21 18:11:04 —-D—- C:Documents and SettingsАдминистраторApplication DataIdentities
2009-01-21 18:09:50 —-D—- C:AoRE_Unpacker_0.4
2009-01-21 18:09:37 —-D—- C:RLdePacker1.41
2009-01-21 18:09:28 —-D—- C:QuickUnpack_v2.1
2009-01-21 18:09:18 —-D—- C:VMUnpacker_v1.5
2009-01-21 18:06:49 —-D—- C:Набор распаковщиков 3
2009-01-21 16:44:18 —-D—- C:ArmadilloKiller_2.6
2009-01-21 16:25:33 —-D—- C:Program FilesTeleport Pro
2009-01-20 00:35:32 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2009-01-20 00:32:54 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-20 00:32:09 —-D—- C:Program FilesBonjour
2009-01-20 00:24:23 —-D—- C:Program FilesAdobe
2009-01-20 00:23:39 —-D—- C:Program FilesCommon FilesMacrovision Shared
2009-01-20 00:22:00 —-D—- C:Program FilesCommon FilesAdobe
2009-01-19 22:07:39 —-D—- C:Documents and SettingsАдминистраторApplication DataCrayon Physics Deluxe
2009-01-19 22:07:15 —-D—- C:Program FilesCrayon Physics Deluxe
2009-01-19 21:49:55 —-D—- C:crayon
2009-01-19 21:19:16 —-D—- C:nod_upd
2009-01-19 21:19:16 —-D—- C:eset_upd
2009-01-19 20:24:27 —-D—- C:Program FilesWinHex
2009-01-19 20:23:56 —-D—- C:winhex
2009-01-19 20:23:36 —-D—- C:TRSHREG
2009-01-19 20:10:40 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-01-19 20:10:12 —-D—- C:petools
2009-01-19 20:04:34 —-D—- C:Program FilesAlawar.ru
2009-01-19 20:03:51 —-D—- C:Игры
2009-01-19 19:21:27 —-D—- C:WINDOWSRegisteredPackages
2009-01-19 19:20:43 —-A—- C:WINDOWSsystem32psisdecd.dll
2009-01-19 19:20:41 —-A—- C:WINDOWSsystem32dxdllreg.exe
2009-01-19 19:20:38 —-D—- C:WINDOWSsystem32DirectX
2009-01-19 17:47:24 —-D—- C:Program FilesAvaLink DC++
2009-01-19 17:26:52 —-D—- C:Program FilesSMM
2009-01-19 16:19:28 —-A—- C:WINDOWSsystem32RestoratorContextMenu.dll
2009-01-19 16:19:20 —-D—- C:Program FilesRestorator 2007
2009-01-19 16:13:54 —-D—- C:Restorator 2007.3.70.1729.Rus
2009-01-19 16:05:16 —-A—- C:WINDOWSsystem32msvcr71.dll
2009-01-19 16:05:08 —-A—- C:Program Filesmsvcr71.dll
2009-01-19 16:04:36 —-A—- C:msvcr71.dll
2009-01-19 15:58:11 —-A—- C:Program Filesmsvcr70.dll
2009-01-19 15:58:01 —-A—- C:msvcr70.dll
2009-01-19 15:57:34 —-D—- C:заработок в интернете
2009-01-19 15:57:32 —-D—- C:Xilisoft_HD_Video_Converter_5.1.17.1114_Portable
2009-01-19 01:16:53 —-D—- C:Documents and SettingsАдминистраторApplication DataMedia Player Classic
2009-01-19 01:15:21 —-A—- C:WINDOWSsystem32unrar.dll
2009-01-19 01:15:12 —-D—- C:Program FilesK-Lite Codec Pack
2009-01-19 00:06:26 —-A—- C:PatchLanGrabber v1.0.EXE
2009-01-19 00:03:27 —-A—- C:SkyGrabber.exe
2009-01-18 23:50:30 —-A—- C:WINDOWSsystem32msvcr70.dll
2009-01-18 23:24:22 —-D—- C:OllyDBG
2009-01-18 23:23:53 —-D—- C:petit
2009-01-18 23:11:44 —-D—- C:PeId
2009-01-18 22:55:21 —-D—- C:ProgDVB
2009-01-18 22:52:20 —-D—- C:Program FilesMaCsKy 0.4
2009-01-18 22:47:55 —-D—- C:12
2009-01-18 22:44:45 —-A—- C:ProgDVB.ini
2009-01-18 22:42:21 —-D—- C:Program FilesSkyGrabber
2009-01-18 22:11:28 —-D—- C:Documents and SettingsАдминистраторApplication DataShareaza
2009-01-18 21:46:24 —-D—- C:Program FilesLanGrabber10
2009-01-18 21:45:12 —-D—- C:Program FilesTuner4PC
2009-01-18 16:52:39 —-A—- C:SPEED2.EXE
2009-01-18 16:28:12 —-N—- C:WINDOWSsystem32ati2sgag.exe
2009-01-18 14:56:22 —-D—- C:Games
2009-01-17 22:51:11 —-D—- C:Program FilespLan2
2009-01-17 22:40:24 —-D—- C:Program FilespLan
2009-01-17 22:23:45 —-D—- C:Program FilesOpenVPN
2009-01-17 22:14:08 —-D—- C:Program FilesDetectiveStory
2009-01-17 21:48:21 —-D—- C:Program FilesCommon FilesDirectX
2009-01-17 21:43:37 —-D—- C:Program FilesRivaTuner v2.11
2009-01-17 21:38:09 —-D—- C:Program FilesATI Technologies
2009-01-17 21:37:34 —-D—- C:ATI
2009-01-17 21:10:49 —-D—- C:Program FilesEA GAMES
2009-01-17 21:08:51 —-D—- C:Program FilesCommon FilesEasyInfo
2009-01-17 21:05:07 —-D—- C:Program FilesuTorrent
2009-01-17 20:57:43 —-D—- C:Program FilesAlcohol Soft
2009-01-17 20:55:20 —-D—- C:Alcohol_120_1.9.6.4629_Ret_www.maxhard.ru
2009-01-17 00:09:07 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-01-17 00:01:11 —-D—- C:Documents and SettingsАдминистраторApplication DataTuneUp Software
2009-01-16 23:56:10 —-D—- C:PortableSoft
2009-01-16 23:50:35 —-D—- C:Темы
2009-01-16 23:08:24 —-D—- C:Program FilesMovie Maker
2009-01-16 22:55:31 —-D—- C:New Folder
2009-01-16 18:18:24 —-D—- C:EKo(copy please)
2009-01-16 18:08:00 —-D—- C:настя
2009-01-16 02:43:54 —-D—- C:WINLITE
2009-01-15 21:41:26 —-A—- C:WINDOWSsystem32AutoPartNt.exe
2009-01-15 21:37:27 —-D—- C:Documents and SettingsАдминистраторApplication DataAcronis
2009-01-15 21:28:04 —-D—- C:Documents and SettingsAll UsersApplication DataAcronis
2009-01-15 21:26:07 —-D—- C:Program FilesAcronis
2009-01-15 21:25:51 —-D—- C:Program FilesCommon FilesAcronis
2009-01-15 20:53:53 —-D—- C:TRueIm
2009-01-15 20:44:39 —-D—- C:WINDOWSpss
2009-01-15 19:04:32 —-D—- C:HD
2009-01-15 17:16:00 —-A—- C:WINDOWSsystem32setupnt.dll
2009-01-15 16:56:02 —-A—- C:WINDOWSwebica.ini
2009-01-15 16:50:53 —-D—- C:Documents and SettingsАдминистраторApplication DataICAClient
2009-01-15 16:44:23 —-D—- C:Program FilesIDAutomation.com Code 39 Font
2009-01-15 16:41:57 —-D—- C:WINDOWSDownloaded Installations
2009-01-15 16:40:53 —-D—- C:WINDOWSsystem32Resource
2009-01-15 16:40:45 —-D—- C:Program FilesCitrix
2009-01-14 22:47:06 —-D—- C:Downloads
2009-01-14 22:46:53 —-D—- C:Documents and SettingsАдминистраторApplication DataDownload Master
2009-01-14 22:46:30 —-D—- C:Program FilesDownload Master
2009-01-14 18:06:35 —-D—- C:FileZillaPortable
2009-01-14 16:30:20 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-14 16:29:42 —-D—- C:Program FilesOntrack
2009-01-14 16:23:12 —-D—- C:Documents and SettingsАдминистраторApplication DataHelp======List of files/folders modified in the last 1 months======
2009-02-01 19:06:02 —-D—- C:Program FilesMinefield
2009-02-01 13:03:58 —-A—- C:NOD32view.ini
2009-02-01 12:59:24 —-D—- C:Temp
2009-01-31 22:34:45 —-D—- C:WINDOWS
2009-01-31 22:26:47 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-31 21:23:42 —-D—- C:WINDOWSsystem32
2009-01-31 20:23:07 —-RD—- C:Program Files
2009-01-26 19:10:58 —-SHD—- C:WINDOWSInstaller
2009-01-26 19:10:39 —-D—- C:Program FilesCommon Files
2009-01-25 23:21:17 —-ASH—- C:boot.ini
2009-01-25 23:21:17 —-A—- C:WINDOWSwin.ini
2009-01-25 23:21:17 —-A—- C:WINDOWSsystem.ini
2009-01-25 17:45:20 —-D—- C:WINDOWSsystem32drivers
2009-01-25 15:19:10 —-D—- C:WINDOWSsystem32dllcache
2009-01-25 15:19:08 —-HD—- C:WINDOWSinf
2009-01-23 18:39:01 —-D—- C:Total Commander
2009-01-22 14:53:29 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2009-01-22 14:42:39 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-22 14:41:47 —-D—- C:WINDOWSime
2009-01-22 14:41:45 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-22 14:41:23 —-D—- C:WINDOWSHelp
2009-01-22 14:41:10 —-D—- C:Program FilesCommon FilesSystem
2009-01-22 14:38:22 —-D—- C:WINDOWSsystem
2009-01-20 00:40:13 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-01-19 16:36:46 —-D—- C:Program FilesWinRAR
2009-01-17 22:25:41 —-D—- C:Program FilesWindows Media Connect 2
2009-01-17 21:52:09 —-D—- C:Program FilesC-Media 3D Audio
2009-01-17 21:37:50 —-D—- C:Program FilesCommon FilesInstallShield
2009-01-16 23:53:30 —-SHD—- C:RECYCLER
2009-01-16 23:26:39 —-RSD—- C:WINDOWSFonts
2009-01-16 23:20:35 —-RD—- C:WINDOWSWeb
2009-01-16 23:08:51 —-D—- C:Program FilesWindows Media Player
2009-01-16 02:51:42 —-D—- C:Documents and Settings
2009-01-14 19:05:24 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:WINDOWSsystem32DRIVERSepfwtdi.sys [2008-03-13 54280]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:WINDOWSsystem32DRIVERSepfw.sys [2008-03-13 71176]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R2 tifsfilter;Acronis True Image FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2009-01-15 44704]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-05-03 1540608]
R3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys [2004-02-20 815296]
R3 Epfwndis;Eset Personal Firewall; C:WINDOWSsystem32DRIVERSEpfwndis.sys [2008-03-13 30728]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2008-04-13 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
S3 a5bl8qia;a5bl8qia; C:WINDOWSsystem32driversa5bl8qia.sys []
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-15 40320]
S3 PsSdk41;PsSdk41; ??C:WINDOWSsystem32Driverspssdk41.sys []
S3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.11RivaTuner32.sys []
S3 rvtracer;rvtracer; C:WINDOWSsystem32driversrvtracer.sys []
S3 tap0801;TAP-Win32 Adapter V8; C:WINDOWSsystem32DRIVERStap0801.sys [2006-10-01 26624]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2008-11-04 554264]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-05-03 413696]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-02-01 468224]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2006-05-03 520192]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-03-13 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-01-20 654848]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
Valeri
Я с помощью Uloker’а узнал, что файлом пользуется MineField(Английская Мозилла, которая у меня и стоит), скопировал его, вот ссылка на файл, может что-то даст http://webfile.ru/2605215
Наиболее вероятно, что этот файл используется вашей версией Firefox для внутренних целей.
С компьютером сейчас есть какие-либо проблемы ?Нет, проблемы пропали.(Однако меня настораживает фотошопский Bonjour), а так все ок
Рад вам помочь.
Bonjour — с этой службой всё нормально, можете не заморачиваться 🙂
И ещё, судя по RSIT логу у вас нет антивируса, это не порядок. Установите любой бесплатный, например AVG или Avast.
Кроме этого можете установить программу Spybot Search and Destroy, это довольно неплохая дополнительная защита от шпионских и других вредоносных программ.Всего доброго.
- Для ответа в этой теме необходимо авторизоваться.
