Созданные ответы форума
-
Сообщения
-
По Вашей инструкции просканировал ПК с помощью программы OTViewIt, получил два лога:
(OTViewIt.txt)OTViewIt logfile created on: 28.12.2008 10:58:39 — Run
OTViewIt by OldTimer — Version 1.0.20.1 Folder = C:Documents and SettingsUserРабочий стол
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy255,48 Mb Total Physical Memory | 88,93 Mb Available Physical Memory | 34,81% Memory free
618,57 Mb Paging File | 356,35 Mb Available in Paging File | 57,61% Paging File free
Paging file location(s): C:pagefile.sys 384 768;%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 37,26 Gb Total Space | 26,00 Gb Free Space | 69,78% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 12,85 Gb Total Space | 8,75 Gb Free Space | 68,08% Space Free | Partition Type: NTFS
Drive F: | 24,40 Gb Total Space | 3,17 Gb Free Space | 12,98% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: CHELOVEKI
Current User Name: User
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days========== Processes ==========
[2004.08.17 11:05:06 | 00,050,688 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32smss.exe
[2004.09.17 11:16:00 | 00,503,808 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32winlogon.exe
[2004.08.17 11:05:04 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe
[2004.08.17 11:04:48 | 01,032,704 | —- | M] (Корпорация Майкрософт) — C:WINDOWSExplorer.EXE
[2008.11.18 23:55:36 | 00,231,952 | —- | M] (Kaspersky Lab) — C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe
[2007.09.24 19:11:44 | 00,566,560 | —- | M] (ABBYY (BIT Software)) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
[2002.08.02 16:00:12 | 00,046,592 | R— | M] (Avance Logic, Inc.) — C:WINDOWSSOUNDMAN.EXE
[2004.05.17 10:34:10 | 00,360,448 | —- | M] (Samsung Electronics.) — C:WINDOWSSamsungComSMMgrssmmgr.exe
[2002.10.10 15:44:26 | 00,262,144 | —- | M] (Structu Rise) — E:Program FilesKleptomaniak-mania.exe
[2008.11.18 23:55:36 | 00,231,952 | —- | M] (Kaspersky Lab) — C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe
[2008.11.01 05:46:58 | 00,307,712 | —- | M] (Mozilla Corporation) — C:Program FilesMozilla Firefoxfirefox.exe
[2002.09.16 05:11:00 | 00,646,180 | —- | M] (C. Ghisler & Co.) — C:Program FilesWindows CommanderWINCMD32.EXE
[2008.12.28 10:57:42 | 00,423,424 | —- | M] (OldTimer Tools) — C:Documents and SettingsUserРабочий столOTViewIt.exe========== (O23) Win32 Services ==========
[2007.09.24 19:11:44 | 00,566,560 | —- | M] (ABBYY (BIT Software)) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe — (ABBYY.Licensing.FineReader.Professional.9.0 [Auto | Running])
[2005.09.23 07:28:32 | 00,029,896 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe — (aspnet_state [On_Demand | Stopped])
[2008.11.18 23:55:36 | 00,231,952 | —- | M] (Kaspersky Lab) — C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe — (AVP [Auto | Running])
[2005.09.23 07:28:56 | 00,066,240 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004.08.17 11:05:04 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (Eventlog [Auto | Running])
[2006.10.20 21:21:24 | 00,036,864 | —- | M] (Microsoft Corporation) — c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe — (FontCache3.0.0.0 [On_Demand | Stopped])
[2006.10.30 03:33:58 | 00,741,376 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe — (idsvc [Unknown | Stopped])
[2004.08.17 11:04:52 | 00,150,016 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32imapi.exe — (ImapiService [On_Demand | Stopped])
[2004.08.17 16:04:54 | 00,032,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32mnmsrvc.exe — (mnmsrvc [On_Demand | Stopped])
[2004.08.17 11:04:58 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDE [Disabled | Stopped])
[2004.08.17 11:04:58 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDEdsdm [Disabled | Stopped])
[2006.10.30 03:34:02 | 00,122,880 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe — (NetTcpPortSharing [Disabled | Stopped])
[2003.07.28 20:28:22 | 00,089,136 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
[2004.08.17 11:05:04 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (PlugPlay [Auto | Running])
[2004.08.17 16:05:06 | 00,141,312 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sessmgr.exe — (RDSessMgr [On_Demand | Stopped])
[2004.08.17 11:05:04 | 00,096,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32SCardSvr.exe — (SCardSvr [On_Demand | Stopped])
[2004.08.17 11:05:06 | 00,091,648 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smlogsvc.exe — (SysmonLog [On_Demand | Stopped])
[2004.08.17 11:05:08 | 00,073,216 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32tlntsvr.exe — (TlntSvr [Disabled | Stopped])
[2004.08.17 11:05:10 | 00,290,304 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32vssvc.exe — (VSS [On_Demand | Stopped])
[2004.08.17 16:05:12 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32wbemwmiapsrv.exe — (WmiApSrv [On_Demand | Stopped])========== Driver Services ==========
[2004.08.17 10:46:54 | 00,188,288 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSACPI.sys — (ACPI [Boot | Running])
[2001.10.20 11:00:00 | 00,011,776 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversacpiec.sys — (ACPIEC [Disabled | Stopped])
[2002.08.02 15:10:44 | 00,659,228 | R— | M] (Avance Logic, Inc.) — C:WINDOWSsystem32driversALCXWDM.SYS — (ALCXWDM [On_Demand | Running])
[2004.05.17 18:04:16 | 00,041,984 | —- | M] (DeviceGuys, Inc.) — C:WINDOWSSystem32DriversDgiVecp.sys — (DgiVecp [Auto | Running])
[2001.10.05 10:35:32 | 00,034,356 | —- | M] (D-Link Corporation.) — C:WINDOWSsystem32DRIVERSdl2xd50.sys — (DL2X [On_Demand | Running])
[2001.10.20 11:00:00 | 00,034,944 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversfips.sys — (Fips [System | Running])
[2001.10.20 11:00:00 | 00,125,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSftdisk.sys — (Ftdisk [Boot | Running])
[2004.08.03 23:08:22 | 00,010,624 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32DRIVERSgameenum.sys — (gameenum [On_Demand | Running])
[2004.08.17 10:51:24 | 00,053,376 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSi8042prt.sys — (i8042prt [System | Running])
[2002.08.14 00:00:00 | 00,013,782 | —- | M] (Intel Corporation) — C:WINDOWSsystem32DRIVERSIdeBusDr.sys — (IdeBusDr [Boot | Running])
[2002.08.14 00:00:00 | 00,093,594 | —- | M] (Intel Corporation) — C:WINDOWSsystem32DRIVERSIdeChnDr.sys — (IdeChnDr [Boot | Running])
[2004.08.17 15:53:20 | 00,005,504 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSintelide.sys — (IntelIde [Boot | Running])
[2001.10.20 11:00:00 | 00,036,096 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSisapnp.sys — (isapnp [Boot | Running])
[2004.08.17 10:54:38 | 00,024,832 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSkbdclass.sys — (Kbdclass [System | Running])
[2008.11.18 23:55:36 | 00,194,320 | —- | M] (Kaspersky Lab) — C:WINDOWSsystem32driversklif.sys — (klif [System | Running])
[2004.08.17 11:16:30 | 00,030,208 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversmodem.sys — (Modem [On_Demand | Stopped])
[2004.08.17 11:16:30 | 00,023,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSmouclass.sys — (Mouclass [System | Running])
[2001.08.17 22:00:04 | 00,002,944 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversmsmpu401.sys — (ms_mpu401 [On_Demand | Running])
[2004.08.03 22:29:56 | 01,897,408 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32DRIVERSnv4_mini.sys — (nv [On_Demand | Running])
[2004.08.17 11:16:30 | 00,080,128 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSparport.sys — (Parport [On_Demand | Running])
[2001.10.20 11:00:00 | 00,006,912 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversparvdm.sys — (ParVdm [Auto | Running])
[2004.08.17 10:46:56 | 00,068,480 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSpci.sys — (PCI [Boot | Running])
[2001.10.20 11:00:00 | 00,003,328 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driverspciide.sys — (PCIIde [Boot | Running])
[2004.08.17 10:47:02 | 00,119,936 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driverspcmcia.sys — (Pcmcia [Disabled | Stopped])
[2008.11.18 22:58:36 | 00,009,856 | —- | M] (Padus, Inc.) — C:WINDOWSsystem32driverspfc.sys — (pfc [On_Demand | Running])
[2001.10.20 11:00:00 | 00,017,792 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSsystem32DRIVERSptilink.sys — (Ptilink [On_Demand | Running])
[2004.08.17 15:49:32 | 00,058,112 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSredbook.sys — (redbook [System | Running])
[2004.07.17 06:36:38 | 00,027,440 | —- | M] () — C:WINDOWSsystem32DRIVERSsecdrv.sys — (Secdrv [On_Demand | Stopped])
[2004.08.17 10:51:24 | 00,065,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSserial.sys — (Serial [System | Running])
[2004.08.17 15:58:30 | 00,073,472 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32DRIVERSsr.sys — (sr [Boot | Running])
[2004.08.03 18:07:46 | 00,223,616 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32DRIVERStcpip6.sys — (Tcpip6 [System | Running])
[2004.08.17 11:16:30 | 00,012,416 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32DRIVERStunmp.sys — (tunmp [On_Demand | Running])
[2004.08.17 10:53:24 | 00,051,968 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversvolsnap.sys — (VolSnap [Boot | Running])========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain]
«Default_Page_URL»=http://go.microsoft.com/fwlink/?LinkId=69157
«Default_Search_URL»=http://go.microsoft.com/fwlink/?LinkId=54896
«Default_Secondary_Page_URL»=
«Extensions Off Page»=about:NoAdd-ons
«Local Page»=%SystemRoot%system32blank.htm
«Search Page»=http://go.microsoft.com/fwlink/?LinkId=54896
«Security Risk Page»=about:SecurityRisk
«Start Page»=http://go.microsoft.com/fwlink/?LinkId=69157[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch]
«CustomizeSearch»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
«SearchAssistant»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain]
«Default_Page_URL»=http://search.qip.ru
«Default_Search_URL»=http://search.qip.ru
«Local Page»=C:WINDOWSsystem32blank.htm
«Page_Transitions»=
«Search Page»=http://search.qip.ru
«Start Page»=http://www.yandex.ru/[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearch]
«SearchAssistant»=http://search.qip.ru[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchURL]
«»=http://search.qip.ru/search?query=%s&from=IE[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32ieframe.dll (Microsoft Corporation)[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERS.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERSS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERSS-1-5-19SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-20SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SOFTWAREMicrosoftInternet ExplorerMain]
«Default_Page_URL»=http://search.qip.ru
«Default_Search_URL»=http://search.qip.ru
«Local Page»=C:WINDOWSsystem32blank.htm
«Page_Transitions»=
«Search Page»=http://search.qip.ru
«Start Page»=http://www.yandex.ru/[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SOFTWAREMicrosoftInternet ExplorerSearch]
«SearchAssistant»=http://search.qip.ru[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerSearchURL]
«»=http://search.qip.ru/search?query=%s&from=IE[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32ieframe.dll (Microsoft Corporation)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0========== (O1) Hosts File ==========
HOSTS File = (769 bytes) — C:WINDOWSSystem32driversetcHosts
First 25 entries…
127.0.0.1 localhost========== (O2) BHO’s ==========
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (Adobe Systems Incorporated)========== (O3) Toolbars ==========
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{2318C2B1-4965-11D4-9B18-009027A5CD4F}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{0E5CBF21-D15F-11D0-8301-00AA005B4383}» (HKLM) — C:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{2318C2B1-4965-11D4-9B18-009027A5CD4F}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{0E5CBF21-D15F-11D0-8301-00AA005B4383}» (HKLM) — C:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AVP»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe» (Kaspersky Lab)
«KernelFaultCheck»=%systemroot%system32dumprep 0 -k File not found
«Samsung Common SM»=»C:WINDOWSSamsungComSMMgrssmmgr.exe» /autorun (Samsung Electronics.)
«SoundMan»=SOUNDMAN.EXE (Avance Logic, Inc.)[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Kleptomania»=E:Program FilesKleptomaniak-mania.exe (Structu Rise)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SOFTWAREMicrosoftWindowsCurrentVersionRun]
«Kleptomania»=E:Program FilesKleptomaniak-mania.exe (Structu Rise)========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145[HKEY_USERSS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145[HKEY_USERSS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE [2003.08.13 10:34:38 | 10,073,144 | —- | M] (Microsoft Corporation)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE [2003.08.13 10:34:38 | 10,073,144 | —- | M] (Microsoft Corporation)========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Справочные материалы — %SystemDrive%PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL [2003.07.15 06:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 — %SystemRoot%Network Diagnosticxpnetdiag.exe [2006.10.10 17:44:50 | 00,557,568 | —- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger — %ProgramFiles%Messengermsmsgs.exe [2004.08.17 16:17:40 | 01,667,584 | —- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger — %ProgramFiles%Messengermsmsgs.exe [2004.08.17 16:17:40 | 01,667,584 | —- | M] (Microsoft Corporation)[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL [Справочные материалы] -> [2003.07.15 06:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
CmdMapping\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%Messengermsmsgs.exe [Messenger] -> [2004.08.17 16:17:40 | 01,667,584 | —- | M] (Microsoft Corporation)[HKEY_USERS.DEFAULTSOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%Messengermsmsgs.exe [Messenger] -> [2004.08.17 16:17:40 | 01,667,584 | —- | M] (Microsoft Corporation)[HKEY_USERSS-1-5-18SOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%Messengermsmsgs.exe [Messenger] -> [2004.08.17 16:17:40 | 01,667,584 | —- | M] (Microsoft Corporation)[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL [Справочные материалы] -> [2003.07.15 06:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
CmdMapping\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%Messengermsmsgs.exe [Messenger] -> [2004.08.17 16:17:40 | 01,667,584 | —- | M] (Microsoft Corporation)========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerPlugins]
PluginsPage: «» = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: «» = Microsoft ActiveX Gallery========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix]
«»=http://========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
1 domain(s) and sub-domain(s) not assigned to a zone.========== (O17) DNS Name Servers ==========
{06DB7ED4-7A0E-4E16-848E-CFD4CF0BCB9E} (Servers: | Description: )
{A064C807-B955-43A4-A0D2-7F894C692E69} (Servers: 213.135.97.131,213.135.96.250 | Description: D-Link DGE-550T Gigabit Ethernet Adapter)========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
«Shell»=Explorer.exe
>[2004.08.17 11:04:48 | 01,032,704 | —- | M] (Корпорация Майкрософт) — C:WINDOWSExplorer.exe«UserInit»=C:WINDOWSsystem32userinit.exe,
>[2004.08.17 11:05:10 | 00,025,088 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32userinit.exe«UIHost»=logonui.exe
>[2004.08.17 11:04:52 | 00,515,072 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32logonui.exe«VMApplet»=rundll32 shell32,Control_RunDLL «sysdm.cpl»
>[2004.08.17 11:04:30 | 08,401,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32shell32.dll
>[2004.08.17 11:05:12 | 00,300,032 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sysdm.cpl========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify]
crypt32chain: «DllName» = crypt32.dll — C:WINDOWSsystem32crypt32.dll (Корпорация Майкрософт)
cscdll: «DllName» = cscdll.dll — C:WINDOWSsystem32cscdll.dll (Корпорация Майкрософт)
klogon: «DllName» = C:WINDOWSsystem32klogon.dll — C:WINDOWSsystem32klogon.dll (Kaspersky Lab)
ScCertProp: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
Schedule: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
sclgntfy: «DllName» = sclgntfy.dll — C:WINDOWSsystem32sclgntfy.dll (Корпорация Майкрософт)
SensLogn: «DllName» = WlNotify.dll — C:WINDOWSsystem32WlNotify.dll (Корпорация Майкрософт)
termsrv: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
wlballoon: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«CDBurn»={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) — C:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«PostBootReminder»={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) — C:WINDOWSsystem32SHELL32.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«SysTray»={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) — C:WINDOWSsystem32stobject.dll (Корпорация Майкрософт)========== (O22) Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{438755C2-A8BA-11D1-B96B-00A0C90312E1}» (HKLM) = Предзагрузчик Browseui — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{8C7461EF-2B13-11d2-BE35-3078302C2030}» (HKLM) = Демон кэша категорий компонентов — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>[2004.08.17 11:04:14 | 00,068,608 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32digest.dll
>[2004.08.17 11:04:24 | 00,290,816 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32msnsspc.dll========== Safeboot Options ==========
«AlternateShell»=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCdrom]
«AutoRun» = 1========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008.11.17 20:38:42 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ FAT32 ]========== Files/Folders — Created Within 30 Days ==========
[1 C:WINDOWSSystem32*.tmp files]
[3 C:WINDOWS*.tmp files]
[8 C:Documents and SettingsUserМои документы*.tmp files]
[2008.12.28 10:54:03 | 00,000,000 | —- | C] () — C:OTViewIt.exe
[2008.12.28 10:41:21 | 00,423,424 | —- | C] (OldTimer Tools) — C:Documents and SettingsUserРабочий столOTViewIt.exe
[2008.12.28 10:29:33 | 26,796,4416 | -HS- | C] () — C:hiberfil.sys
[2008.12.26 11:03:45 | 00,000,121 | —- | C] () — C:WINDOWSSCPERS32.INI
[2008.12.26 10:42:15 | 00,000,000 | —D | C] — C:rsit
[2008.12.26 10:36:08 | 00,781,851 | —- | C] () — C:Documents and SettingsUserРабочий столRSIT.exe
[2008.12.25 20:27:19 | 00,000,712 | —- | C] () — C:Documents and SettingsUserРабочий столHijackThis.lnk
[2008.12.25 20:21:21 | 00,026,112 | —- | C] () — C:Documents and SettingsUserМои документыKaspersky Lab онлайн сканер.doc
[2008.12.25 19:46:16 | 00,000,000 | -HSD | C] — C:WINDOWSCSC
[2008.12.25 15:20:51 | 00,000,074 | —- | C] () — C:WINDOWSSLENGINE.INI
[2008.12.25 11:02:27 | 00,000,000 | —D | C] — C:Documents and SettingsUserРабочий столМОСу
[2008.12.24 13:17:29 | 00,000,000 | —D | C] — C:Documents and SettingsUserApplication DataMalwarebytes
[2008.12.24 13:17:20 | 00,000,600 | —- | C] () — C:Documents and SettingsAll UsersРабочий столMalwarebytes’ Anti-Malware.lnk
[2008.12.24 13:17:19 | 00,015,504 | —- | C] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbam.sys
[2008.12.24 13:17:15 | 00,038,496 | —- | C] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbamswissarmy.sys
[2008.12.24 13:17:13 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataMalwarebytes
[2008.12.24 13:17:12 | 00,000,000 | —D | C] — C:Program FilesMalwarebytes’ Anti-Malware
[2008.12.24 11:24:50 | 00,044,544 | —- | C] () — C:Documents and SettingsUserМои документыПРО_ТРОЯНЫ.doc
[2008.12.24 11:24:50 | 00,000,162 | -H— | C] () — C:Documents and SettingsUserМои документы~$О_ТРОЯНЫ.doc
[2008.12.23 23:19:31 | 15,036,854 | —- | C] () — C:Documents and SettingsUserРабочий столpharm 004.TIF
[2008.12.23 23:14:26 | 02,858,999 | —- | C] () — C:Documents and SettingsUserРабочий столpharm 004.jpg
[2008.12.23 19:20:30 | 00,000,000 | -HSD | C] — C:FOUND.000
[2008.12.20 21:12:48 | 00,548,864 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcp80.dll
[2008.12.20 17:36:09 | 15,071,351 | —- | C] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов_после_удаления_некоторых_ф.mrs
[2008.12.20 16:58:52 | 01,863,722 | —- | C] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов.html
[2008.12.20 16:58:26 | 01,409,323 | —- | C] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов.csv
[2008.12.20 16:57:11 | 09,076,736 | —- | C] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов.mrs
[2008.12.20 13:19:14 | 00,000,666 | —- | C] () — C:Documents and SettingsUserРабочий столClone Remover 3.3.lnk
[2008.12.18 22:29:03 | 00,000,000 | —D | C] — C:ВОПРОСЫ_ПФ
[2008.12.18 19:55:49 | 00,626,688 | —- | C] (Microsoft Corporation) — C:WINDOWSmsvcr80.dll
[2008.12.18 19:21:36 | 00,000,000 | —D | C] — C:Documents and SettingsUserLocal SettingsApplication DataSymantec
[2008.12.18 11:52:53 | 00,095,232 | —- | C] () — C:Documents and SettingsUserМои документыПРОВЕРКА НОРТОНОМ.doc
[2008.12.17 20:32:53 | 00,092,160 | —- | C] () — C:Documents and SettingsUserРабочий столЧтобы проверить конфигурацию TCP.doc
[2008.12.17 20:24:49 | 00,031,744 | —- | C] () — C:Documents and SettingsUserМои документыТЕСТИРОВАНИЕ ПК.doc
[2008.12.14 20:21:28 | 00,000,173 | —- | C] () — C:WINDOWSUserGate.ini
[2008.12.14 20:12:20 | 00,000,035 | —- | C] () — C:WINDOWSiltwain.ini
[2008.12.14 18:46:30 | 04,561,408 | —- | C] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов_короткий.xls
[2008.12.14 18:45:55 | 01,855,968 | —- | C] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов_короткий.csv
[2008.12.14 01:41:28 | 29,194,539 | —- | C] () — C:Documents and SettingsUserМои документыРез-т_поиска_одинак_файлов.mrs
[2008.12.14 01:40:34 | 02,055,528 | —- | C] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов.csv
[2008.12.14 01:39:16 | 29,194,539 | —- | C] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов.mrs
[2008.12.14 01:14:18 | 00,000,000 | —D | C] — C:Documents and SettingsUserРабочий столМУЗЫКА_
[2008.12.14 00:21:15 | 00,000,000 | —D | C] — C:Documents and SettingsUserLocal SettingsApplication DataPCHealth
[2008.12.13 21:04:52 | 00,024,064 | —- | C] () — C:Documents and SettingsUserМои документыПРОГРАММА ДЛЯ ПОИСКА ОДИНАКОВЫХ ФАЙЛОВ.doc
[2008.12.13 20:11:43 | 00,000,000 | —D | C] — C:Program FilesMoleskinsoft Clone Remover 3.3
[2008.12.13 20:10:29 | 00,000,000 | —D | C] — C:Documents and SettingsUserРабочий столMoleskinsoft.Clone.Remover.3.3
[2008.12.13 17:17:37 | 00,000,000 | —- | C] () — C:WINDOWSui.INI
[2008.12.13 16:57:39 | 00,000,000 | —D | C] — C:Program FilesABBYY FineReader 9.0
[2008.12.12 20:14:22 | 00,000,006 | -H— | C] () — C:WINDOWStasksSA.DAT
[2008.12.11 21:01:55 | 00,000,000 | —D | C] — C:ОЛИНО
[2008.12.10 23:16:30 | 00,036,864 | —- | C] () — C:Documents and SettingsUserРабочий столhome_bild1.jpg
[2008.12.10 10:11:32 | 00,032,768 | -HS- | C] () — C:FOUND.002
[2008.12.09 20:09:48 | 04,535,791 | —- | C] ( ) — C:Documents and SettingsUserМои документыqipinfium9020.exe
[2008.12.08 21:16:31 | 00,000,000 | —D | C] — C:WINDOWSie7updates
[2008.12.08 21:15:57 | 01,060,864 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheieframe.dll.mui
[2008.12.08 21:15:57 | 00,459,264 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcachemsfeeds.dll
[2008.12.08 21:15:57 | 00,267,776 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheiertutil.dll
[2008.12.08 21:15:57 | 00,052,224 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcachemsfeedsbs.dll
[2008.12.08 21:15:56 | 02,455,488 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheieapfltr.dat
[2008.12.08 21:15:56 | 00,383,488 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheieapfltr.dll
[2008.12.08 21:15:56 | 00,013,824 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheieudinit.exe
[2008.12.08 21:15:54 | 06,066,176 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheieframe.dll
[2008.12.08 21:15:54 | 00,063,488 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheicardie.dll
[2008.12.08 21:15:16 | 00,000,000 | —D | C] — C:WINDOWSWBEM
[2008.12.08 21:15:10 | 00,000,000 | —D | C] — C:WINDOWSSystem32ru-ru
[2008.12.08 21:13:05 | 00,000,000 | -H-D | C] — C:WINDOWSie7
[2008.12.08 21:12:33 | 00,000,000 | -H-D | C] — C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
[2008.12.08 21:11:59 | 00,000,000 | -H-D | C] — C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
[2008.12.08 21:10:55 | 00,121,856 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32xmllite.dll
[2008.12.08 21:08:27 | 00,000,000 | —D | C] — C:WINDOWSnetwork diagnostic
[2008.12.07 14:24:26 | 00,000,000 | —D | C] — C:Program FilesMSXML 6.0
[2008.12.07 14:22:37 | 00,000,000 | —D | C] — C:Program FilesMSXML 4.0
[2008.12.07 13:47:46 | 29,121,536 | —- | C] () — C:Documents and SettingsUserРабочий столБ.Я.Арбовирусы.Вирус. энцефал.Бешенство..ppt
[2008.12.07 12:51:22 | 00,001,368 | —- | C] () — C:Documents and SettingsUserРабочий столWINAMP.LNK
[2008.12.07 12:51:01 | 00,000,000 | —D | C] — C:Program FilesCommon FilesARS Company
[2008.12.07 12:50:38 | 00,001,065 | —- | C] () — C:WINDOWSwinamp.ini
[2008.12.07 12:49:45 | 00,000,000 | —D | C] — C:Program FilesWinamp
[2008.12.07 12:49:12 | 00,000,000 | —D | C] — C:Program FilesRMG Musical Player
[2008.12.07 12:29:04 | 00,000,000 | —D | C] — C:WINDOWSSystem32CatRoot_bak
[2008.12.07 12:24:16 | 02,138,112 | —- | C] (Корпорация Майкрософт) — C:WINDOWSSystem32dllcachentkrnlmp.exe
[2008.12.07 12:24:15 | 02,182,144 | —- | C] (Корпорация Майкрософт) — C:WINDOWSSystem32dllcachentoskrnl.exe
[2008.12.07 12:24:15 | 02,059,520 | —- | C] (Корпорация Майкрософт) — C:WINDOWSSystem32dllcachentkrnlpa.exe
[2008.12.07 12:24:14 | 02,017,792 | —- | C] (Корпорация Майкрософт) — C:WINDOWSSystem32dllcachentkrpamp.exe
[2008.12.07 12:22:18 | 00,453,632 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcachemrxsmb.sys
[2008.12.06 22:30:25 | 00,000,000 | —D | C] — C:WINDOWSSystem32PreInstall
[2008.12.06 22:28:54 | 00,000,000 | -H-D | C] — C:WINDOWS$hf_mig$
[2008.12.06 22:20:49 | 00,079,252 | —- | C] () — C:Documents and SettingsUserРабочий столx_1e6092dd.jpg
[2008.12.06 18:07:50 | 00,019,968 | —- | C] () — C:Documents and SettingsUserРабочий столУниверсальный декодер кирилицы
[2008.12.06 16:53:01 | 00,272,512 | —- | C] (Корпорация Майкрософт) — C:WINDOWSSystem32driversbthport.sys
[2008.12.06 16:53:01 | 00,272,512 | —- | C] (Корпорация Майкрософт) — C:WINDOWSSystem32dllcachebthport.sys
[2008.12.06 16:27:20 | 00,000,000 | —D | C] — C:Documents and SettingsUserМои документыПРО_ЗАЩИТУ ПК
[2008.12.06 16:23:36 | 00,000,000 | —D | C] — C:WINDOWSSystem32SoftwareDistribution
[2008.12.06 13:15:26 | 00,027,136 | —- | C] () — C:Documents and SettingsUserМои документыОшибка нашего ПК.doc
[2008.12.06 11:32:40 | 17,318,336 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32MRT.exe
[2008.12.06 11:20:05 | 00,443,392 | —- | C] () — C:Documents and SettingsUserМои документыСредство удаления вредоносных программ.doc
[2008.12.04 19:02:19 | 00,099,328 | —- | C] () — C:Documents and SettingsUserМои документыРАЗБОР_НЕПОЛАДОК ПК.doc
[2008.12.04 18:02:14 | 00,000,000 | -H-D | C] — C:WINDOWSSystem32GroupPolicy
[2008.12.03 22:51:59 | 00,041,472 | —- | C] () — C:Documents and SettingsUserРабочий столCD4.doc
[2008.12.03 21:20:20 | 01,659,392 | —- | C] () — C:Documents and SettingsUserРабочий столСтефани Майер.doc
[2008.11.30 23:07:22 | 00,000,124 | -HS- | C] () — C:Documents and SettingsUserМои документыКопия desktop.ini
[2008.11.30 13:14:32 | 03,212,310 | —- | C] () — C:Documents and SettingsUserМои документыVodopodgotovka_Belikov.pdf
[2008.11.30 10:54:24 | 00,739,840 | —- | C] () — C:Documents and SettingsUserМои документыБИБЛИОТЕКИ.doc
[2008.11.29 22:47:20 | 00,000,452 | —- | C] () — C:Documents and SettingsUserМои документыspider.sav
[2008.11.29 18:38:06 | 00,000,000 | —D | C] — C:Documents and SettingsUserМои документыDownloads
[2008.11.29 17:54:30 | 00,000,534 | —- | C] () — C:Documents and SettingsUserРабочий столµTorrent.lnk
[2008.11.29 17:54:30 | 00,000,000 | —D | C] — C:Program FilesuTorrent
[2008.11.29 17:54:21 | 00,000,000 | —D | C] — C:Documents and SettingsUserApplication DatauTorrent
[2008.11.29 17:47:31 | 00,044,032 | —- | C] () — C:Documents and SettingsUserМои документыДобро пожаловать на сайт torrents.doc
[2008.11.29 17:37:42 | 00,376,320 | —- | C] () — C:Documents and SettingsUserМои документыустановить торент-клиент.doc
[2008.11.29 16:40:17 | 00,002,855 | —- | C] () — C:Documents and SettingsUserРабочий столОРАКУЛ.pif
[2008.11.29 16:40:13 | 00,000,000 | -H-D | C] — C:WINDOWSPIF
[2008.11.29 16:39:19 | 00,000,000 | —D | C] — C:КРУГОЗОР_БОЛЬШИНСТВА
[2008.11.29 16:35:56 | 00,000,000 | —D | C] — C:Install_ne_MOS
[2008.11.29 16:18:45 | 00,052,224 | —- | C] () — C:Documents and SettingsUserМои документыДО ПЕРЕУСТАНОВКИ WINDOWS.doc
[2008.11.29 14:14:21 | 01,026,801 | R— | C] () — C:Documents and SettingsUserМои документыGuide_Russian.pdf
[2008.11.29 12:42:47 | 00,053,248 | —- | C] () — C:Documents and SettingsUserМои документыУcтaнoвлeнныe пpoгpaммы.doc
[2008.11.28 19:03:00 | 25,469,376 | —- | C] () — C:Documents and SettingsUserРабочий столweb.EXE========== Files — Modified Within 30 Days ==========
[1 C:WINDOWSSystem32*.tmp files]
[3 C:WINDOWS*.tmp files]
[8 C:Documents and SettingsUserМои документы*.tmp files]
[2008.12.28 10:57:42 | 00,423,424 | —- | M] (OldTimer Tools) — C:Documents and SettingsUserРабочий столOTViewIt.exe
[2008.12.28 10:48:48 | 00,002,006 | —- | M] () — C:WINDOWSWINCMD.INI
[2008.12.28 10:41:22 | 00,000,000 | —- | M] () — C:OTViewIt.exe
[2008.12.28 10:37:00 | 00,002,463 | —- | M] () — C:Documents and SettingsUserРабочий столMicrosoft Office Word 2003.lnk
[2008.12.28 10:29:46 | 00,018,563 | —- | M] () — C:WINDOWSk-mania.Ini
[2008.12.28 10:29:42 | 00,000,006 | -H— | M] () — C:WINDOWStasksSA.DAT
[2008.12.28 10:29:40 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
[2008.12.28 10:29:40 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
[2008.12.28 10:29:34 | 26,796,4416 | -HS- | M] () — C:hiberfil.sys
[2008.12.26 19:16:22 | 03,712,656 | -H— | M] () — C:Documents and SettingsUserLocal SettingsApplication DataIconCache.db
[2008.12.26 11:03:46 | 00,000,121 | —- | M] () — C:WINDOWSSCPERS32.INI
[2008.12.26 11:03:46 | 00,000,074 | —- | M] () — C:WINDOWSSLENGINE.INI
[2008.12.26 10:38:42 | 00,781,851 | —- | M] () — C:Documents and SettingsUserРабочий столRSIT.exe
[2008.12.26 00:17:06 | 04,784,128 | -HS- | M] () — C:WINDOWSSystem32driversfidbox.dat
[2008.12.26 00:17:06 | 00,365,856 | -HS- | M] () — C:WINDOWSSystem32driversfidbox2.dat
[2008.12.26 00:17:06 | 00,051,404 | -HS- | M] () — C:WINDOWSSystem32driversfidbox.idx
[2008.12.26 00:17:06 | 00,035,372 | -HS- | M] () — C:WINDOWSSystem32driversfidbox2.idx
[2008.12.25 20:27:20 | 00,000,712 | —- | M] () — C:Documents and SettingsUserРабочий столHijackThis.lnk
[2008.12.25 20:21:22 | 00,026,112 | —- | M] () — C:Documents and SettingsUserМои документыKaspersky Lab онлайн сканер.doc
[2008.12.24 13:17:22 | 00,000,600 | —- | M] () — C:Documents and SettingsAll UsersРабочий столMalwarebytes’ Anti-Malware.lnk
[2008.12.24 12:43:02 | 00,044,544 | —- | M] () — C:Documents and SettingsUserМои документыПРО_ТРОЯНЫ.doc
[2008.12.24 11:24:52 | 00,000,162 | -H— | M] () — C:Documents and SettingsUserМои документы~$О_ТРОЯНЫ.doc
[2008.12.23 23:19:36 | 15,036,854 | —- | M] () — C:Documents and SettingsUserРабочий столpharm 004.TIF
[2008.12.23 18:51:34 | 00,000,498 | —- | M] () — C:WINDOWSwin.ini
[2008.12.22 16:20:28 | 02,858,999 | —- | M] () — C:Documents and SettingsUserРабочий столpharm 004.jpg
[2008.12.20 17:41:48 | 15,071,351 | —- | M] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов_после_удаления_некоторых_ф.mrs
[2008.12.20 16:58:54 | 01,863,722 | —- | M] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов.html
[2008.12.20 16:58:28 | 01,409,323 | —- | M] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов.csv
[2008.12.20 16:57:20 | 09,076,736 | —- | M] () — C:Documents and SettingsUserМои документы2_ПОИСК_ОДИНАКОВЫХ_файлов.mrs
[2008.12.20 13:19:16 | 00,000,666 | —- | M] () — C:Documents and SettingsUserРабочий столClone Remover 3.3.lnk
[2008.12.20 10:58:56 | 04,561,408 | —- | M] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов_короткий.xls
[2008.12.18 19:35:24 | 00,095,232 | —- | M] () — C:Documents and SettingsUserМои документыПРОВЕРКА НОРТОНОМ.doc
[2008.12.18 10:43:16 | 00,092,160 | —- | M] () — C:Documents and SettingsUserРабочий столЧтобы проверить конфигурацию TCP.doc
[2008.12.17 20:30:00 | 00,031,744 | —- | M] () — C:Documents and SettingsUserМои документыТЕСТИРОВАНИЕ ПК.doc
[2008.12.14 20:37:58 | 00,001,065 | —- | M] () — C:WINDOWSwinamp.ini
[2008.12.14 20:21:30 | 00,000,173 | —- | M] () — C:WINDOWSUserGate.ini
[2008.12.14 20:12:22 | 00,000,035 | —- | M] () — C:WINDOWSiltwain.ini
[2008.12.14 18:45:56 | 01,855,968 | —- | M] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов_короткий.csv
[2008.12.14 01:41:44 | 29,194,539 | —- | M] () — C:Documents and SettingsUserМои документыРез-т_поиска_одинак_файлов.mrs
[2008.12.14 01:40:36 | 02,055,528 | —- | M] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов.csv
[2008.12.14 01:39:32 | 29,194,539 | —- | M] () — C:Documents and SettingsUserМои документыРезультат_поиска_одинак_файлов.mrs
[2008.12.13 21:05:52 | 00,024,064 | —- | M] () — C:Documents and SettingsUserМои документыПРОГРАММА ДЛЯ ПОИСКА ОДИНАКОВЫХ ФАЙЛОВ.doc
[2008.12.13 17:17:38 | 00,000,000 | —- | M] () — C:WINDOWSui.INI
[2008.12.13 17:04:34 | 00,009,728 | —- | M] () — C:WINDOWSSystem32BASSMOD.dll
[2008.12.12 00:06:28 | 00,001,393 | —- | M] () — C:WINDOWSimsins.BAK
[2008.12.10 23:16:32 | 00,036,864 | —- | M] () — C:Documents and SettingsUserРабочий столhome_bild1.jpg
[2008.12.10 10:11:32 | 00,032,768 | -HS- | M] () — C:FOUND.002
[2008.12.09 20:18:06 | 00,000,532 | —- | M] () — C:Documents and SettingsUserРабочий столQIP Infium.lnk
[2008.12.09 20:12:50 | 04,535,791 | —- | M] ( ) — C:Documents and SettingsUserМои документыqipinfium9020.exe
[2008.12.08 21:58:44 | 00,000,200 | -HS- | M] () — C:Documents and SettingsUserМои документыdesktop.ini
[2008.12.08 20:55:00 | 00,099,328 | —- | M] () — C:Documents and SettingsUserМои документыРАЗБОР_НЕПОЛАДОК ПК.doc
[2008.12.07 12:51:24 | 00,001,368 | —- | M] () — C:Documents and SettingsUserРабочий столWINAMP.LNK
[2008.12.07 12:07:14 | 00,118,152 | —- | M] () — C:WINDOWSSystem32FNTCACHE.DAT
[2008.12.06 22:20:52 | 00,079,252 | —- | M] () — C:Documents and SettingsUserРабочий столx_1e6092dd.jpg
[2008.12.06 18:08:34 | 00,019,968 | —- | M] () — C:Documents and SettingsUserРабочий столУниверсальный декодер кирилицы
[2008.12.06 16:10:00 | 00,443,392 | —- | M] () — C:Documents and SettingsUserМои документыСредство удаления вредоносных программ.doc
[2008.12.06 15:52:48 | 00,027,136 | —- | M] () — C:Documents and SettingsUserМои документыОшибка нашего ПК.doc
[2008.12.04 19:28:48 | 00,000,227 | —- | M] () — C:WINDOWSsystem.ini
[2008.12.04 19:28:48 | 00,000,214 | -HS- | M] () — C:boot.ini
[2008.12.03 22:52:02 | 00,041,472 | —- | M] () — C:Documents and SettingsUserРабочий столCD4.doc
[2008.12.03 21:20:22 | 01,659,392 | —- | M] () — C:Documents and SettingsUserРабочий столСтефани Майер.doc
[2008.12.03 21:03:30 | 25,469,376 | —- | M] () — C:Documents and SettingsUserРабочий столweb.EXE
[2008.12.03 19:59:06 | 00,038,496 | —- | M] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbamswissarmy.sys
[2008.12.03 19:59:02 | 00,015,504 | —- | M] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbam.sys
[2008.11.30 23:07:24 | 00,000,124 | -HS- | M] () — C:Documents and SettingsUserМои документыКопия desktop.ini
[2008.11.30 15:30:48 | 00,739,840 | —- | M] () — C:Documents and SettingsUserМои документыБИБЛИОТЕКИ.doc
[2008.11.30 13:23:48 | 03,212,310 | —- | M] () — C:Documents and SettingsUserМои документыVodopodgotovka_Belikov.pdf
[2008.11.29 22:47:22 | 00,000,452 | —- | M] () — C:Documents and SettingsUserМои документыspider.sav
[2008.11.29 18:32:36 | 01,054,794 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2008.11.29 18:32:36 | 00,469,342 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2008.11.29 18:32:36 | 00,427,728 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2008.11.29 18:32:36 | 00,078,116 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2008.11.29 18:32:36 | 00,066,512 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2008.11.29 17:54:32 | 00,000,534 | —- | M] () — C:Documents and SettingsUserРабочий столµTorrent.lnk
[2008.11.29 17:47:34 | 00,044,032 | —- | M] () — C:Documents and SettingsUserМои документыДобро пожаловать на сайт torrents.doc
[2008.11.29 17:37:44 | 00,376,320 | —- | M] () — C:Documents and SettingsUserМои документыустановить торент-клиент.doc
[2008.11.29 17:08:20 | 00,002,855 | —- | M] () — C:Documents and SettingsUserРабочий столОРАКУЛ.pif
[2008.11.29 16:18:46 | 00,052,224 | —- | M] () — C:Documents and SettingsUserМои документыДО ПЕРЕУСТАНОВКИ WINDOWS.doc
[2008.11.29 12:50:34 | 00,053,248 | —- | M] () — C:Documents and SettingsUserМои документыУcтaнoвлeнныe пpoгpaммы.doc
< End of report >
(Extra.txt):
OTViewIt Extras logfile created on: 28.12.2008 10:58:39 — Run
OTViewIt by OldTimer — Version 1.0.20.1 Folder = C:Documents and SettingsUserРабочий стол
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy255,48 Mb Total Physical Memory | 88,93 Mb Available Physical Memory | 34,81% Memory free
618,57 Mb Paging File | 356,35 Mb Available in Paging File | 57,61% Paging File free
Paging file location(s): C:pagefile.sys 384 768;%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 37,26 Gb Total Space | 26,00 Gb Free Space | 69,78% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 12,85 Gb Total Space | 8,75 Gb Free Space | 68,08% Space Free | Partition Type: NTFS
Drive F: | 24,40 Gb Total Space | 3,17 Gb Free Space | 12,98% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: CHELOVEKI
Current User Name: User
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days========== File Associations ==========
[HKEY_LOCAL_MACHINESOFTWAREClasses
] ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled»=1
«AntiVirusDisableNotify»=1
«FirewallDisableNotify»=1
«UpdatesDisableNotify»=1
«AntiVirusOverride»=0
«FirewallOverride»=0
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
«DisableMonitoring»=1
«»=
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
«EnableFirewall»=1
«DoNotAllowExceptions»=0
«DisableNotifications»=0
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplications]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPorts]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileIcmpSettings]========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2004.08.17 16:05:06 | 00,141,312 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006.10.10 17:44:50 | 00,557,568 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2004.08.17 16:05:06 | 00,141,312 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006.10.10 17:44:50 | 00,557,568 | —- | M] (Microsoft Corporation) — %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008.11.29 17:54:32 | 00,270,128 | —- | M] (BitTorrent, Inc.) — C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinSock2Parameters]
NameSpace_Catalog5Catalog_Entries�00000000001 [TCP/IP] — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
NameSpace_Catalog5Catalog_Entries�00000000003 [Пространство имен службы сетевого расположения (NLA)] — C:WINDOWSSystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000001 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000002 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000003 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000004 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000005 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000006 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000007 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000008 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000009 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000010 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000011 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000012 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000013 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000014 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000015 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000016 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000017 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000018 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2004.08.17 11:04:26 | 01,431,040 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: подключаемый протокол])Как посоветовал Valery другому пострадавшему я тоже скачал RSIT и запустил его. Вот что он выдал:
(log.txt)
Logfile of random’s system information tool 1.05 (written by random/random)
Run by User at 2008-12-26 10:42:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 255 MB (42% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:27, on 26.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network supportRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsUserРабочий столRSIT.exe
E:Program FilesKleptomaniak-mania.exe
C:Program FilesWindows CommanderWINCMD32.EXE
F:ПЕРЕВОДЧИК_7SCPERS32.EXE
F:Program FilesTrend MicroHijackThisUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [Samsung Common SM] «C:WINDOWSSamsungComSMMgrssmmgr.exe» /autorun
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [Kleptomania] E:Program FilesKleptomaniak-mania.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{A064C807-B955-43A4-A0D2-7F894C692E69}: NameServer = 213.135.97.131,213.135.96.250
O23 — Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
O23 — Service: Kaspersky Anti-Virus 6.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5165 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«AVP»=C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe [2008-11-18 231952]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2002-08-02 46592]
«Samsung Common SM»=C:WINDOWSSamsungComSMMgrssmmgr.exe [2004-05-17 360448]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Kleptomania»=E:Program FilesKleptomaniak-mania.exe [2002-10-10 262144]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2007-11-19 219664][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2008-12-26 10:42:15 —-D—- C:rsit
2008-12-25 19:46:16 —-SHD—- C:WINDOWSCSC
2008-12-25 15:20:51 —-A—- C:WINDOWSSLENGINE.INI
2008-12-24 13:17:29 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2008-12-24 13:17:13 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-12-24 13:17:12 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-12-23 19:20:30 —-SHD—- C:FOUND.000
2008-12-20 21:12:48 —-A—- C:WINDOWSsystem32msvcp80.dll
2008-12-18 22:29:03 —-D—- C:ВОПРОСЫ_ПФ
2008-12-18 19:55:49 —-A—- C:WINDOWSmsvcr80.dll
2008-12-18 18:11:33 —-A—- C:WINDOWSsystem321.txt
2008-12-17 20:15:16 —-A—- C:WINDOWSntbtlog.txt
2008-12-14 20:21:28 —-A—- C:WINDOWSUserGate.ini
2008-12-14 20:12:20 —-A—- C:WINDOWSiltwain.ini
2008-12-13 20:11:43 —-D—- C:Program FilesMoleskinsoft Clone Remover 3.3
2008-12-13 17:17:37 —-A—- C:WINDOWSui.INI
2008-12-13 16:57:39 —-D—- C:Program FilesABBYY FineReader 9.0
2008-12-12 00:06:31 —-HD—- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-12 00:06:21 —-HD—- C:WINDOWS$NtUninstallKB955839$
2008-12-12 00:05:54 —-HD—- C:WINDOWS$NtUninstallKB956802$
2008-12-11 21:01:55 —-D—- C:ОЛИНО
2008-12-08 21:16:31 —-D—- C:WINDOWSie7updates
2008-12-08 21:15:16 —-D—- C:WINDOWSWBEM
2008-12-08 21:15:10 —-D—- C:WINDOWSsystem32ru-ru
2008-12-08 21:13:05 —-HD—- C:WINDOWSie7
2008-12-08 21:12:33 —-HD—- C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
2008-12-08 21:11:59 —-HD—- C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
2008-12-08 21:11:08 —-HD—- C:WINDOWS$NtUninstallKB915865$
2008-12-08 21:10:55 —-N—- C:WINDOWSsystem32xmllite.dll
2008-12-08 21:08:27 —-D—- C:WINDOWSnetwork diagnostic
2008-12-08 21:08:26 —-HD—- C:WINDOWS$NtUninstallKB914440$
2008-12-08 21:07:56 —-HD—- C:WINDOWS$NtUninstallKB904942$
2008-12-07 14:26:28 —-HD—- C:WINDOWS$NtUninstallKB952954$
2008-12-07 14:26:17 —-HD—- C:WINDOWS$NtUninstallKB946648$
2008-12-07 14:26:04 —-HD—- C:WINDOWS$NtUninstallKB956803$
2008-12-07 14:25:55 —-HD—- C:WINDOWS$NtUninstallKB956391$
2008-12-07 14:25:40 —-HD—- C:WINDOWS$NtUninstallKB957095$
2008-12-07 14:25:27 —-HD—- C:WINDOWS$NtUninstallKB950974$
2008-12-07 14:25:14 —-HD—- C:WINDOWS$NtUninstallKB951698$
2008-12-07 14:24:49 —-HD—- C:WINDOWS$NtUninstallKB956841$
2008-12-07 14:24:26 —-D—- C:Program FilesMSXML 6.0
2008-12-07 14:24:13 —-HD—- C:WINDOWS$NtUninstallKB950762$
2008-12-07 14:23:56 —-HD—- C:WINDOWS$NtUninstallKB957097$
2008-12-07 14:23:44 —-HD—- C:WINDOWS$NtUninstallKB951072-v2$
2008-12-07 14:23:30 —-HD—- C:WINDOWS$NtUninstallKB952287$
2008-12-07 14:23:17 —-HD—- C:WINDOWS$NtUninstallKB938464$
2008-12-07 14:23:05 —-HD—- C:WINDOWS$NtUninstallKB958644$
2008-12-07 14:22:51 —-HD—- C:WINDOWS$NtUninstallKB955069$
2008-12-07 14:22:37 —-D—- C:Program FilesMSXML 4.0
2008-12-07 14:21:55 —-HD—- C:WINDOWS$NtUninstallKB944338-v2$
2008-12-07 12:51:01 —-D—- C:Program FilesCommon FilesARS Company
2008-12-07 12:50:38 —-A—- C:WINDOWSwinamp.ini
2008-12-07 12:49:45 —-D—- C:Program FilesWinamp
2008-12-07 12:49:12 —-D—- C:Program FilesRMG Musical Player
2008-12-07 12:29:04 —-D—- C:WINDOWSsystem32CatRoot_bak
2008-12-06 22:31:08 —-HD—- C:WINDOWS$NtUninstallKB951376-v2$
2008-12-06 22:30:50 —-HD—- C:WINDOWS$NtUninstallKB954211$
2008-12-06 22:30:35 —-HD—- C:WINDOWS$NtUninstallKB925720$
2008-12-06 22:30:25 —-D—- C:WINDOWSsystem32PreInstall
2008-12-06 22:30:23 —-HD—- C:WINDOWS$NtUninstallKB898461$
2008-12-06 22:29:58 —-HD—- C:WINDOWS$NtUninstallKB951066$
2008-12-06 22:28:59 —-HD—- C:WINDOWS$NtUninstallKB956390$
2008-12-06 22:28:54 —-HD—- C:WINDOWS$hf_mig$
2008-12-06 16:23:36 —-D—- C:WINDOWSsystem32SoftwareDistribution
2008-12-06 11:32:40 —-A—- C:WINDOWSsystem32MRT.exe
2008-12-04 18:02:14 —-HD—- C:WINDOWSsystem32GroupPolicy
2008-12-02 20:57:33 —-A—- C:SAFEBOOT_REPAIR.TXT
2008-11-29 17:54:30 —-D—- C:Program FilesuTorrent
2008-11-29 17:54:21 —-D—- C:Documents and SettingsUserApplication DatauTorrent
2008-11-29 16:40:13 —-HD—- C:WINDOWSPIF
2008-11-29 16:39:19 —-D—- C:КРУГОЗОР_БОЛЬШИНСТВА
2008-11-29 16:35:56 —-D—- C:Install_ne_MOS
2008-11-27 22:56:15 —-D—- C:WINDOWSsystem32appmgmt
2008-11-27 22:01:40 —-A—- C:WINDOWSsystem32Lfpct10n.dll
2008-11-27 22:01:40 —-A—- C:WINDOWSsystem32Lfmac10n.dll
2008-11-27 22:01:40 —-A—- C:WINDOWSsystem32Lfdic10n.dll
2008-11-27 22:01:40 —-A—- C:WINDOWSsystem32Lfcal10n.dll
2008-11-27 22:01:39 —-A—- C:WINDOWSsystem32Lfimg10n.dll
2008-11-27 22:01:35 —-A—- C:WINDOWSsystem32Ltimg10n.dll
2008-11-27 22:01:23 —-A—- C:WINDOWSsystem32Lvkrn12n.dll
2008-11-27 22:01:22 —-A—- C:WINDOWSsystem32Lvgl12n.dll
2008-11-27 22:01:22 —-A—- C:WINDOWSsystem32Lvdx12n.dll
2008-11-27 22:01:22 —-A—- C:WINDOWSsystem32Lvdlg12n.dll
2008-11-27 22:01:22 —-A—- C:WINDOWSsystem32Ltwvc12n.dll
2008-11-27 22:01:22 —-A—- C:WINDOWSsystem32LTWND12n.DLL
2008-11-27 22:01:22 —-A—- C:WINDOWSsystem32Ltwen12n.dll
2008-11-27 22:01:21 —-A—- C:WINDOWSsystem32LTWEB12n.dll
2008-11-27 22:01:21 —-A—- C:WINDOWSsystem32Ltvid12n.dll
2008-11-27 22:01:21 —-A—- C:WINDOWSsystem32Lttwn12n.dll
2008-11-27 22:01:21 —-A—- C:WINDOWSsystem32Lttmb12n.dll
2008-11-27 22:01:21 —-A—- C:WINDOWSsystem32LTTLB12n.dll
2008-11-27 22:01:21 —-A—- C:WINDOWSsystem32LTSCR12n.DLL
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltnet12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltlst12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltkrn12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltisi12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltimg12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltfil12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltefx12n.dll
2008-11-27 22:01:20 —-A—- C:WINDOWSsystem32Ltdlg12n.dll
2008-11-27 22:01:19 —-A—- C:WINDOWSsystem32LTDIS12n.dll
2008-11-27 22:01:19 —-A—- C:WINDOWSsystem32LTDic12n.dll
2008-11-27 22:01:19 —-A—- C:WINDOWSsystem32LTCON12n.dll
2008-11-27 22:01:19 —-A—- C:WINDOWSsystem32Ltcap12n.dll
2008-11-27 22:01:19 —-A—- C:WINDOWSsystem32Ltbar12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32LTAUT12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32Ltann12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32Lfxwd12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32lfXpm12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32lfXbm12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32Lfwpg12n.dll
2008-11-27 22:01:18 —-A—- C:WINDOWSsystem32Lfwmf12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lfwfx12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lfvec12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lftif12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lftga12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lfsgi12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32lfRaw12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lfras12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32Lfpsd12n.dll
2008-11-27 22:01:17 —-A—- C:WINDOWSsystem32LFPNM12n.dll
2008-11-27 22:01:16 —-A—- C:WINDOWSsystem32Lfpng12n.dll
2008-11-27 22:01:16 —-A—- C:WINDOWSsystem32Lfplt12n.dll
2008-11-27 22:01:16 —-A—- C:WINDOWSsystem32Lfpdf12n.dll
2008-11-27 22:01:16 —-A—- C:WINDOWSsystem32Lfpcx12n.dll
2008-11-27 22:01:16 —-A—- C:WINDOWSsystem32Lfpct12n.dll
2008-11-27 22:01:16 —-A—- C:WINDOWSsystem32Lfpcd12n.dll
2008-11-27 22:01:15 —-A—- C:WINDOWSsystem32Lfmsp12n.dll
2008-11-27 22:01:15 —-A—- C:WINDOWSsystem32Lfmpg12n.dll
2008-11-27 22:01:15 —-A—- C:WINDOWSsystem32Lfmac12n.dll
2008-11-27 22:01:15 —-A—- C:WINDOWSsystem32Lflmb12n.dll
2008-11-27 22:01:15 —-A—- C:WINDOWSsystem32Lflma12n.dll
2008-11-27 22:01:15 —-A—- C:WINDOWSsystem32Lfkodak.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfjbg12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32LFJ2K12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfitg12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfimg12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfiff12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfica12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfgif12n.dll
2008-11-27 22:01:14 —-A—- C:WINDOWSsystem32Lfgbr12n.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32Lffpx7.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32Lffpx12n.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32Lfflc12n.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32Lffax12n.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32Lfeps12n.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32Lfdxf12n.dll
2008-11-27 22:01:13 —-A—- C:WINDOWSsystem32lfdwg12N.dll
2008-11-27 22:01:12 —-A—- C:WINDOWSsystem32Lfdwf12n.dll
2008-11-27 22:01:12 —-A—- C:WINDOWSsystem32Lfdrw12n.dll
2008-11-27 22:01:12 —-A—- C:WINDOWSsystem32Lfdgn12n.dll
2008-11-27 22:01:12 —-A—- C:WINDOWSsystem32lfCUT12n.dll
2008-11-27 22:01:12 —-A—- C:WINDOWSsystem32LFCMW12n.dll
2008-11-27 22:01:12 —-A—- C:WINDOWSsystem32LFCMP12n.DLL
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfclp12n.dll
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfcgm12n.dll
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfcal12n.dll
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfbmp12n.dll
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfawd12n.dll
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfavi12n.dll
2008-11-27 22:01:11 —-A—- C:WINDOWSsystem32Lfani12n.dll
2008-11-27 22:01:08 —-A—- C:WINDOWSsystem32BPEnhan.dll
2008-11-27 22:01:05 —-A—- C:WINDOWSsystem32PS2U2usd.dll
2008-11-27 22:01:05 —-A—- C:WINDOWSsystem32MKCoInstaller.dll
2008-11-27 22:00:44 —-D—- C:Program FilesBearPaw 2448CU Pro
2008-11-27 21:37:25 —-D—- C:Program FilesWindows Commander
2008-11-27 21:07:41 —-D—- C:Documents and SettingsUserApplication DataPROject MT
2008-11-27 21:02:49 —-D—- C:Documents and SettingsUserApplication DataPRMT
2008-11-27 20:58:25 —-D—- C:WINDOWSspeech
2008-11-27 20:54:18 —-D—- C:WINDOWSLhsp
2008-11-27 20:54:18 —-D—- C:Program FilesPRMT8
2008-11-27 20:53:20 —-HD—- C:WINDOWS$MSI31Uninstall_KB893803v2$
2008-11-27 20:50:20 —-D—- C:Program FilesMSBuild
2008-11-27 20:42:10 —-D—- C:WINDOWSsystem32XPSViewer
2008-11-27 20:42:07 —-D—- C:WINDOWSsystem32en-us
2008-11-27 20:40:52 —-D—- C:Program FilesReference Assemblies
2008-11-27 20:40:16 —-N—- C:WINDOWSsystem32spmsg2.dll
2008-11-27 20:35:32 —-RSD—- C:WINDOWSassembly
2008-11-27 20:34:15 —-D—- C:WINDOWSMicrosoft.NET
2008-11-27 20:33:18 —-N—- C:WINDOWSsystem32spmsg.dll
2008-11-27 20:33:10 —-A—- C:WINDOWSsystem32spupdsvc.exe
2008-11-27 20:33:06 —-HD—- C:WINDOWS$NtUninstallWIC$
2008-11-27 19:53:17 —-D—- C:Documents and SettingsAll UsersApplication DataPRMT
2008-11-27 19:37:39 —-D—- C:PROGRAMMY_MOS======List of files/folders modified in the last 1 months======
2008-12-26 10:40:34 —-A—- C:WINDOWSWINCMD.INI
2008-12-26 10:40:16 —-A—- C:WINDOWSk-mania.Ini
2008-12-26 00:17:02 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-23 18:51:34 —-A—- C:WINDOWSwin.ini
2008-12-13 17:04:34 —-A—- C:WINDOWSsystem32BASSMOD.dll
2008-12-12 00:06:28 —-A—- C:WINDOWSimsins.BAK
2008-12-04 19:28:48 —-SH—- C:boot.ini
2008-12-04 19:28:48 —-A—- C:WINDOWSsystem.ini
2008-11-29 18:32:36 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2004-08-03 223616]
R3 DL2X;D-Link Gigabit (DL2X) Adapter NT Driver; C:WINDOWSsystem32DRIVERSdl2xd50.sys [2001-10-05 34356]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-11-18 9856]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2004-08-17 12416]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2004-05-17 41984]
S3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2002-08-02 659228]
S3 ATE_PROCMON;ATE_PROCMON; ??D:Anti Trojan EliteATEPMon.sys []
S3 iadusb;MT882; C:WINDOWSsystem32DRIVERSglauiad.sys []
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-03 1897408]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service; C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe [2007-09-24 566560]
S2 AVP;Kaspersky Anti-Virus 6.0; C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe [2008-11-18 231952]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(info.txt)
info.txt logfile of random’s system information tool 1.05 2008-12-26 10:42:30======Uninstall list======
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0B21B14F-403B-442E-86E1-3A912D70033D}Setup.exe» -l0x19
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 7.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Avance AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
BearPaw 2448CU Pro v1.4—>C:PROGRA~1BEARPA~1DRIVERUNINST.EXE
DivX 5.0.2 Bundle—>C:WINDOWSunvise32.exe C:Program FilesDivXuninstal.log
HijackThis 2.0.2—>»F:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Windows XP (KB915865)—>»C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe»
Kleptomania 2.4—>E:Program FilesKleptomaniak-mania.exe /u
K-Lite Codec Pack 3.6.5 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
L&H TTS3000 Deutsch—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSGED.inf, Uninstall
L&H TTS3000 Espaсol—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSSPE.inf, Uninstall
L&H TTS3000 Franзais—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSFRF.inf, Uninstall
L&H TTS3000 Italiano—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSITI.inf, Uninstall
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
MaxAntiSpy 1.5—>C:Documents and SettingsUserApplication DataQIPProfilesQIP Infiumunins000.exe
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0—>c:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual Studio 2005 Tools for Office Runtime—>MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Moleskinsoft Clone Remover 3.3—>»C:Program FilesMoleskinsoft Clone Remover 3.3unins000.exe»
Mozilla Firefox (3.0.4)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
PROMT Professional 8 Giant Try-Buy—>MsiExec.exe /I{04F4FE29-515E-4B5B-9CF9-2DAB1065FBE1}
QIP Infium 2.0.9020 RC3—>»C:Program FilesQIP Infiumunins000.exe»
RMG Musical Player—>»C:Program FilesRMG Musical PlayerUninstall.exe»
Samsung ML-1610 Series—>C:WINDOWSSamsungML-1610SETUP.EXE
STATISTICA 6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesStatSoftSTATISTICA 6Setupsetup.exe»
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Commander (Remove or Repair)—>c:Program FilesWindows Commanderwcuninst.exe
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Антивирус Касперского 6.0 для Windows Workstations—>MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Антивирус Касперского 6.0 для Windows Workstations—>MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
еда выполнения Visual Studio 2005 Tools for Office, второй выпуск—>c:Program FilesCommon FilesMicrosoft SharedVSTO8.0Microsoft Visual Studio 2005 Tools for Office Runtimeinstall.exe
Исправление для Windows XP (KB914440)—>»C:WINDOWS$NtUninstallKB914440$spuninstspuninst.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB944338-v2)—>»C:WINDOWS$NtUninstallKB944338-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956390)—>»C:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Обновление для Windows XP (KB904942)—>»C:WINDOWS$NtUninstallKB904942$spuninstspuninst.exe»
Обновление для Windows XP (KB925720)—>»C:WINDOWS$NtUninstallKB925720$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»======Security center information======
AV: Антивирус Касперского
System event log
Computer Name: CHELOVEKI
Event Code: 7036
Message: Служба «Телефония» перешла в состояние Работает.Record Number: 4618
Source Name: Service Control Manager
Time Written: 20081212201455.000000+300
Event Type: информация
User:Computer Name: CHELOVEKI
Event Code: 7036
Message: Служба «Служба шлюза уровня приложения» перешла в состояние Работает.Record Number: 4617
Source Name: Service Control Manager
Time Written: 20081212201454.000000+300
Event Type: информация
User:Computer Name: CHELOVEKI
Event Code: 7035
Message: Служба «Служба шлюза уровня приложения» успешно отправила управляющий элемент «запустить».Record Number: 4616
Source Name: Service Control Manager
Time Written: 20081212201454.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: CHELOVEKI
Event Code: 7036
Message: Служба «Служба обнаружения SSDP» перешла в состояние Работает.Record Number: 4615
Source Name: Service Control Manager
Time Written: 20081212201454.000000+300
Event Type: информация
User:Computer Name: CHELOVEKI
Event Code: 7035
Message: Служба «Служба обнаружения SSDP» успешно отправила управляющий элемент «запустить».Record Number: 4614
Source Name: Service Control Manager
Time Written: 20081212201452.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEMApplication event log
Computer Name: CHELOVEKI
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.Record Number: 802
Source Name: SecurityCenter
Time Written: 20081207172104.000000+300
Event Type: информация
User:Computer Name: CHELOVEKI
Event Code: 1000
Message: Ошибка приложения k-mania.exe, версия 1.0.0.1, модуль k-mania.exe, версия 1.0.0.1, адрес 0x000018fa.Record Number: 801
Source Name: Application Error
Time Written: 20081207172059.000000+300
Event Type: ошибка
User:Computer Name: CHELOVEKI
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.Record Number: 800
Source Name: SecurityCenter
Time Written: 20081207171453.000000+300
Event Type: информация
User:Computer Name: CHELOVEKI
Event Code: 11707
Message: Product: MSXML 6 Service Pack 2 (KB954459) — Installation completed successfully.Record Number: 799
Source Name: MsiInstaller
Time Written: 20081207142433.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: CHELOVEKI
Event Code: 11707
Message: Product: MSXML 4.0 SP2 (KB954430) — Installation completed successfully.Record Number: 798
Source Name: MsiInstaller
Time Written: 20081207142243.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 1 Stepping 3, GenuineIntel
«PROCESSOR_REVISION»=0103
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«SAFEBOOT_OPTION»=NETWORK
EOF
Может быть это поможет вылечить и мой ПК?
