Созданные ответы форума
-
Сообщения
-
Спасибо.
Вот два лога:========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHlp83.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalKos48.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalnsW26.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHlp83.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkKos48.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknsW26.sys\ deleted successfully.
========== FILES ==========
File/Folder c:windowssystem32msansspc.dll not found.
File/Folder c:windowssystem32Hlp83.sys not found.
File/Folder c:windowssystem32Kos48.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1TempWCESLog.log scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01052009_174416
========================================================================================================================
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-05 17:51:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 23 GB (66%) free of 35 GB
Total RAM: 2047 MB (83% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:08, on 05.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesQIPqip.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsАдминистраторРабочий столАНТИВИРУС.ФОРУМOTMoveIt3.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microHijackThisАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe» /min
O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..RunOnce: [OTMoveIt] C:Documents and SettingsАдминистраторРабочий столАНТИВИРУС.ФОРУМOTMoveIt3.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncWcescomm.exe»
O4 — HKCU..Run: [QIP.Online] C:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{4BF672FB-61FD-49F2-B905-C0C1203BE3D5}: NameServer = 213.234.192.7 85.21.192.5
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Avira AntiVir Personal — Free Antivirus Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 — Service: Avira AntiVir Personal — Free Antivirus Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5800 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-06-01 7618560]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-06-01 86016]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-02-09 65024]
«avgnt»=C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe [2008-06-12 266497]
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2008-01-01 737872]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-12-25 77824][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«OTMoveIt»=C:Documents and SettingsАдминистраторРабочий столАНТИВИРУС.ФОРУМOTMoveIt3.exe [2009-01-05 348160][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2002-12-31 15360]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncWcescomm.exe [2006-11-13 1289000]
«QIP.Online»=C:Program FilesQIP.Onlineqiponline.exe auto_start []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«Start_NotifyNewApps»=0
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«c:windowslsass.exe»=»C:windowslsass.exe:*:Enabled:lsass»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»======List of files/folders created in the last 1 months======
2009-01-05 03:39:50 —-D—- C:Documents and SettingsАдминистраторApplication DataXnView
2009-01-02 11:24:38 —-D—- C:Documents and SettingsАдминистраторApplication DataQIP.Online
2009-01-02 11:13:58 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-01-02 11:01:00 —-D—- C:Program FilesICQ6.5
2008-12-26 12:46:29 —-D—- C:Program FilesMattel Media
2008-12-25 19:40:19 —-D—- C:Documents and SettingsАдминистраторApplication DataPlayrix Entertainment
2008-12-25 18:00:57 —-D—- C:Documents and SettingsAll UsersApplication DataVivendi Universal Games
2008-12-25 18:00:50 —-A—- C:WINDOWSsystem32CmdLineExt03.dll
2008-12-25 18:00:32 —-D—- C:WINDOWSsystem32QuickTime
2008-12-25 18:00:31 —-D—- C:Program FilesQuickTime
2008-12-25 18:00:25 —-A—- C:WINDOWSBA.ini
2008-12-25 17:59:43 —-D—- C:Program Files1C
2008-12-15 01:35:41 —-A—- C:WINDOWSunvise32.exe
2008-12-15 01:35:25 —-D—- C:Program FilesDivX
2008-12-11 02:07:09 —-D—- C:Documents and SettingsАдминистраторApplication DataQIP
2008-12-11 02:06:47 —-D—- C:Program FilesQIP Infium======List of files/folders modified in the last 1 months======
2009-01-05 17:47:05 —-D—- C:WINDOWSTemp
2009-01-05 17:37:53 —-D—- C:Program FilesTrojan Remover
2009-01-04 20:00:00 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-03 07:07:09 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-03 07:07:08 —-D—- C:WINDOWSsystem32drivers
2009-01-03 07:03:38 —-D—- C:WINDOWS
2009-01-02 11:46:29 —-D—- C:Program FilesQIP
2009-01-02 11:38:13 —-RD—- C:Program Files
2009-01-02 11:13:38 —-D—- C:Program FilesICQ6
2008-12-30 23:56:21 —-A—- C:WINDOWSsystem.ini
2008-12-27 18:36:46 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-12-25 19:39:33 —-D—- C:Program FilesGames.Rambler.ru
2008-12-25 18:00:50 —-D—- C:WINDOWSsystem32
2008-12-25 18:00:45 —-D—- C:Documents and SettingsAll UsersApplication DataQuickTime
2008-12-25 18:00:27 —-SHD—- C:WINDOWSInstaller
2008-12-25 18:00:27 —-SHD—- C:Config.Msi
2008-12-25 17:59:30 —-D—- C:Program FilesCommon FilesInstallShield
2008-12-25 17:58:58 —-A—- C:WINDOWSsetuplog.txt
2008-12-21 14:12:27 —-A—- C:WINDOWSIE4 Error Log.txt======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2008-11-26 75072]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2002-12-31 40448]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-06-01 3925920]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:WINDOWSsystem32DRIVERSRtlnic51.sys [2003-12-31 69504]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2002-12-31 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2002-12-31 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2002-12-31 20480]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2007-10-02 4109376]
S3 catchme;catchme; ??C:DOCUME~19335~1LOCALS~1Tempcatchme.sys []
S3 GMSIPCI;GMSIPCI; C:WINDOWSsystem32driversGMSIPCI.sys []
S3 NTACCESS;NTACCESS; C:WINDOWSsystem32driversNTACCESS.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; C:WINDOWSsystem32driversSetupNTGLM7X.sys []
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:WINDOWSsystem32DRIVERSusbsermpt.sys [2008-03-08 22768]
S3 Vsp;Vsp; ??C:WINDOWSsystem32driversVsp.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal — Free Antivirus Scheduler; C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe [2008-10-25 68865]
R2 AntiVirService;Avira AntiVir Personal — Free Antivirus Guard; C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe [2008-10-25 151297]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-12-09 72704]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Спасибо, что не отказываете в помощи. Прилагаю результаты сканера:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-05 13:23:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 22 GB (64%) free of 35 GB
Total RAM: 2047 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:10, on 05.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:Program FilesICQ6.5ICQ.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesQIPqip.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microHijackThisАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe» /min
O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncWcescomm.exe»
O4 — HKCU..Run: [QIP.Online] C:Program FilesQIP.Onlineqiponline.exe auto_start
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: AudioDeck.lnk = C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{4BF672FB-61FD-49F2-B905-C0C1203BE3D5}: NameServer = 213.234.192.7 85.21.192.5
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Avira AntiVir Personal — Free Antivirus Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 — Service: Avira AntiVir Personal — Free Antivirus Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5632 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-06-01 7618560]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-06-01 86016]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-02-09 65024]
«avgnt»=C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe [2008-06-12 266497]
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2008-01-01 737872]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-12-25 77824][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2002-12-31 15360]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncWcescomm.exe [2006-11-13 1289000]
«QIP.Online»=C:Program FilesQIP.Onlineqiponline.exe auto_start []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
AudioDeck.lnk — C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHlp83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalKos48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalnsW26.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHlp83.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkKos48.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknsW26.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«Start_NotifyNewApps»=0
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«c:windowslsass.exe»=»C:windowslsass.exe:*:Enabled:lsass»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»======List of files/folders created in the last 1 months======
2009-01-05 03:39:50 —-D—- C:Documents and SettingsАдминистраторApplication DataXnView
2009-01-02 11:24:38 —-D—- C:Documents and SettingsАдминистраторApplication DataQIP.Online
2009-01-02 11:13:58 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-01-02 11:01:00 —-D—- C:Program FilesICQ6.5
2008-12-26 12:46:29 —-D—- C:Program FilesMattel Media
2008-12-25 19:40:19 —-D—- C:Documents and SettingsАдминистраторApplication DataPlayrix Entertainment
2008-12-25 18:00:57 —-D—- C:Documents and SettingsAll UsersApplication DataVivendi Universal Games
2008-12-25 18:00:50 —-A—- C:WINDOWSsystem32CmdLineExt03.dll
2008-12-25 18:00:32 —-D—- C:WINDOWSsystem32QuickTime
2008-12-25 18:00:31 —-D—- C:Program FilesQuickTime
2008-12-25 18:00:25 —-A—- C:WINDOWSBA.ini
2008-12-25 17:59:43 —-D—- C:Program Files1C
2008-12-15 01:35:41 —-A—- C:WINDOWSunvise32.exe
2008-12-15 01:35:25 —-D—- C:Program FilesDivX
2008-12-11 02:07:09 —-D—- C:Documents and SettingsАдминистраторApplication DataQIP
2008-12-11 02:06:47 —-D—- C:Program FilesQIP Infium======List of files/folders modified in the last 1 months======
2009-01-05 13:18:49 —-D—- C:WINDOWSTemp
2009-01-05 13:18:19 —-D—- C:Program FilesTrojan Remover
2009-01-04 20:00:00 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-03 07:07:09 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-03 07:07:08 —-D—- C:WINDOWSsystem32drivers
2009-01-03 07:03:38 —-D—- C:WINDOWS
2009-01-02 11:46:29 —-D—- C:Program FilesQIP
2009-01-02 11:38:13 —-RD—- C:Program Files
2009-01-02 11:13:38 —-D—- C:Program FilesICQ6
2008-12-30 23:56:21 —-A—- C:WINDOWSsystem.ini
2008-12-27 18:36:46 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-12-25 19:39:33 —-D—- C:Program FilesGames.Rambler.ru
2008-12-25 18:00:50 —-D—- C:WINDOWSsystem32
2008-12-25 18:00:45 —-D—- C:Documents and SettingsAll UsersApplication DataQuickTime
2008-12-25 18:00:27 —-SHD—- C:WINDOWSInstaller
2008-12-25 18:00:27 —-SHD—- C:Config.Msi
2008-12-25 17:59:30 —-D—- C:Program FilesCommon FilesInstallShield
2008-12-25 17:58:58 —-A—- C:WINDOWSsetuplog.txt
2008-12-21 14:12:27 —-A—- C:WINDOWSIE4 Error Log.txt======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2008-11-26 75072]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2002-12-31 40448]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-06-01 3925920]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:WINDOWSsystem32DRIVERSRtlnic51.sys [2003-12-31 69504]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2002-12-31 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2002-12-31 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2002-12-31 20480]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2007-10-02 4109376]
S3 catchme;catchme; ??C:DOCUME~19335~1LOCALS~1Tempcatchme.sys []
S3 GMSIPCI;GMSIPCI; C:WINDOWSsystem32driversGMSIPCI.sys []
S3 NTACCESS;NTACCESS; C:WINDOWSsystem32driversNTACCESS.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; C:WINDOWSsystem32driversSetupNTGLM7X.sys []
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:WINDOWSsystem32DRIVERSusbsermpt.sys [2008-03-08 22768]
S3 Vsp;Vsp; ??C:WINDOWSsystem32driversVsp.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal — Free Antivirus Scheduler; C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe [2008-10-25 68865]
R2 AntiVirService;Avira AntiVir Personal — Free Antivirus Guard; C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe [2008-10-25 151297]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-12-09 72704]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Спасибо что откликаетесь на проблему…
«Выполнено, но с ошибками на странице» появляется не всегда, но стабильно на этом сайте http://www.odnoklassniki.ru/
Но я так понимаю, что происходит у меня в компьютере—это не вирус, и мне нужно обращаться за помощью не к вам, а на другой сайт??? )))
Но все равно благодарю Вас, что посмотрели мой лог.Все работает хорошо только благодаря вам….
Спасибо еще раз, что помогли почистить комп….если что то пойдет не так, ведь могу я снова написать???? ))Все сделала, как вы сказали, прилагаю логи, надеюсь, что я все правильно сделала )))
Большое спасибо.. Очень признательна за помощь….========== SERVICES/DRIVERS ==========
Service Hlp83 stopped successfully.
Service Hlp83 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}\ deleted successfully.
Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}\ deleted successfully.OTMoveIt3 by OldTimer — Version 1.0.7.1 log created on 11252008_002109
============================================================================
Malwarebytes’ Anti-Malware 1.30
Версия базы данных: 1416
Windows 5.1.2600 Service Pack 225.11.2008 0:40:31
mbam-log-2008-11-25 (00-40-31).txtТип проверки: Быстрая
Проверено объектов: 46694
Прошло времени: 1 minute(s), 18 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 0Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
(Вредоносные программы не обнаружены)Заражено значений реестра:
(Вредоносные программы не обнаружены)Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
(Вредоносные программы не обнаружены)Что означает ваша фраза «программы отработали хорошо»??? ))) Может ли это означать, что в моем компе вирусы больше не живут ))), хотя о их существовании я и не знала даже, пока вы не сказали )))
Могу ли я быть столь нескромна, что бы спросить: можно ли как-то себя обезопасить, что бы в другой раз не подхватить, хотя бы это жуткое «FREE PORNO VIDEO» Моя благодарность не знает границ )))
высылаю OTViewIt.txt :OTViewIt logfile created on: 23.11.2008 19:51:58 — Run 5
OTViewIt by OldTimer — Version 1.0.20.0 Folder = C:Documents and SettingsАдминистраторРабочий столАНТИВИРУС.ФОРУМ
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy2,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 84,39% Memory free
3,85 Gb Paging File | 3,63 Gb Available in Paging File | 94,15% Paging File free
Paging file location(s): C:pagefile.sys 2048 2048;%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 34,18 Gb Total Space | 23,69 Gb Free Space | 69,30% Space Free | Partition Type: NTFS
Drive D: | 114,86 Gb Total Space | 104,79 Gb Free Space | 91,23% Space Free | Partition Type: NTFS
Drive E: | 47,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: NO-5A32487196BA
Current User Name: Администратор
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days========== Processes ==========
[2002.12.31 15:00:00 | 00,050,688 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smss.exe
[2002.12.31 15:00:00 | 00,503,808 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32winlogon.exe
[2002.12.31 15:00:00 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe
[2008.10.25 11:28:19 | 00,068,865 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
[2002.12.31 15:00:00 | 01,032,704 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe
[2008.10.25 11:28:18 | 00,151,297 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
[2003.06.19 22:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
[2006.06.01 16:22:00 | 00,155,715 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32nvsvc32.exe
[2002.12.31 15:00:00 | 00,033,280 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32rundll32.exe
[2004.02.09 11:54:14 | 00,065,024 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSsoundman.exe
[2008.06.12 13:28:45 | 00,266,497 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
[2006.11.13 16:21:56 | 01,289,000 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncwcescomm.exe
[2006.11.13 16:21:46 | 00,199,464 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncrapimgr.exe
[2003.07.08 03:44:40 | 00,581,632 | —- | M] () — C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
[2002.12.31 15:00:00 | 00,093,184 | —- | M] (Корпорация Майкрософт) — C:Program FilesInternet ExplorerIEXPLORE.EXE
[2008.11.22 17:54:05 | 00,422,400 | —- | M] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столАНТИВИРУС.ФОРУМOTViewIt.exe========== (O23) Win32 Services ==========
[2007.12.09 13:29:53 | 00,072,704 | —- | M] (Adobe Systems) — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe — (Adobe LM Service [On_Demand | Stopped])
[2008.10.25 11:28:19 | 00,068,865 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe — (AntiVirScheduler [Auto | Running])
[2008.10.25 11:28:18 | 00,151,297 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe — (AntiVirService [Auto | Running])
[2002.12.31 15:00:00 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (Eventlog [Auto | Running])
[2002.12.31 15:00:00 | 00,150,016 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32imapi.exe — (ImapiService [On_Demand | Stopped])
[2003.06.19 22:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE — (MDM [Auto | Running])
[2002.12.31 15:00:00 | 00,032,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32mnmsrvc.exe — (mnmsrvc [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDE [Disabled | Stopped])
[2002.12.31 15:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDEdsdm [Disabled | Stopped])
[2006.06.01 16:22:00 | 00,155,715 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32nvsvc32.exe — (NVSvc [Auto | Running])
[2003.07.28 19:28:22 | 00,089,136 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (PlugPlay [Auto | Running])
[2002.12.31 15:00:00 | 00,141,312 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sessmgr.exe — (RDSessMgr [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,096,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32scardsvr.exe — (SCardSvr [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,091,648 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smlogsvc.exe — (SysmonLog [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,073,216 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32tlntsvr.exe — (TlntSvr [Disabled | Stopped])
[2002.12.31 15:00:00 | 00,290,304 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32vssvc.exe — (VSS [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32wbemwmiapsrv.exe — (WmiApSrv [On_Demand | Stopped])========== Driver Services ==========
[2002.12.31 15:00:00 | 00,188,288 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversacpi.sys — (ACPI [Boot | Running])
[2002.12.31 15:00:00 | 00,011,776 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversacpiec.sys — (ACPIEC [Disabled | Stopped])
[2007.10.02 17:45:04 | 04,109,376 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSsystem32driversalcxwdm.sys — (ALCXWDM [On_Demand | Stopped])
[2007.02.27 14:25:01 | 00,011,840 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys — (avgio [System | Running])
[2008.05.20 15:29:41 | 00,052,032 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys — (avgntflt [On_Demand | Running])
[2008.11.11 22:27:09 | 00,075,072 | —- | M] (Avira GmbH) — C:WINDOWSsystem32driversavipbb.sys — (avipbb [System | Running])
[2001.08.17 23:13:08 | 00,027,165 | —- | M] (VIA Technologies, Inc. ) — C:WINDOWSsystem32driversfetnd5.sys — (FETNDIS [On_Demand | Running])
[2002.12.31 15:00:00 | 00,034,944 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversfips.sys — (Fips [System | Running])
[2002.12.31 15:00:00 | 00,125,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversftdisk.sys — (Ftdisk [Boot | Running])
[2008.05.07 19:12:10 | 00,027,008 | —- | M] () — C:WINDOWSsystem32driversHlp83.sys — (Hlp83 [Boot | Stopped])
[2002.12.31 15:00:00 | 00,053,376 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversi8042prt.sys — (i8042prt [System | Running])
[2002.12.31 15:00:00 | 00,036,096 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversisapnp.sys — (isapnp [Boot | Running])
[2002.12.31 15:00:00 | 00,024,832 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverskbdclass.sys — (Kbdclass [System | Running])
[2002.12.31 15:00:00 | 00,030,208 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversmodem.sys — (Modem [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,023,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversmouclass.sys — (Mouclass [System | Running])
[2006.06.01 16:22:00 | 03,925,920 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32driversnv4_mini.sys — (nv [On_Demand | Running])
[2002.12.31 15:00:00 | 00,080,128 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversparport.sys — (Parport [On_Demand | Running])
[2002.12.31 15:00:00 | 00,006,912 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversparvdm.sys — (ParVdm [Auto | Running])
[2002.12.31 15:00:00 | 00,068,480 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverspci.sys — (PCI [Boot | Running])
[2002.12.31 15:00:00 | 00,119,936 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driverspcmcia.sys — (Pcmcia [Disabled | Stopped])
[2002.12.31 15:00:00 | 00,017,792 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSsystem32driversptilink.sys — (Ptilink [On_Demand | Running])
[2004.08.17 18:49:32 | 00,058,112 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversredbook.sys — (redbook [System | Stopped])
[2003.12.31 06:58:46 | 00,069,504 | —- | M] (Realtek Semiconductor Corporation ) — C:WINDOWSsystem32driversrtlnic51.sys — (RTL8023 [On_Demand | Running])
[2004.08.04 01:31:34 | 00,020,992 | —- | M] (Realtek Semiconductor Corporation) — C:WINDOWSsystem32driversrtl8139.sys — (rtl8139 [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,027,440 | —- | M] () — C:WINDOWSsystem32driverssecdrv.sys — (Secdrv [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,065,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversserial.sys — (Serial [System | Running])
[2002.12.31 15:00:00 | 00,073,472 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverssr.sys — (sr [Boot | Running])
[2007.03.01 09:34:22 | 00,028,352 | —- | M] (Avira GmbH) — C:WINDOWSsystem32driversssmdrv.sys — (ssmdrv [System | Running])
[2004.08.04 02:07:44 | 00,044,672 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversUAGP35.SYS — (uagp35 [Boot | Running])
[2008.03.08 21:18:40 | 00,022,768 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversusbsermpt.sys — (usbsermpt [On_Demand | Stopped])
[2003.06.16 06:05:40 | 00,369,920 | —- | M] (VIA Technologies, Inc.) — C:WINDOWSsystem32driversviaudios.sys — (VIAudio [On_Demand | Running])
[2002.12.31 15:00:00 | 00,051,968 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversvolsnap.sys — (VolSnap [Boot | Running])
[2003.05.27 16:45:06 | 00,003,351 | —- | M] () — C:WINDOWSsystem32driversvsp.sys — (Vsp [On_Demand | Stopped])
[2006.11.06 17:04:56 | 00,028,672 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driverswceusbsh.sys — (wceusbsh [On_Demand | Stopped])========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain]
«Default_Page_URL»=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
«Default_Search_URL»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Local Page»=%SystemRoot%system32blank.htm
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch]
«CustomizeSearch»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
«SearchAssistant»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain]
«Local Page»=C:WINDOWSsystem32blank.htm
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.rambler.ru/[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchURL]
«provider»=[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32shdocvw.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERS.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERSS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERSS-1-5-19SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-20SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftInternet ExplorerMain]
«Local Page»=C:WINDOWSsystem32blank.htm
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.rambler.ru/[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerSearchURL]
«provider»=[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32shdocvw.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0========== (O1) Hosts File ==========
HOSTS File = (769 bytes) — C:WINDOWSSystem32driversetcHosts
First 25 entries…
127.0.0.1 localhost========== (O2) BHO’s ==========
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (Adobe Systems Incorporated)========== (O3) Toolbars ==========
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{0E5CBF21-D15F-11D0-8301-00AA005B4383}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{468CD8A9-7C25-45FA-969E-3D925C689DC4}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{0E5CBF21-D15F-11D0-8301-00AA005B4383}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{468CD8A9-7C25-45FA-969E-3D925C689DC4}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avgnt»=»C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe» /min (Avira GmbH)
«NvCplDaemon»=RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup (NVIDIA Corporation)
«NvMediaCenter»=RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
«nwiz»=nwiz.exe /install ()
«SoundMan»=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe (Simply Super Software)[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«H/PC Connection Agent»=»C:Program FilesMicrosoft ActiveSyncWcescomm.exe» (Microsoft Corporation)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftWindowsCurrentVersionRun]
«H/PC Connection Agent»=»C:Program FilesMicrosoft ActiveSyncWcescomm.exe» (Microsoft Corporation)========== (O4) Startup Folders ==========
[2003.07.08 03:44:40 | 00,581,632 | —- | M] () — C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаAudioDeck.lnk = C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
[2005.03.16 19:16:50 | 00,113,664 | —- | M] (Adobe Systems, Inc.) — C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузкаAdobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«verbosestatus»=1[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=36
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0
«NoDriveAutoRun»=FF FF FF FF [binary data][HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«NoDispBackgroundPage»=1
«NoDispScrSavPage»=1[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«NoDispBackgroundPage»=1
«NoDispScrSavPage»=1[HKEY_USERSS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERSS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=36
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0
«NoDriveAutoRun»=FF FF FF FF [binary data]========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE [2005.05.27 00:06:54 | 10,095,808 | —- | M] (Microsoft Corporation)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE [2005.05.27 00:06:54 | 10,095,808 | —- | M] (Microsoft Corporation)========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite — %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Добавить в избранное мобильного устройства… — %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Справочные материалы — %ProgramFiles%Microsoft OfficeOFFICE11REFIEBAR.DLL [2003.07.15 05:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Button: ICQ6 — %ProgramFiles%ICQ6ICQ.exe [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Menu: ICQ6 — %ProgramFiles%ICQ6ICQ.exe [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Create Mobile Favorite] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Добавить в избранное мобильного устройства…] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%Microsoft OfficeOFFICE11REFIEBAR.DLL [Справочные материалы] -> [2003.07.15 05:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
CmdMapping\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> %ProgramFiles%ICQ6ICQ.exe [ICQ6] -> [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Create Mobile Favorite] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Добавить в избранное мобильного устройства…] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%Microsoft OfficeOFFICE11REFIEBAR.DLL [Справочные материалы] -> [2003.07.15 05:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
CmdMapping\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> %ProgramFiles%ICQ6ICQ.exe [ICQ6] -> [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerPlugins]
PluginsPage: «» = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: «» = Microsoft ActiveX Gallery========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix]
«»=http://========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
1 domain(s) and sub-domain(s) not assigned to a zone.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
megafilms.ru : * in Местная интрасеть[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
megafilms.ru : * in Местная интрасеть========== (O17) DNS Name Servers ==========
{636A96B0-F1CC-4592-BAA4-68BCF492F1EB} (Servers: | Description: VIA Compatable Fast Ethernet адаптер)
{EAD3D475-E50A-4338-900C-C731273C388F} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
«Shell»=Explorer.exe
>[2002.12.31 15:00:00 | 01,032,704 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe«UserInit»=C:WINDOWSsystem32userinit.exe,
>[2002.12.31 15:00:00 | 00,025,088 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32userinit.exe«UIHost»=logonui.exe
>[2002.12.31 15:00:00 | 00,515,072 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32logonui.exe«VMApplet»=rundll32 shell32,Control_RunDLL «sysdm.cpl»
>[2002.12.31 15:00:00 | 08,401,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32shell32.dll
>[2002.12.31 15:00:00 | 00,300,032 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sysdm.cpl========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify]
crypt32chain: «DllName» = crypt32.dll — C:WINDOWSsystem32crypt32.dll (Корпорация Майкрософт)
cscdll: «DllName» = cscdll.dll — C:WINDOWSsystem32cscdll.dll (Корпорация Майкрософт)
ScCertProp: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
Schedule: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
sclgntfy: «DllName» = sclgntfy.dll — C:WINDOWSsystem32sclgntfy.dll (Корпорация Майкрософт)
SensLogn: «DllName» = WlNotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
termsrv: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
wlballoon: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«CDBurn»={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«PostBootReminder»={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«SysTray»={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) — C:WINDOWSsystem32stobject.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«WebCheck»={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) — C:WINDOWSsystem32webcheck.dll (Корпорация Майкрософт)========== (O22) Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{438755C2-A8BA-11D1-B96B-00A0C90312E1}» (HKLM) = Предзагрузчик Browseui — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{8C7461EF-2B13-11d2-BE35-3078302C2030}» (HKLM) = Демон кэша категорий компонентов — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
>[2002.12.31 15:00:00 | 00,068,608 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32digest.dll
>[2002.12.31 15:00:00 | 00,290,816 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32msnsspc.dll
>File not found —========== Safeboot Options ==========
«AlternateShell»=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCdrom]
«AutoRun» = 1========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2007.10.24 11:29:02 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]autorun.inf []
[2008.11.22 20:28:55 | 00,000,000 | RHSD | M] — C:autorun.inf — [ NTFS ]autorun.inf []
[2008.11.22 20:28:55 | 00,000,000 | RHSD | M] — D:autorun.inf — [ NTFS ]AUTORUN.INF [[autorun] | label=Fairies And Dragons | icon=mcdonalds.ico | open=installer.exe | ]
[2007.10.20 17:30:00 | 00,000,076 | RH— | M] () — E:AUTORUN.INF — [ CDFS ]========== MountPoints2 ==========
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}ShellAutoRuncommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}ShellexploreCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}ShellopenCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}ShellAutoRuncommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}ShellexploreCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}ShellopenCommand]
«»=F:oufddh.exe — File not found========== Files/Folders — Created Within 30 Days ==========
[2008.11.22 21:15:18 | 00,000,000 | —D | C] — C:_OTMoveIt
[2008.11.22 20:35:45 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторApplication DataMalwarebytes
[2008.11.22 20:35:44 | 00,015,504 | —- | C] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbam.sys
[2008.11.22 20:35:44 | 00,000,696 | —- | C] () — C:Documents and SettingsAll UsersРабочий столMalwarebytes’ Anti-Malware.lnk
[2008.11.22 20:35:41 | 00,038,496 | —- | C] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbamswissarmy.sys
[2008.11.22 20:35:39 | 00,000,000 | —D | C] — C:Program FilesMalwarebytes’ Anti-Malware
[2008.11.22 20:35:39 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataMalwarebytes
[2008.11.22 20:28:55 | 00,000,000 | RHSD | C] — C:autorun.inf
[2008.11.22 17:54:14 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторРабочий столАНТИВИРУС.ФОРУМ
[2008.11.22 01:48:40 | 00,001,734 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столHijackThis.lnk
[2008.11.22 01:08:34 | 00,000,000 | —D | C] — C:rsit
[2008.11.22 01:08:34 | 00,000,000 | —D | C] — C:Program Filestrend micro
[2008.11.21 01:26:51 | 04,982,784 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столptaha_feat[1]_liubov.rar
[2008.11.12 23:03:15 | 00,000,112 | —- | C] () — C:delete_sh.bat
[2008.11.12 17:48:56 | 00,000,782 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столWinx Club.lnk
[2008.11.12 17:41:09 | 00,000,000 | —D | C] — C:Program FilesKonami
[2008.11.04 17:50:45 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторРабочий столФотки с тел
[2008.11.04 17:43:02 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторРабочий столОт Маши========== Files — Modified Within 30 Days ==========
[3 C:WINDOWS*.tmp files]
[2008.11.23 19:40:33 | 00,063,804 | —- | M] () — C:WINDOWSSystem32nvapps.xml
[2008.11.23 19:33:25 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
@Alternate Data Stream — 228 bytes -> C:WINDOWSbootstat.dat:KAVICHS
[2008.11.23 19:33:23 | 21,470,12608 | -HS- | M] () — C:hiberfil.sys
[2008.11.23 19:33:23 | 00,305,216 | —- | M] () — C:WINDOWSSystem32FNTCACHE.DAT
@Alternate Data Stream — 164 bytes -> C:WINDOWSSystem32FNTCACHE.DAT:KAVICHS
[2008.11.23 19:32:40 | 07,431,414 | -H— | M] () — C:Documents and SettingsАдминистраторLocal SettingsApplication DataIconCache.db
[2008.11.22 20:35:44 | 00,000,696 | —- | M] () — C:Documents and SettingsAll UsersРабочий столMalwarebytes’ Anti-Malware.lnk
[2008.11.22 17:37:24 | 00,001,734 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столHijackThis.lnk
[2008.11.22 17:22:22 | 04,982,784 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столptaha_feat[1]_liubov.rar
[2008.11.21 00:41:13 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
@Alternate Data Stream — 228 bytes -> C:WINDOWSSystem32wpa.dbl:KAVICHS
[2008.11.17 16:47:22 | 00,000,026 | —- | M] () — C:Documents and SettingsАдминистраторМои документыDefault.PLS
[2008.11.12 23:03:15 | 00,000,112 | —- | M] () — C:delete_sh.bat
[2008.11.12 17:48:56 | 00,000,782 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столWinx Club.lnk
[2008.11.11 22:27:09 | 00,075,072 | —- | M] (Avira GmbH) — C:WINDOWSSystem32driversavipbb.sys
[2008.10.26 13:38:15 | 00,754,472 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2008.10.26 13:38:15 | 00,346,144 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2008.10.26 13:38:15 | 00,311,604 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2008.10.26 13:38:15 | 00,049,350 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2008.10.26 13:38:15 | 00,039,992 | —- | M] () — C:WINDOWSSystem32perfc009.dat
< End of report >Огромное спасибо, что отвечаете и помогаете …
вот первый лог:
Malwarebytes’ Anti-Malware 1.30
Версия базы данных: 1416
Windows 5.1.2600 Service Pack 222.11.2008 21:06:23
mbam-log-2008-11-22 (21-06-23).txtТип проверки: Быстрая
Проверено объектов: 62503
Прошло времени: 11 minute(s), 19 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 12
Заражено значений реестра: 1
Заражено параметров реестра: 0
Заражено папок: 12
Заражено файлов: 17Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOTCLSID{096059fd-99ab-41eb-9e55-59aeb0a3b444} (Spyware.Finanz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{ffffffff-85a3-452b-b7a8-759ad9b42162} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWARErhc9llj0en0a (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMRSoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesZZZdrv_lich (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesZZZsvc_lich (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_ZZZdrv_lich (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_ZZZsvc_lich (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesmsupdate (Rootkit.Agent) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrhc9llj0en0a (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
C:Program Filesrhc9llj0en0a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorunHKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorunHKCURunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorunHKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorunHKLMRunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorunStartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineAutorunStartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantineBrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication Datarhc9llj0en0aQuarantinePackages (Rogue.Multiple) -> Quarantined and deleted successfully.Заражено файлов:
C:Program Filesrhc9llj0en0adatabase.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Program Filesrhc9llj0en0alicense.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Program Filesrhc9llj0en0aMFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Program Filesrhc9llj0en0aMFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Program Filesrhc9llj0en0amsvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Program Filesrhc9llj0en0amsvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Program Filesrhc9llj0en0arhc9llj0en0a.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wpv251227133386.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32WinCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllsys.dll (Stolen.Data) -> Quarantined and deleted successfully.
C:WINDOWSsystem32WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32rc.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ps1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32cmds.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32lich.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:WINDOWSsystem32alog.txt (Stolen.Data) -> Quarantined and deleted successfully.и второй
========= REGISTRY ==========
Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{57e2e4e4-8228-11dc-963b-0080484e0acb}\ deleted successfully.
========== FILES ==========
C:WINDOWSSystem32qyklib.dll unregistered successfully.
C:WINDOWSSystem32qyklib.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1TempWCESLog.log scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.OTMoveIt3 by OldTimer — Version 1.0.7.1 log created on 11222008_211518
Спасибо, Вам, огромное, что откликнулись…. наконец-то исчез этот информер… такое облегчение…. нет слов
После запуска OTViewIt, вот что получилось….. не откажите в помощи еще раз… спасибо….))logfile created on: 22.11.2008 17:56:26 — Run 3
OTViewIt by OldTimer — VersioOTViewItn 1.0.20.0 Folder = C:Documents and SettingsАдминистраторРабочий столВременнаяАНТИВИРУС.ФОРУМ
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,49% Memory free
3,85 Gb Paging File | 3,60 Gb Available in Paging File | 93,49% Paging File free
Paging file location(s): C:pagefile.sys 2048 2048;%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 34,18 Gb Total Space | 23,26 Gb Free Space | 68,06% Space Free | Partition Type: NTFS
Drive D: | 114,86 Gb Total Space | 104,79 Gb Free Space | 91,23% Space Free | Partition Type: NTFS
Drive E: | 47,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: NO-5A32487196BA
Current User Name: Администратор
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days========== Processes ==========
[2002.12.31 15:00:00 | 00,050,688 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smss.exe
[2002.12.31 15:00:00 | 00,503,808 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32winlogon.exe
[2002.12.31 15:00:00 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe
[2002.12.31 15:00:00 | 01,032,704 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe
[2008.10.25 11:28:19 | 00,068,865 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
[2002.12.31 15:00:00 | 00,033,280 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32rundll32.exe
[2004.02.09 11:54:14 | 00,065,024 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSsoundman.exe
[2008.06.12 13:28:45 | 00,266,497 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
[2006.11.13 16:21:56 | 01,289,000 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncwcescomm.exe
[2003.07.08 03:44:40 | 00,581,632 | —- | M] () — C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
[2006.11.13 16:21:46 | 00,199,464 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncrapimgr.exe
[2008.10.25 11:28:18 | 00,151,297 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
[2003.06.19 22:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
[2006.06.01 16:22:00 | 00,155,715 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32nvsvc32.exe
[2008.07.01 19:34:30 | 03,256,320 | —- | M] (The Author of QIP) — C:Program FilesQIPqip.exe
[2002.12.31 15:00:00 | 00,093,184 | —- | M] (Корпорация Майкрософт) — C:Program FilesInternet ExplorerIEXPLORE.EXE
[2008.11.22 17:54:05 | 00,422,400 | —- | M] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столВременнаяАНТИВИРУС.ФОРУМOTViewIt.exe========== (O23) Win32 Services ==========
[2007.12.09 13:29:53 | 00,072,704 | —- | M] (Adobe Systems) — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe — (Adobe LM Service [On_Demand | Stopped])
[2008.10.25 11:28:19 | 00,068,865 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe — (AntiVirScheduler [Auto | Running])
[2008.10.25 11:28:18 | 00,151,297 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe — (AntiVirService [Auto | Running])
[2002.12.31 15:00:00 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (Eventlog [Auto | Running])
[2002.12.31 15:00:00 | 00,150,016 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32imapi.exe — (ImapiService [On_Demand | Stopped])
[2003.06.19 22:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE — (MDM [Auto | Running])
[2002.12.31 15:00:00 | 00,032,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32mnmsrvc.exe — (mnmsrvc [On_Demand | Stopped])
File not found — — (msupdate [Auto | Stopped])
[2002.12.31 15:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDE [Disabled | Stopped])
[2002.12.31 15:00:00 | 00,113,664 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32netdde.exe — (NetDDEdsdm [Disabled | Stopped])
[2006.06.01 16:22:00 | 00,155,715 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32nvsvc32.exe — (NVSvc [Auto | Running])
[2003.07.28 19:28:22 | 00,089,136 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe — (PlugPlay [Auto | Running])
[2002.12.31 15:00:00 | 00,141,312 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sessmgr.exe — (RDSessMgr [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,096,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32scardsvr.exe — (SCardSvr [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,091,648 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smlogsvc.exe — (SysmonLog [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,073,216 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32tlntsvr.exe — (TlntSvr [Disabled | Stopped])
[2002.12.31 15:00:00 | 00,290,304 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32vssvc.exe — (VSS [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,126,464 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32wbemwmiapsrv.exe — (WmiApSrv [On_Demand | Stopped])
File not found — — (ZZZsvc_lich [Auto | Stopped])========== Driver Services ==========
[2002.12.31 15:00:00 | 00,188,288 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversacpi.sys — (ACPI [Boot | Running])
[2002.12.31 15:00:00 | 00,011,776 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversacpiec.sys — (ACPIEC [Disabled | Stopped])
[2007.10.02 17:45:04 | 04,109,376 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSsystem32driversalcxwdm.sys — (ALCXWDM [On_Demand | Stopped])
[2007.02.27 14:25:01 | 00,011,840 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys — (avgio [System | Running])
[2008.05.20 15:29:41 | 00,052,032 | —- | M] (Avira GmbH) — C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys — (avgntflt [On_Demand | Running])
[2008.11.11 22:27:09 | 00,075,072 | —- | M] (Avira GmbH) — C:WINDOWSsystem32driversavipbb.sys — (avipbb [System | Running])
[2001.08.17 23:13:08 | 00,027,165 | —- | M] (VIA Technologies, Inc. ) — C:WINDOWSsystem32driversfetnd5.sys — (FETNDIS [On_Demand | Running])
[2002.12.31 15:00:00 | 00,034,944 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversfips.sys — (Fips [System | Running])
[2002.12.31 15:00:00 | 00,125,440 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversftdisk.sys — (Ftdisk [Boot | Running])
[2008.05.07 19:12:10 | 00,027,008 | —- | M] () — C:WINDOWSsystem32driversHlp83.sys — (Hlp83 [Boot | Stopped])
[2002.12.31 15:00:00 | 00,053,376 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversi8042prt.sys — (i8042prt [System | Running])
[2002.12.31 15:00:00 | 00,036,096 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversisapnp.sys — (isapnp [Boot | Running])
[2002.12.31 15:00:00 | 00,024,832 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverskbdclass.sys — (Kbdclass [System | Running])
[2002.12.31 15:00:00 | 00,030,208 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversmodem.sys — (Modem [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,023,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversmouclass.sys — (Mouclass [System | Running])
[2006.06.01 16:22:00 | 03,925,920 | —- | M] (NVIDIA Corporation) — C:WINDOWSsystem32driversnv4_mini.sys — (nv [On_Demand | Running])
[2002.12.31 15:00:00 | 00,080,128 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversparport.sys — (Parport [On_Demand | Running])
[2002.12.31 15:00:00 | 00,006,912 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversparvdm.sys — (ParVdm [Auto | Running])
[2002.12.31 15:00:00 | 00,068,480 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverspci.sys — (PCI [Boot | Running])
[2002.12.31 15:00:00 | 00,119,936 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driverspcmcia.sys — (Pcmcia [Disabled | Stopped])
[2002.12.31 15:00:00 | 00,017,792 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSsystem32driversptilink.sys — (Ptilink [On_Demand | Running])
[2004.08.17 18:49:32 | 00,058,112 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversredbook.sys — (redbook [System | Stopped])
[2003.12.31 06:58:46 | 00,069,504 | —- | M] (Realtek Semiconductor Corporation ) — C:WINDOWSsystem32driversrtlnic51.sys — (RTL8023 [On_Demand | Running])
[2004.08.04 01:31:34 | 00,020,992 | —- | M] (Realtek Semiconductor Corporation) — C:WINDOWSsystem32driversrtl8139.sys — (rtl8139 [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,027,440 | —- | M] () — C:WINDOWSsystem32driverssecdrv.sys — (Secdrv [On_Demand | Stopped])
[2002.12.31 15:00:00 | 00,065,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driversserial.sys — (Serial [System | Running])
[2002.12.31 15:00:00 | 00,073,472 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32driverssr.sys — (sr [Boot | Running])
[2007.03.01 09:34:22 | 00,028,352 | —- | M] (Avira GmbH) — C:WINDOWSsystem32driversssmdrv.sys — (ssmdrv [System | Running])
[2004.08.04 02:07:44 | 00,044,672 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversUAGP35.SYS — (uagp35 [Boot | Running])
[2008.03.08 21:18:40 | 00,022,768 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversusbsermpt.sys — (usbsermpt [On_Demand | Stopped])
[2003.06.16 06:05:40 | 00,369,920 | —- | M] (VIA Technologies, Inc.) — C:WINDOWSsystem32driversviaudios.sys — (VIAudio [On_Demand | Running])
[2002.12.31 15:00:00 | 00,051,968 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32driversvolsnap.sys — (VolSnap [Boot | Running])
[2003.05.27 16:45:06 | 00,003,351 | —- | M] () — C:WINDOWSsystem32driversvsp.sys — (Vsp [On_Demand | Stopped])
[2006.11.06 17:04:56 | 00,028,672 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driverswceusbsh.sys — (wceusbsh [On_Demand | Stopped])========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain]
«Default_Page_URL»=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
«Default_Search_URL»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Local Page»=%SystemRoot%system32blank.htm
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch]
«CustomizeSearch»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
«SearchAssistant»=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain]
«Local Page»=C:WINDOWSsystem32blank.htm
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.rambler.ru/[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchURL]
«provider»=[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32shdocvw.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERS.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERSS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0[HKEY_USERSS-1-5-19SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-20SOFTWAREMicrosoftInternet ExplorerMain]
[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftInternet ExplorerMain]
«Local Page»=C:WINDOWSsystem32blank.htm
«Search Page»=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
«Start Page»=http://www.rambler.ru/[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerSearchURL]
«provider»=[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{CFBFAE00-17A6-11D0-99CB-00C04FD64497}» (HKLM) — C:WINDOWSsystem32shdocvw.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
«ProxyEnable» = 0========== (O1) Hosts File ==========
HOSTS File = (769 bytes) — C:WINDOWSSystem32driversetcHosts
First 25 entries…
127.0.0.1 localhost========== (O2) BHO’s ==========
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (Adobe Systems Incorporated)========== (O3) Toolbars ==========
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{0E5CBF21-D15F-11D0-8301-00AA005B4383}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{468CD8A9-7C25-45FA-969E-3D925C689DC4}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarShellBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{01E04581-4EEE-11D0-BFE9-00AA005B4383}» (HKLM) — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{0E5CBF21-D15F-11D0-8301-00AA005B4383}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
«{468CD8A9-7C25-45FA-969E-3D925C689DC4}» (HKLM) — Reg Error: Key does not exist or could not be opened. File not found========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avgnt»=»C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe» /min (Avira GmbH)
«NvCplDaemon»=RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup (NVIDIA Corporation)
«NvMediaCenter»=RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
«nwiz»=nwiz.exe /install ()
«SoundMan»=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe (Simply Super Software)[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«H/PC Connection Agent»=»C:Program FilesMicrosoft ActiveSyncWcescomm.exe» (Microsoft Corporation)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftWindowsCurrentVersionRun]
«H/PC Connection Agent»=»C:Program FilesMicrosoft ActiveSyncWcescomm.exe» (Microsoft Corporation)========== (O4) Startup Folders ==========
[2003.07.08 03:44:40 | 00,581,632 | —- | M] () — C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаAudioDeck.lnk = C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
[2005.03.16 19:16:50 | 00,113,664 | —- | M] (Adobe Systems, Inc.) — C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузкаAdobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«verbosestatus»=1[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«NoDispBackgroundPage»=1
«NoDispScrSavPage»=1[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERSS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem]
«NoDispBackgroundPage»=1
«NoDispScrSavPage»=1[HKEY_USERSS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERSS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer]
«NoDriveTypeAutoRun»=145
«NoLowDiskSpaceChecks»=1
«Start_NotifyNewApps»=0========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE [2005.05.27 00:06:54 | 10,095,808 | —- | M] (Microsoft Corporation)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SoftwareMicrosoftInternet ExplorerMenuExt]
&Экспорт в Microsoft Excel: C:Program FilesMicrosoft OfficeOFFICE11EXCEL.EXE [2005.05.27 00:06:54 | 10,095,808 | —- | M] (Microsoft Corporation)========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite — %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Добавить в избранное мобильного устройства… — %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Справочные материалы — %ProgramFiles%Microsoft OfficeOFFICE11REFIEBAR.DLL [2003.07.15 05:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Button: ICQ6 — %ProgramFiles%ICQ6ICQ.exe [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Menu: ICQ6 — %ProgramFiles%ICQ6ICQ.exe [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)[HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Create Mobile Favorite] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Добавить в избранное мобильного устройства…] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%Microsoft OfficeOFFICE11REFIEBAR.DLL [Справочные материалы] -> [2003.07.15 05:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
CmdMapping\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> %ProgramFiles%ICQ6ICQ.exe [ICQ6] -> [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftInternet ExplorerExtensions]
CmdMapping\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Create Mobile Favorite] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%Microsoft ActiveSyncINetRepl.dll [Добавить в избранное мобильного устройства…] -> [2006.11.13 16:21:42 | 00,158,504 | —- | M] (Microsoft Corporation)
CmdMapping\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%Microsoft OfficeOFFICE11REFIEBAR.DLL [Справочные материалы] -> [2003.07.15 05:57:08 | 00,040,512 | —- | M] (Microsoft Corporation)
CmdMapping\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> %ProgramFiles%ICQ6ICQ.exe [ICQ6] -> [2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.)========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerPlugins]
PluginsPage: «» = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: «» = Microsoft ActiveX Gallery========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix]
«»=http://========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
1 domain(s) and sub-domain(s) not assigned to a zone.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
megafilms.ru : * in Местная интрасеть[HKEY_USERSS-1-5-21-1409082233-1229272821-839522115-500SOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains]
megafilms.ru : * in Местная интрасеть========== (O17) DNS Name Servers ==========
{636A96B0-F1CC-4592-BAA4-68BCF492F1EB} (Servers: | Description: VIA Compatable Fast Ethernet адаптер)
{EAD3D475-E50A-4338-900C-C731273C388F} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
«Shell»=Explorer.exe
>[2002.12.31 15:00:00 | 01,032,704 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe«UserInit»=C:WINDOWSsystem32userinit.exe,
>[2002.12.31 15:00:00 | 00,025,088 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32userinit.exe«UIHost»=logonui.exe
>[2002.12.31 15:00:00 | 00,515,072 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32logonui.exe«VMApplet»=rundll32 shell32,Control_RunDLL «sysdm.cpl»
>[2002.12.31 15:00:00 | 08,401,408 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32shell32.dll
>[2002.12.31 15:00:00 | 00,300,032 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sysdm.cpl========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify]
crypt32chain: «DllName» = crypt32.dll — C:WINDOWSsystem32crypt32.dll (Корпорация Майкрософт)
cscdll: «DllName» = cscdll.dll — C:WINDOWSsystem32cscdll.dll (Корпорация Майкрософт)
ScCertProp: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
Schedule: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
sclgntfy: «DllName» = sclgntfy.dll — C:WINDOWSsystem32sclgntfy.dll (Корпорация Майкрософт)
SensLogn: «DllName» = WlNotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
termsrv: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)
wlballoon: «DllName» = wlnotify.dll — C:WINDOWSsystem32wlnotify.dll (Корпорация Майкрософт)========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«CDBurn»={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«PostBootReminder»={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«SysTray»={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) — C:WINDOWSsystem32stobject.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
«WebCheck»={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) — C:WINDOWSsystem32webcheck.dll (Корпорация Майкрософт)========== (O22) Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{438755C2-A8BA-11D1-B96B-00A0C90312E1}» (HKLM) = Предзагрузчик Browseui — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
«{8C7461EF-2B13-11d2-BE35-3078302C2030}» (HKLM) = Демон кэша категорий компонентов — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}» (HKLM) — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
>[2002.12.31 15:00:00 | 00,068,608 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32digest.dll
>[2002.12.31 15:00:00 | 00,290,816 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32msnsspc.dll
>File not found —========== Safeboot Options ==========
«AlternateShell»=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCdrom]
«AutoRun» = 1========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2007.10.24 11:29:02 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]AUTORUN.INF [[autorun] | label=Fairies And Dragons | icon=mcdonalds.ico | open=installer.exe | ]
[2007.10.20 17:30:00 | 00,000,076 | RH— | M] () — E:AUTORUN.INF — [ CDFS ]========== MountPoints2 ==========
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{57e2e4e4-8228-11dc-963b-0080484e0acb}ShellAutoRuncommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{57e2e4e4-8228-11dc-963b-0080484e0acb}ShellexploreCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{57e2e4e4-8228-11dc-963b-0080484e0acb}ShellopenCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}ShellAutoRuncommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}ShellexploreCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{9683d0a2-ed3d-11dc-9724-0080484e0acb}ShellopenCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}ShellAutoRuncommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}ShellexploreCommand]
«»=F:oufddh.exe — File not found[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{a49cdb50-0626-11dd-97a9-0080484e0acb}ShellopenCommand]
«»=F:oufddh.exe — File not found========== Files/Folders — Created Within 30 Days ==========
[2008.11.22 01:48:40 | 00,001,734 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столHijackThis.lnk
[2008.11.22 01:08:34 | 00,000,000 | —D | C] — C:rsit
[2008.11.22 01:08:34 | 00,000,000 | —D | C] — C:Program Filestrend micro
[2008.11.21 01:26:51 | 04,982,784 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столptaha_feat[1]_liubov.rar
[2008.11.21 01:18:08 | 00,330,240 | —- | C] () — C:WINDOWSSystem32qyklib.dll
[2008.11.21 01:18:08 | 00,311,165 | —- | C] (Igor Pavlov) — C:WINDOWSSystem32wpv251227133386.cpx
[2008.11.12 23:03:15 | 00,000,112 | —- | C] () — C:delete_sh.bat
[2008.11.12 17:48:56 | 00,000,782 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столWinx Club.lnk
[2008.11.12 17:41:09 | 00,000,000 | —D | C] — C:Program FilesKonami
[2008.11.11 22:40:41 | 00,010,752 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столДокумент Microsoft Word.doc
[2008.11.04 17:50:45 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторРабочий столФотки с тел
[2008.11.04 17:43:02 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторРабочий столОт Маши========== Files — Modified Within 30 Days ==========
[3 C:WINDOWS*.tmp files]
[2008.11.22 17:43:04 | 00,063,804 | —- | M] () — C:WINDOWSSystem32nvapps.xml
[2008.11.22 17:42:59 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
@Alternate Data Stream — 228 bytes -> C:WINDOWSbootstat.dat:KAVICHS
[2008.11.22 17:42:57 | 21,470,12608 | -HS- | M] () — C:hiberfil.sys
[2008.11.22 17:42:01 | 07,428,816 | -H— | M] () — C:Documents and SettingsАдминистраторLocal SettingsApplication DataIconCache.db
[2008.11.22 17:37:24 | 00,001,734 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столHijackThis.lnk
[2008.11.22 17:22:22 | 04,982,784 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столptaha_feat[1]_liubov.rar
[2008.11.21 01:18:09 | 00,330,240 | —- | M] () — C:WINDOWSSystem32qyklib.dll
[2008.11.21 01:18:08 | 00,311,165 | —- | M] (Igor Pavlov) — C:WINDOWSSystem32wpv251227133386.cpx
[2008.11.21 00:41:13 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
@Alternate Data Stream — 228 bytes -> C:WINDOWSSystem32wpa.dbl:KAVICHS
[2008.11.17 16:47:22 | 00,000,026 | —- | M] () — C:Documents and SettingsАдминистраторМои документыDefault.PLS
[2008.11.12 23:03:15 | 00,000,112 | —- | M] () — C:delete_sh.bat
[2008.11.12 17:48:56 | 00,000,782 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столWinx Club.lnk
[2008.11.11 22:40:41 | 00,010,752 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столДокумент Microsoft Word.doc
[2008.11.11 22:27:09 | 00,075,072 | —- | M] (Avira GmbH) — C:WINDOWSSystem32driversavipbb.sys
[2008.10.26 13:38:15 | 00,754,472 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2008.10.26 13:38:15 | 00,346,144 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2008.10.26 13:38:15 | 00,311,604 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2008.10.26 13:38:15 | 00,049,350 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2008.10.26 13:38:15 | 00,039,992 | —- | M] () — C:WINDOWSSystem32perfc009.dat
< End of report >OTViewIt Extras logfile created on: 22.11.2008 17:56:26 — Run 3
OTViewIt by OldTimer — Version 1.0.20.0 Folder = C:Documents and SettingsАдминистраторРабочий столВременнаяАНТИВИРУС.ФОРУМ
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,49% Memory free
3,85 Gb Paging File | 3,60 Gb Available in Paging File | 93,49% Paging File free
Paging file location(s): C:pagefile.sys 2048 2048;%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 34,18 Gb Total Space | 23,26 Gb Free Space | 68,06% Space Free | Partition Type: NTFS
Drive D: | 114,86 Gb Total Space | 104,79 Gb Free Space | 91,23% Space Free | Partition Type: NTFS
Drive E: | 47,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: NO-5A32487196BA
Current User Name: Администратор
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days========== File Associations ==========
[HKEY_LOCAL_MACHINESOFTWAREClasses
]
.inf [@ = inffile] — C:WINDOWSsystem32notepad.exe ()
.ini [@ = inifile] — C:WINDOWSsystem32notepad.exe ()
.txt [@ = txtfile] — C:WINDOWSsystem32notepad.exe ()========== Security Center Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled»=1HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
«EnableFirewall»=1
«DoNotAllowExceptions»=0
«DisableNotifications»=0
«DisableUnicastResponsesToMulticastBroadcast»=0
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplications]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPorts]========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
[2002.12.31 15:00:00 | 00,141,312 | —- | M] (Корпорация Майкрософт) — %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006.11.13 16:21:46 | 00,199,464 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006.11.13 16:21:56 | 01,289,000 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006.11.13 16:21:58 | 04,279,080 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
[2006.11.13 16:21:46 | 00,199,464 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006.11.13 16:21:56 | 01,289,000 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006.11.13 16:21:58 | 04,279,080 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008.09.01 18:08:21 | 00,173,304 | —- | M] (ICQ, Inc.) — C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6
File not found — C:windowslsass.exe:*:Enabled:lsass
[2002.12.31 15:00:00 | 00,141,312 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008.07.01 19:34:30 | 03,256,320 | —- | M] (The Author of QIP) — C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinSock2Parameters]
NameSpace_Catalog5Catalog_Entries�00000000001 [TCP/IP] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
NameSpace_Catalog5Catalog_Entries�00000000003 [Пространство имен службы сетевого расположения (NLA)] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000001 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000002 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000003 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000004 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000005 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000006 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000007 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000008 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000009 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000010 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000011 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000012 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000013 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000014 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000015 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000016 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
Protocol_Catalog9Catalog_Entries�00000000017 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 03,003,392 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 01,431,040 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: подключаемый протокол])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL http�x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL httpoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL https�x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL httpsoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
ipp: [HKLM — No CLSID value][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL ipp�x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 03,003,392 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32mshtml.dll (javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 03,003,392 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
msdaipp: [HKLM — No CLSID value][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaipp�x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 01:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSystemOle DBMSDAIPP.DLL msdaippoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2000.04.19 17:47:36 | 00,520,117 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2005.06.02 23:36:20 | 07,252,672 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2005.04.25 12:29:56 | 08,071,360 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 03,003,392 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 03,003,392 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 01,431,040 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [ТВ: подключаемый протокол])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2002.12.31 15:00:00 | 03,003,392 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2002.12.31 15:00:00 | 00,600,576 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP lzdhtml encoding/decoding Filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2002.12.31 15:00:00 | 08,401,408 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2003.07.15 05:45:12 | 00,039,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{236BB7C4-4419-42FD-0409-1E257A25E34D}»=Adobe Photoshop CS2
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}»=WebFldrs XP
«{60DE4033-9503-48D1-A483-7846BD217CA9}»=ICQ6
«{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}»=PowerDVD
«{786C5747-1033-0000-B58E-000000000001}»=Adobe Stock Photos 1.0
«{8EDBA74D-0686-4C99-BFDD-F894678E5B39}»=Adobe Common File Installer
«{90110419-6000-11D3-8CFE-0150048383C9}»=Microsoft Office — профессиональный выпуск версии 2003
«{99052DB7-9592-4522-A558-5417BBAD48EE}»=Microsoft ActiveSync
«{AC76BA86-7AD7-1049-7B44-A70500000002}»=Adobe Reader 7.0.5 — Russian
«{B74D4E10-1033-0000-0000-000000000001}»=Adobe Bridge 1.0
«{E9787678-1033-0000-8E67-000000000001}»=Adobe Help Center 1.0
«{FB08F381-6533-4108-B7DD-039E11FBC27E}»=Realtek AC’97 Audio
«Adobe Photoshop CS2 — {236BB7C4-4419-42FD-0409-1E257A25E34D}»=Adobe Photoshop CS2
«AIMPClassic»=AIMP Classic
«AntiVir PersonalEdition Classic»=Avira AntiVir Personal — Free Antivirus
«atelier»=NevoSoft Atelier (remove only)
«AviSynth»=AviSynth 2.5
«HijackThis»=HijackThis 2.0.2
«ITE_Autorun_2001PCG»=Жукодром
«NVIDIA Drivers»=NVIDIA Drivers
«QIP2005″=QIP 2005 Uninstall
«ShockwaveFlash»=Adobe Flash Player 9 ActiveX
«Totalcmd»=Total Commander (Remove or Repair)
«Trojan Remover_is1″=Trojan Remover 6.6.5
«VEMoDe 0.12b»=VEMoDe 0.12b
«VIA Audio Driver Setup Program»=VIA Audio Driver Setup Program
«WinRAR archiver»=Архиватор WinRAR
«Winx Club_is1″=Winx Club
«Помощники для зверюшек»=Помощники для зверюшек========== Last 10 Event Log Errors ==========
[ Application Events ]
Error — 23.02.2008 11:09:11 | Computer Name = NO-5A32487196BA | Source = Application Error | ID = 1000
Description = Ошибка приложения tmp.dat, версия 0.0.0.0, модуль tmp.dat, версия
0.0.0.0, адрес 0x00008d99.Error — 23.02.2008 11:39:14 | Computer Name = NO-5A32487196BA | Source = Application Error | ID = 1000
Description = Ошибка приложения tmp.dat, версия 0.0.0.0, модуль tmp.dat, версия
0.0.0.0, адрес 0x00008d99.Error — 21.03.2008 8:32:21 | Computer Name = NO-5A32487196BA | Source = Application Error | ID = 1000
Description = Ошибка приложения iexplore.exe, версия 6.0.2900.2180, модуль ntdll.dll,
версия 5.1.2600.2180, адрес 0x000106c3.[ System Events ]
Error — 05.10.2008 11:27:08 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 05.10.2008 11:27:13 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 05.10.2008 11:27:19 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 17.11.2008 10:24:02 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 17.11.2008 10:24:04 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 17.11.2008 10:24:07 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 17.11.2008 10:31:48 | Computer Name = NO-5A32487196BA | Source = Cdrom | ID = 262151
Description = Неверный блок на устройстве DeviceCdRom0.Error — 21.11.2008 18:15:44 | Computer Name = NO-5A32487196BA | Source = SideBySide | ID = 16842784
Description = Зависимая совокупность Microsoft.VC80.CRT не может быть найдена, последняя
ошибка Указанная совокупность не установлена в системе.Error — 21.11.2008 18:15:44 | Computer Name = NO-5A32487196BA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly завершилась не удачно для Microsoft.VC80.CRT.
Соответствующее
сообщение об ошибке: Указанная совокупность не установлена в системе. .Error — 21.11.2008 18:15:44 | Computer Name = NO-5A32487196BA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context завершилась не удачно для C:DOCUME~19335~1LOCALS~1Tempmia1InstallerExtensions.dll.
Соответствующее
сообщение об ошибке: Операция успешно завершена. .< End of report >
