| |
| |||||||
Log-Analyse und Auswertung: Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2013, 01:20
| #16 |
 |  Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? ADwCleaner erledigt. checke jetzt noch OTL. Code:
ATTFilter # AdwCleaner v2.111 - Logfile created 02/07/2013 at 02:10:31
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - COMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\??????? ????\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\prefs.js
[OK] File is clean.
-\\ Chromium v24.0.1350.0
File : C:\Documents and Settings\User\Local Settings\Application Data\Chromium\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [1310 octets] - [07/02/2013 02:10:31]
########## EOF - C:\AdwCleaner[S1].txt - [1370 octets] ##########
Code:
ATTFilter OTL logfile created on: 07.02.2013 03:04:15 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = I:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy 767.48 Mb Total Physical Memory | 332.74 Mb Available Physical Memory | 43.35% Memory free 1.08 Gb Paging File | 0.73 Gb Available in Paging File | 67.31% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6.84 Gb Total Space | 0.15 Gb Free Space | 2.17% Space Free | Partition Type: NTFS Drive D: | 6.83 Gb Total Space | 0.13 Gb Free Space | 1.89% Space Free | Partition Type: FAT32 Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32 Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32 Drive G: | 9.90 Gb Total Space | 1.25 Gb Free Space | 12.66% Space Free | Partition Type: FAT32 Drive I: | 960.53 Mb Total Space | 596.88 Mb Free Space | 62.14% Space Free | Partition Type: FAT Computer Name: COMP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - I:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\WINDOWS\system32\services.exe (Корпорация Майкрософт) PRC - C:\WINDOWS\system32\winlogon.exe (Корпорация Майкрософт) PRC - C:\WINDOWS\explorer.exe (Корпорация Майкрософт) PRC - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт) PRC - C:\WINDOWS\system32\smss.exe (Корпорация Майкрософт) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mail.Ru\Agent\Mra\dll\mramenu.dll () MOD - C:\Program Files\Unlocker\UnlockerCOM.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт) SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт) SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт) SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Корпорация Майкрософт) SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт) SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт) SRV - (Wmi) -- C:\WINDOWS\system32\advapi32.dll (Корпорация Майкрософт) SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Корпорация Майкрософт) SRV - (Nla) -- C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Корпорация Майкрософт) SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Корпорация Майкрософт) SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Корпорация Майкрософт) SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Корпорация Майкрософт) SRV - (stisvc) -- C:\WINDOWS\system32\wiaservc.dll (Корпорация Майкрософт) SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Корпорация Майкрософт) SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Корпорация Майкрософт) SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Корпорация Майкрософт) SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Корпорация Майкрософт) SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Корпорация Майкрософт) SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Корпорация Майкрософт) SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Корпорация Майкрософт) SRV - (AppMgmt) -- C:\WINDOWS\system32\appmgmts.dll (Корпорация Майкрософт) SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Корпорация Майкрософт) SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Корпорация Майкрософт) SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Корпорация Майкрософт) SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт) SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Корпорация Майкрософт) SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт) SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт) SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Корпорация Майкрософт) SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Корпорация Майкрософт) SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Корпорация Майкрософт) SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Корпорация Майкрософт) SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Корпорация Майкрософт) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (mnmdd) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found DRV - (ApfiltrService) -- system32\DRIVERS\Apfiltr.sys File not found DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET) DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET) DRV - (krnl_akl) -- C:\WINDOWS\system32\drivers\krnl_akl.sys (Global Information Technology (UK) Limited.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Корпорация Майкрософт) DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Корпорация Майкрософт) DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys (Корпорация Майкрософт) DRV - (Ftdisk) -- C:\WINDOWS\system32\drivers\ftdisk.sys (Корпорация Майкрософт) DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Корпорация Майкрософт) DRV - (sr) -- C:\WINDOWS\system32\drivers\sr.sys (Корпорация Майкрософт) DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Корпорация Майкрософт) DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Корпорация Майкрософт) DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Корпорация Майкрософт) DRV - (isapnp) -- C:\WINDOWS\system32\drivers\isapnp.sys (Корпорация Майкрософт) DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Корпорация Майкрософт) DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Корпорация Майкрософт) DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Корпорация Майкрософт) DRV - (PCI) -- C:\WINDOWS\system32\drivers\pci.sys (Корпорация Майкрософт) DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Корпорация Майкрософт) DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Корпорация Майкрософт) DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Корпорация Майкрософт) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (nvmpu401) -- C:\WINDOWS\system32\drivers\nvmpu401.sys (NVIDIA Corporation) DRV - (EL910) -- C:\WINDOWS\system32\drivers\EL910N51.sys (3Com Corporation) DRV - (PCIIde) -- C:\WINDOWS\system32\drivers\pciide.sys (Корпорация Майкрософт) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=135294&text={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Page = IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.ukrtelecom.ua/ IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{3E0C9769-C75E-4D54-9BA8-ACE7DDE006DD6B4}: "URL" = hxxp://superru.net/?q={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10 IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{8A0349E9-5932-C082-03A2-591DDE006DBACE7}: "URL" = hxxp://superru.net/?text={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10 IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.01.17 12:32:09 | 000,000,000 | ---D | M] [2013.01.03 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2013.02.03 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions [2013.02.03 15:43:27 | 000,045,184 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions\jsonovich@lackoftalent.org.xpi O1 HOSTS File: ([2013.02.06 14:27:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found. O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт) O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт) O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Ссылки) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O4 - HKLM..\Run: [C:\Documents and Settings\User\Рабочий стол\test.exe.exe] C:\Documents and Settings\User\Рабочий стол\test.exe.exe File not found O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - Startup: C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled [2012.06.02 13:21:05 | 000,000,000 | ---D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru) O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360018479234 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{189530A2-4083-4693-87DC-BC9167B1706D}: NameServer = 213.179.249.132 213.179.249.133 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D08FDA9D-D240-4754-922D-EB72EF7089C5}: NameServer = 192.168.1.1 O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт) O24 - Desktop Components:0 () - O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.14 16:13:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.07 03:05:24 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013.02.06 16:15:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.02.06 14:15:05 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.05 23:28:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache [2013.02.05 23:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2013.02.05 23:19:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013.02.05 21:28:38 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys [2013.02.05 17:42:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp [2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsroute.dll [2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxssend.exe [2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll [2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclntR.dll [2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscfgwz.dll [2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll [2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll [2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll [2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll [2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2013.02.05 17:42:09 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll [2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll [2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll [2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll [2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll [2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll [2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll [2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe [2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe [2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll [2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll [2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll [2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2013.02.05 17:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2013.02.05 02:03:12 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.02.05 01:54:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2013.02.05 01:40:08 | 000,457,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2013.02.05 01:38:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2013.02.05 01:32:04 | 008,480,256 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\shell32.dll [2013.02.05 01:26:39 | 000,048,128 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2013.02.05 01:26:36 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll [2013.02.05 01:12:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado28.tlb [2013.02.05 01:05:23 | 002,150,912 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2013.02.05 01:05:22 | 002,194,816 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2013.02.05 01:05:18 | 002,029,568 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2013.02.05 01:05:17 | 002,071,424 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2013.02.05 00:53:39 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2013.02.05 00:53:39 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2013.02.05 00:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2013.02.04 19:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\7-Zip [2013.02.04 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.02.04 16:58:34 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.04 16:56:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.04 16:56:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.04 16:56:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.04 16:56:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.04 16:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.04 16:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.04 15:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron [2013.01.21 09:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\VS Revo Group [2013.01.20 09:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2013.01.17 14:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes [2013.01.17 14:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013.01.17 12:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.01.16 21:28:51 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.16 21:28:51 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.16 21:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.swt [2013.01.16 16:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.07 02:43:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.07 02:17:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.07 02:13:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.06 14:27:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.02.05 23:05:12 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.05 21:34:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.05 17:42:32 | 000,436,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.05 17:42:32 | 000,068,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.05 17:42:31 | 000,443,244 | ---- | M] () -- C:\WINDOWS\System32\perfh019.dat [2013.02.05 17:42:31 | 000,065,056 | ---- | M] () -- C:\WINDOWS\System32\perfc019.dat [2013.02.05 17:42:27 | 000,000,570 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2013.02.05 16:57:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.04 18:20:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable [2013.02.04 16:58:40 | 000,000,322 | RHS- | M] () -- C:\boot.ini [2013.02.04 15:56:53 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk [2013.01.21 23:28:56 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.18 22:17:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.18 22:17:46 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.05 17:42:17 | 000,000,570 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf [2013.02.05 17:42:12 | 000,003,556 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2013.02.05 17:42:12 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h [2013.02.05 16:26:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.05 01:54:57 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2013.02.04 18:20:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable [2013.02.04 16:58:40 | 000,000,206 | ---- | C] () -- C:\Boot.bak [2013.02.04 16:58:37 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013.02.04 16:56:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.04 16:56:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.04 16:56:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.04 16:56:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.04 16:56:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.02.04 15:56:53 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk [2013.01.18 22:17:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.20 12:04:54 | 003,207,168 | ---- | C] () -- C:\WINDOWS\System32\defrasvr.exe [2012.01.18 17:20:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\{7C89722B-9EC8-42DC-82FA-0805F0D77017} [2011.12.14 19:15:53 | 000,000,133 | ---- | C] () -- C:\WINDOWS\operaprefs.ini [2010.04.09 18:16:19 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\intlname.ols [2009.05.14 17:16:36 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.05.14 17:08:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:31:45 | 001,510,400 | ---- | M] (Корпорация Майкрософт) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:54:16 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.15 09:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2013.02.07 02:48:07 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????\pc security) -- C:\Documents and Settings\User\Рабочий стол\pc security [2013.02.07 02:48:07 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол [2013.02.07 02:48:07 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол [2013.02.07 02:47:27 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\pc security) -- C:\Documents and Settings\User\Рабочий стол\pc security [2013.02.07 02:21:45 | 000,602,112 | ---- | C] (OldTimer Tools)(C:\Documents and Settings\User\??????? ????\OTL.exe) -- C:\Documents and Settings\User\Рабочий стол\OTL.exe [2013.02.07 02:07:49 | 000,582,209 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\adwcleaner.exe) -- C:\Documents and Settings\User\Рабочий стол\adwcleaner.exe [2013.02.07 02:07:30 | 000,582,209 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\adwcleaner.exe) -- C:\Documents and Settings\User\Рабочий стол\adwcleaner.exe [2013.02.06 23:17:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO)(C:\Documents and Settings\User\??????? ????\tdsskiller.exe) -- C:\Documents and Settings\User\Рабочий стол\tdsskiller.exe [2013.02.06 23:16:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO)(C:\Documents and Settings\User\??????? ????\tdsskiller.exe) -- C:\Documents and Settings\User\Рабочий стол\tdsskiller.exe [2013.02.06 20:54:28 | 000,005,732 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\aswMBR.txt) -- C:\Documents and Settings\User\Рабочий стол\aswMBR.txt [2013.02.06 20:54:28 | 000,000,512 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\MBR.dat) -- C:\Documents and Settings\User\Рабочий стол\MBR.dat [2013.02.06 20:50:35 | 000,005,732 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\aswMBR.txt) -- C:\Documents and Settings\User\Рабочий стол\aswMBR.txt [2013.02.06 20:50:35 | 000,000,512 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\MBR.dat) -- C:\Documents and Settings\User\Рабочий стол\MBR.dat [2013.02.06 19:40:33 | 000,078,401 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer6feb13.txt) -- C:\Documents and Settings\User\Рабочий стол\gmer6feb13.txt [2013.02.06 19:40:33 | 000,078,401 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer6feb13.txt) -- C:\Documents and Settings\User\Рабочий стол\gmer6feb13.txt [2013.02.06 19:15:39 | 000,365,568 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer_2.0.18454 (1).exe) -- C:\Documents and Settings\User\Рабочий стол\gmer_2.0.18454 (1).exe [2013.02.06 19:14:12 | 000,365,568 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer_2.0.18454 (1).exe) -- C:\Documents and Settings\User\Рабочий стол\gmer_2.0.18454 (1).exe [2013.02.06 14:48:12 | 000,017,813 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\log.txt) -- C:\Documents and Settings\User\Рабочий стол\log.txt [2013.02.06 14:48:12 | 000,017,813 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\log.txt) -- C:\Documents and Settings\User\Рабочий стол\log.txt [2013.02.05 23:28:23 | 000,000,815 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk [2013.02.05 23:28:23 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное [2013.02.05 23:28:23 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное [2013.02.05 23:28:16 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки [2013.02.05 23:28:16 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка [2013.02.05 23:28:15 | 000,000,200 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini [2013.02.05 23:28:15 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы [2013.02.05 23:28:15 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы [2013.02.05 21:14:48 | 000,001,554 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt [2013.02.05 18:02:55 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads [2013.02.05 17:42:29 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\??????? ????\?????????\????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Игры [2013.02.05 17:41:56 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны [2013.02.05 17:41:56 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны [2013.02.05 03:01:02 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads [2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню [2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню [2013.02.04 20:07:02 | 000,080,976 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log [2013.02.04 20:06:21 | 000,080,976 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log [2013.02.04 18:25:04 | 000,602,112 | ---- | M] (OldTimer Tools)(C:\Documents and Settings\User\??????? ????\OTL.exe) -- C:\Documents and Settings\User\Рабочий стол\OTL.exe [2013.02.04 16:55:36 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи [2013.02.04 16:55:36 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи [2013.02.04 16:55:35 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки [2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол [2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол [2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\User\Главное меню\Программы\WinRAR [2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\All Users\Главное меню\Программы\WinRAR [2013.01.26 22:50:09 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ [2013.01.26 16:48:38 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ [2013.01.17 12:43:04 | 000,000,323 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk [2013.01.17 12:42:58 | 000,000,323 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk [2013.01.17 12:42:10 | 000,000,308 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk [2013.01.17 12:42:06 | 000,000,308 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk [2013.01.17 12:31:38 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\ESET) -- C:\Documents and Settings\All Users\Главное меню\Программы\ESET [2013.01.17 11:37:31 | 000,001,554 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt [2013.01.16 17:04:55 | 000,001,734 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk [2013.01.16 17:04:54 | 000,001,804 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Adobe Reader XI.lnk [2013.01.16 17:04:54 | 000,001,734 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk [2012.11.07 12:18:13 | 000,432,640 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db [2012.06.02 13:21:05 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled [2012.06.02 13:21:05 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled [2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы [2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы [2012.01.08 02:52:37 | 002,410,584 | ---- | M] (iMesh Inc. )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe [2012.01.08 02:52:37 | 002,410,584 | ---- | C] (iMesh Inc. )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe [2010.02.06 16:39:34 | 000,269,312 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db [2010.02.06 16:32:38 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF [2010.02.06 16:32:13 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF [2009.10.22 21:27:03 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка [2009.06.22 13:49:16 | 000,269,312 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db [2009.05.14 19:53:47 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini [2009.05.14 19:53:47 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini [2009.05.14 19:53:47 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini [2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню [2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню [2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны [2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны [2009.05.14 16:31:45 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf [2009.05.14 16:31:45 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf [2009.05.14 16:31:28 | 000,000,815 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk [2009.05.14 16:31:25 | 000,000,200 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini [2009.05.14 16:22:07 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini [2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini [2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini [2009.05.14 16:13:15 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка [2009.05.14 16:10:04 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки [2009.05.14 16:08:43 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки [2009.05.14 16:07:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка [2009.05.14 16:05:11 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи [2009.05.14 16:05:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи [2008.07.04 14:10:02 | 000,022,486 | R--- | M] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico [2008.06.17 22:07:45 | 000,432,640 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db [2008.04.15 09:30:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf [2008.04.15 09:30:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf [2002.01.14 06:11:09 | 000,022,486 | R--- | C] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico [2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное [2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное (C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное (C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны (C:\Documents and Settings\User\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Администрирование (C:\Documents and Settings\User\??????? ????\?????????\????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка (C:\Documents and Settings\User\??????? ????\?????????\???????????) -- C:\Documents and Settings\User\Главное меню\Программы\Стандартные (C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол (C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню (C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы (C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное (C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы (C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны (C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Office) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Office (C:\Documents and Settings\All Users\??????? ????\?????????\K-Lite Codec Pack) -- C:\Documents and Settings\All Users\Главное меню\Программы\K-Lite Codec Pack (C:\Documents and Settings\All Users\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Администрирование (C:\Documents and Settings\All Users\??????? ????\?????????\????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка (C:\Documents and Settings\All Users\??????? ????\?????????\???????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Стандартные (C:\Documents and Settings\All Users\??????? ????\?????????\???????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Утилиты (C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол (C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.02.2013 03:04:15 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy
767.48 Mb Total Physical Memory | 332.74 Mb Available Physical Memory | 43.35% Memory free
1.08 Gb Paging File | 0.73 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.84 Gb Total Space | 0.15 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.13 Gb Free Space | 1.89% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.25 Gb Free Space | 12.66% Space Free | Partition Type: FAT32
Drive I: | 960.53 Mb Total Space | 596.88 Mb Free Space | 62.14% Space Free | Partition Type: FAT
Computer Name: COMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (?????????? ??????????)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (?????????? ??????????)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
[HKEY_USERS\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Корпорация Майкрософт)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Корпорация Майкрософт)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Корпорация Майкрософт)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Корпорация Майкрософт)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Корпорация Майкрософт)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [open] -- regedit.exe "%1" (Корпорация Майкрософт)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Корпорация Майкрософт)
Directory [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Directory [openNew] -- explorer %1 (Корпорация Майкрософт)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Корпорация Майкрософт)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Корпорация Майкрософт)
Drive [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"Start" = 4
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{84DB5951-10B0-4D73-A767-C6D4B50E318B}" = ESET NOD32 Antivirus
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office - профессиональный выпуск версии 2003
"{903B0419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version 24.0.1350.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HashTab" = HashTab 1.14
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.02.2013 19:10:03 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:10 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:16 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:22 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:29 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:35 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:41 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:48 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:10:55 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
Error - 05.02.2013 19:11:03 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
[ System Events ]
Error - 04.02.2013 18:07:34 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 05.02.2013 10:24:21 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 05.02.2013 10:24:32 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 05.02.2013 11:15:28 | Computer Name = COMP | Source = Service Control Manager | ID = 7026
Description = ???? ??? ???????? ????????(??) ???????????? ??? ??????? ???????: eamon
ehdrv
Fips
krnl_akl
Processor
Error - 05.02.2013 11:18:47 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 05.02.2013 11:18:58 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 05.02.2013 17:05:34 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 05.02.2013 17:05:45 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 06.02.2013 20:13:52 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
Error - 06.02.2013 20:14:03 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
< End of report >
|
|
07.02.2013, 10:39
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?Code:
ATTFilter Drive C: | 6.84 Gb Total Space | 0.15 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.13 Gb Free Space | 1.89% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.25 Gb Free Space | 12.66% Space Free | Partition Type: FAT32
 Welchen Sinn soll das ergeben? 
__________________ |
|
07.02.2013, 11:04
| #18 |
| | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Naja, das ist auch meine Rede. Nur habe ich keine Lust und Moeglichkeit hier das System komplett neu aufzusetzen.
__________________Aber die 7 GB auf C> sind komplett ausgeschoepft, weiss nicht ob das allein durch XP und office sein kann? |
|
07.02.2013, 11:16
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Dann musst du alle Daten von den Volumes D, E, F und G mal sichern. Ein Image von C auch erstellen und auf externe Platte speichern, Image kannst du zB hiermit erstellen => Drive Snapshot - Disk Image Backup leicht gemacht Wenn alle Daten gesichert sind zB hiermit => Parted Magic - Download - Filepony über das Tool GParted die Partitionen außer deinem Laufwerk C (was /dev/sda1 entspricht) löschen, anschließend den freien Speicher Laufwerk C (also /dev/sda1) zuordnen. Damit hast du dann deine Systempartition vergrößert.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.02.2013, 11:23
| #20 |
| | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Danke, sehe das auch als Sinnvoll an. Nur habe ich kein ext. Laufwerk hier zur Verfuegung. Mein Ziel ist es auch nur das System fuers online banking sicher zu machen, was soll ich diesbezueglich als naechstes machen? |
|
07.02.2013, 11:29
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?Zitat:
Oder du installierst Linux.
__________________ --> Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? |
|
07.02.2013, 11:46
| #22 |
| | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? hmm, wie hoch ist denn das restrisiko ohne neuaufsetzen? Das waere fuer mich nur die letzte variante... |
|
07.02.2013, 11:51
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Bei Rootkits ist die Geschichte einfach zu unsicher. Zudem ist das System ja eh schlecht geplant und installiert worden wie man an der recht fragwürdigen Partitionierung sieht.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 12:08
| #24 |
| | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? ok, dann folgere ich aus deiner Aussage das dieser Rechner womoeglich weiterhin kontaminiert ist. Ein Hinweis darauf ist, das ich bei einem Bootvorgang (abgesicherter Modus) ein Auswahlmenu angezeigt bekommen habe (auf russisch). Ich habe alle varianten durchprobiert und bei einer konnte ich nicht auf den Rechner zugreifen denn es erschien ein XP administrator login das mit passwort geschuetzt ist *welches meine Freundin nicht hat. werde abchecken ob ich an eine wechselfestplatte rankomme. welche linux version wuerdest Du denn fuer einen Anfaenger (habe vor 20 Jahren mal mit UNIX gearbeitet) empfehlen? |
|
07.02.2013, 12:47
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Wenn du das auf diesem Rechner installieren willst, der schon etwas älter zu sein scheint, dann würde ich es mal mit Lubuntu oder Xubuntu probieren. Nimm nicht das "echte" Ubuntu, das verwendet einen ziemlich gewöhnungsbedürftigen Desktop (unity) und dürfte diesen alten Rechner auch ziemlich überfordern. Ansonsten hast du hier noch ne Übersicht: Alte Hardware Ubuntu Sonstige Distributionen DistroWatch.com: Put the fun back into computing. Use Linux, BSD. Ich verwende auf meinem privaten Rechner übrigens Xubuntu 12.04
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 12:59
| #26 |
| | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Gut, dann sag ich mal danke fuer die tipps. Wenn ich ne wechselfestplatte aufgetrieben habe werde ich mich mal dem thema xubuntu widmen. Kann ich fragen dazu auch auf TB posten? |
|
07.02.2013, 13:03
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? Klar, wir haben hier auch eine Linux-Ecke => http://www.trojaner-board.de/alles-r...mac-osx-linux/ Musst du mal testen und sehen ob Xubuntu das richtige für diesen alten Rechner ist. xfce ist zwar schneller als das unity Geraffel, aber benötigt auch ein Tick mehr als lxde (Lubuntu) Du musst auch nicht unbedingt Ubuntu bzw. debianartige verwenden
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? |
| computer, dateien, desktop, erkannt, format, funktioniert, gen, gmer, installation, leer, logfile, neustart, nod32, online, online banking, programm, programme, rechner, rechtsklick, root kit, rootkit, starten, trojaner, ukraine, usb, verseucht, viren, xp prof sp3 |
Linear-Darstellung
