Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? (https://www.trojaner-board.de/130622-rechner-freundin-ukraine-verseucht-rootkit-viren-noch.html)

mark24 07.02.2013 01:20
ADwCleaner erledigt. checke jetzt noch OTL.

Code:
# AdwCleaner v2.111 - Logfile created 02/07/2013 at 02:10:31
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - COMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\??????? ????\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\prefs.js

[OK] File is clean.

-\\ Chromium v24.0.1350.0

File : C:\Documents and Settings\User\Local Settings\Application Data\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1310 octets] - [07/02/2013 02:10:31]

########## EOF - C:\AdwCleaner[S1].txt - [1370 octets] ##########
OTL vom systemlaufwerk gestartet fuehrte wieder zu leeren log dateien. Daher habe ich es von USB laufen lassen.

Code:
OTL logfile created on: 07.02.2013 03:04:15 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = I:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy
 
767.48 Mb Total Physical Memory | 332.74 Mb Available Physical Memory | 43.35% Memory free
1.08 Gb Paging File | 0.73 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.84 Gb Total Space | 0.15 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.13 Gb Free Space | 1.89% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.25 Gb Free Space | 12.66% Space Free | Partition Type: FAT32
Drive I: | 960.53 Mb Total Space | 596.88 Mb Free Space | 62.14% Space Free | Partition Type: FAT
 
Computer Name: COMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - I:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\winlogon.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\smss.exe (Корпорация Майкрософт)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mail.Ru\Agent\Mra\dll\mramenu.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Корпорация Майкрософт)
SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
SRV - (Wmi) -- C:\WINDOWS\system32\advapi32.dll (Корпорация Майкрософт)
SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Корпорация Майкрософт)
SRV - (Nla) -- C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Корпорация Майкрософт)
SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Корпорация Майкрософт)
SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Корпорация Майкрософт)
SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Корпорация Майкрософт)
SRV - (stisvc) -- C:\WINDOWS\system32\wiaservc.dll (Корпорация Майкрософт)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Корпорация Майкрософт)
SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Корпорация Майкрософт)
SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Корпорация Майкрософт)
SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Корпорация Майкрософт)
SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Корпорация Майкрософт)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Корпорация Майкрософт)
SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Корпорация Майкрософт)
SRV - (AppMgmt) -- C:\WINDOWS\system32\appmgmts.dll (Корпорация Майкрософт)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Корпорация Майкрософт)
SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Корпорация Майкрософт)
SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Корпорация Майкрософт)
SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт)
SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Корпорация Майкрософт)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Корпорация Майкрософт)
SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Корпорация Майкрософт)
SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Корпорация Майкрософт)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Корпорация Майкрософт)
SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Корпорация Майкрософт)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (mnmdd) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
DRV - (ApfiltrService) -- system32\DRIVERS\Apfiltr.sys File not found
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (krnl_akl) -- C:\WINDOWS\system32\drivers\krnl_akl.sys (Global Information Technology (UK) Limited.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Корпорация Майкрософт)
DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Корпорация Майкрософт)
DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys (Корпорация Майкрософт)
DRV - (Ftdisk) -- C:\WINDOWS\system32\drivers\ftdisk.sys (Корпорация Майкрософт)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Корпорация Майкрософт)
DRV - (sr) -- C:\WINDOWS\system32\drivers\sr.sys (Корпорация Майкрософт)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Корпорация Майкрософт)
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Корпорация Майкрософт)
DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Корпорация Майкрософт)
DRV - (isapnp) -- C:\WINDOWS\system32\drivers\isapnp.sys (Корпорация Майкрософт)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Корпорация Майкрософт)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Корпорация Майкрософт)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Корпорация Майкрософт)
DRV - (PCI) -- C:\WINDOWS\system32\drivers\pci.sys (Корпорация Майкрософт)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Корпорация Майкрософт)
DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Корпорация Майкрософт)
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Корпорация Майкрософт)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvmpu401) -- C:\WINDOWS\system32\drivers\nvmpu401.sys (NVIDIA Corporation)
DRV - (EL910) -- C:\WINDOWS\system32\drivers\EL910N51.sys (3Com Corporation)
DRV - (PCIIde) -- C:\WINDOWS\system32\drivers\pciide.sys (Корпорация Майкрософт)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=135294&text={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Page =
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.ukrtelecom.ua/
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{3E0C9769-C75E-4D54-9BA8-ACE7DDE006DD6B4}: "URL" = hxxp://superru.net/?q={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{8A0349E9-5932-C082-03A2-591DDE006DBACE7}: "URL" = hxxp://superru.net/?text={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.01.17 12:32:09 | 000,000,000 | ---D | M]
 
[2013.01.03 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013.02.03 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions
[2013.02.03 15:43:27 | 000,045,184 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions\jsonovich@lackoftalent.org.xpi
 
O1 HOSTS File: ([2013.02.06 14:27:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Ссылки) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O4 - HKLM..\Run: [C:\Documents and Settings\User\Рабочий стол\test.exe.exe] C:\Documents and Settings\User\Рабочий стол\test.exe.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - Startup: C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled [2012.06.02 13:21:05 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360018479234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{189530A2-4083-4693-87DC-BC9167B1706D}: NameServer = 213.179.249.132 213.179.249.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D08FDA9D-D240-4754-922D-EB72EF7089C5}: NameServer = 192.168.1.1
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.14 16:13:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.07 03:05:24 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013.02.06 16:15:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.06 14:15:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.05 23:28:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache
[2013.02.05 23:22:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013.02.05 23:19:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013.02.05 21:28:38 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2013.02.05 17:42:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsroute.dll
[2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxssend.exe
[2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclntR.dll
[2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscfgwz.dll
[2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2013.02.05 17:42:09 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2013.02.05 17:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.02.05 02:03:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.05 01:54:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013.02.05 01:40:08 | 000,457,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013.02.05 01:38:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2013.02.05 01:32:04 | 008,480,256 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2013.02.05 01:26:39 | 000,048,128 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2013.02.05 01:26:36 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2013.02.05 01:12:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado28.tlb
[2013.02.05 01:05:23 | 002,150,912 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013.02.05 01:05:22 | 002,194,816 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013.02.05 01:05:18 | 002,029,568 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013.02.05 01:05:17 | 002,071,424 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013.02.05 00:53:39 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013.02.05 00:53:39 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013.02.05 00:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013.02.04 19:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\7-Zip
[2013.02.04 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.02.04 16:58:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.04 16:56:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.04 16:56:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.04 16:56:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.04 16:56:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.04 16:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.04 16:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.04 15:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2013.01.21 09:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\VS Revo Group
[2013.01.20 09:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013.01.17 14:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013.01.17 14:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.01.17 12:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.16 21:28:51 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.16 21:28:51 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.16 21:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.swt
[2013.01.16 16:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.07 02:43:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.07 02:17:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.07 02:13:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.06 14:27:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.02.05 23:05:12 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.05 21:34:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.05 17:42:32 | 000,436,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.05 17:42:32 | 000,068,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.05 17:42:31 | 000,443,244 | ---- | M] () -- C:\WINDOWS\System32\perfh019.dat
[2013.02.05 17:42:31 | 000,065,056 | ---- | M] () -- C:\WINDOWS\System32\perfc019.dat
[2013.02.05 17:42:27 | 000,000,570 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2013.02.05 16:57:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.04 18:20:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2013.02.04 16:58:40 | 000,000,322 | RHS- | M] () -- C:\boot.ini
[2013.02.04 15:56:53 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2013.01.21 23:28:56 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.18 22:17:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.18 22:17:46 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.05 17:42:17 | 000,000,570 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2013.02.05 17:42:12 | 000,003,556 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013.02.05 17:42:12 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h
[2013.02.05 16:26:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.05 01:54:57 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013.02.04 18:20:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2013.02.04 16:58:40 | 000,000,206 | ---- | C] () -- C:\Boot.bak
[2013.02.04 16:58:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013.02.04 16:56:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.04 16:56:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.04 16:56:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.04 16:56:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.04 16:56:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.04 15:56:53 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2013.01.18 22:17:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.20 12:04:54 | 003,207,168 | ---- | C] () -- C:\WINDOWS\System32\defrasvr.exe
[2012.01.18 17:20:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\{7C89722B-9EC8-42DC-82FA-0805F0D77017}
[2011.12.14 19:15:53 | 000,000,133 | ---- | C] () -- C:\WINDOWS\operaprefs.ini
[2010.04.09 18:16:19 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\intlname.ols
[2009.05.14 17:16:36 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.05.14 17:08:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:31:45 | 001,510,400 | ---- | M] (Корпорация Майкрософт)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:54:16 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.15 09:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013.02.07 02:48:07 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????\pc security) -- C:\Documents and Settings\User\Рабочий стол\pc security
[2013.02.07 02:48:07 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
[2013.02.07 02:48:07 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
[2013.02.07 02:47:27 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\pc security) -- C:\Documents and Settings\User\Рабочий стол\pc security
[2013.02.07 02:21:45 | 000,602,112 | ---- | C] (OldTimer Tools)(C:\Documents and Settings\User\??????? ????\OTL.exe) -- C:\Documents and Settings\User\Рабочий стол\OTL.exe
[2013.02.07 02:07:49 | 000,582,209 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\adwcleaner.exe) -- C:\Documents and Settings\User\Рабочий стол\adwcleaner.exe
[2013.02.07 02:07:30 | 000,582,209 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\adwcleaner.exe) -- C:\Documents and Settings\User\Рабочий стол\adwcleaner.exe
[2013.02.06 23:17:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO)(C:\Documents and Settings\User\??????? ????\tdsskiller.exe) -- C:\Documents and Settings\User\Рабочий стол\tdsskiller.exe
[2013.02.06 23:16:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO)(C:\Documents and Settings\User\??????? ????\tdsskiller.exe) -- C:\Documents and Settings\User\Рабочий стол\tdsskiller.exe
[2013.02.06 20:54:28 | 000,005,732 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\aswMBR.txt) -- C:\Documents and Settings\User\Рабочий стол\aswMBR.txt
[2013.02.06 20:54:28 | 000,000,512 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\MBR.dat) -- C:\Documents and Settings\User\Рабочий стол\MBR.dat
[2013.02.06 20:50:35 | 000,005,732 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\aswMBR.txt) -- C:\Documents and Settings\User\Рабочий стол\aswMBR.txt
[2013.02.06 20:50:35 | 000,000,512 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\MBR.dat) -- C:\Documents and Settings\User\Рабочий стол\MBR.dat
[2013.02.06 19:40:33 | 000,078,401 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer6feb13.txt) -- C:\Documents and Settings\User\Рабочий стол\gmer6feb13.txt
[2013.02.06 19:40:33 | 000,078,401 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer6feb13.txt) -- C:\Documents and Settings\User\Рабочий стол\gmer6feb13.txt
[2013.02.06 19:15:39 | 000,365,568 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer_2.0.18454 (1).exe) -- C:\Documents and Settings\User\Рабочий стол\gmer_2.0.18454 (1).exe
[2013.02.06 19:14:12 | 000,365,568 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer_2.0.18454 (1).exe) -- C:\Documents and Settings\User\Рабочий стол\gmer_2.0.18454 (1).exe
[2013.02.06 14:48:12 | 000,017,813 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\log.txt) -- C:\Documents and Settings\User\Рабочий стол\log.txt
[2013.02.06 14:48:12 | 000,017,813 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\log.txt) -- C:\Documents and Settings\User\Рабочий стол\log.txt
[2013.02.05 23:28:23 | 000,000,815 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk
[2013.02.05 23:28:23 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
[2013.02.05 23:28:23 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
[2013.02.05 23:28:16 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки
[2013.02.05 23:28:16 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка
[2013.02.05 23:28:15 | 000,000,200 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini
[2013.02.05 23:28:15 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
[2013.02.05 23:28:15 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
[2013.02.05 21:14:48 | 000,001,554 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt
[2013.02.05 18:02:55 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads
[2013.02.05 17:42:29 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\??????? ????\?????????\????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Игры
[2013.02.05 17:41:56 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
[2013.02.05 17:41:56 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
[2013.02.05 03:01:02 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads
[2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню
[2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню
[2013.02.04 20:07:02 | 000,080,976 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log
[2013.02.04 20:06:21 | 000,080,976 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log
[2013.02.04 18:25:04 | 000,602,112 | ---- | M] (OldTimer Tools)(C:\Documents and Settings\User\??????? ????\OTL.exe) -- C:\Documents and Settings\User\Рабочий стол\OTL.exe
[2013.02.04 16:55:36 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи
[2013.02.04 16:55:36 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи
[2013.02.04 16:55:35 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки
[2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
[2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
[2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\User\Главное меню\Программы\WinRAR
[2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\All Users\Главное меню\Программы\WinRAR
[2013.01.26 22:50:09 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ
[2013.01.26 16:48:38 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ
[2013.01.17 12:43:04 | 000,000,323 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk
[2013.01.17 12:42:58 | 000,000,323 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk
[2013.01.17 12:42:10 | 000,000,308 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk
[2013.01.17 12:42:06 | 000,000,308 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk
[2013.01.17 12:31:38 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\ESET) -- C:\Documents and Settings\All Users\Главное меню\Программы\ESET
[2013.01.17 11:37:31 | 000,001,554 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt
[2013.01.16 17:04:55 | 000,001,734 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk
[2013.01.16 17:04:54 | 000,001,804 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Adobe Reader XI.lnk
[2013.01.16 17:04:54 | 000,001,734 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk
[2012.11.07 12:18:13 | 000,432,640 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db
[2012.06.02 13:21:05 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled
[2012.06.02 13:21:05 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled
[2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
[2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
[2012.01.08 02:52:37 | 002,410,584 | ---- | M] (iMesh Inc.                                                                                                                                                                                                                                                                                                  )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe
[2012.01.08 02:52:37 | 002,410,584 | ---- | C] (iMesh Inc.                                                                                                                                                                                                                                                                                                  )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe
[2010.02.06 16:39:34 | 000,269,312 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db
[2010.02.06 16:32:38 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF
[2010.02.06 16:32:13 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF
[2009.10.22 21:27:03 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка
[2009.06.22 13:49:16 | 000,269,312 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db
[2009.05.14 19:53:47 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 19:53:47 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini
[2009.05.14 19:53:47 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini
[2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
[2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
[2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
[2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
[2009.05.14 16:31:45 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2009.05.14 16:31:45 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2009.05.14 16:31:28 | 000,000,815 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk
[2009.05.14 16:31:25 | 000,000,200 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini
[2009.05.14 16:22:07 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:15 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка
[2009.05.14 16:10:04 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки
[2009.05.14 16:08:43 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки
[2009.05.14 16:07:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка
[2009.05.14 16:05:11 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи
[2009.05.14 16:05:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи
[2008.07.04 14:10:02 | 000,022,486 | R--- | M] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico
[2008.06.17 22:07:45 | 000,432,640 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db
[2008.04.15 09:30:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf
[2008.04.15 09:30:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf
[2002.01.14 06:11:09 | 000,022,486 | R--- | C] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico
[2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
[2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
(C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
(C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
(C:\Documents and Settings\User\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Администрирование
(C:\Documents and Settings\User\??????? ????\?????????\????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка
(C:\Documents and Settings\User\??????? ????\?????????\???????????) -- C:\Documents and Settings\User\Главное меню\Программы\Стандартные
(C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
(C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
(C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
(C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
(C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
(C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
(C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Office) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Office
(C:\Documents and Settings\All Users\??????? ????\?????????\K-Lite Codec Pack) -- C:\Documents and Settings\All Users\Главное меню\Программы\K-Lite Codec Pack
(C:\Documents and Settings\All Users\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Администрирование
(C:\Documents and Settings\All Users\??????? ????\?????????\????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
(C:\Documents and Settings\All Users\??????? ????\?????????\???????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Стандартные
(C:\Documents and Settings\All Users\??????? ????\?????????\???????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Утилиты
(C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
(C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню

< End of report >
Code:
OTL Extras logfile created on: 07.02.2013 03:04:15 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = I:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy
 
767.48 Mb Total Physical Memory | 332.74 Mb Available Physical Memory | 43.35% Memory free
1.08 Gb Paging File | 0.73 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.84 Gb Total Space | 0.15 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.13 Gb Free Space | 1.89% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.25 Gb Free Space | 12.66% Space Free | Partition Type: FAT32
Drive I: | 960.53 Mb Total Space | 596.88 Mb Free Space | 62.14% Space Free | Partition Type: FAT
 
Computer Name: COMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (?????????? ??????????)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (?????????? ??????????)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
 
[HKEY_USERS\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Корпорация Майкрософт)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Корпорация Майкрософт)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Корпорация Майкрософт)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Корпорация Майкрософт)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Корпорация Майкрософт)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [open] -- regedit.exe "%1" (Корпорация Майкрософт)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Корпорация Майкрософт)
Directory [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Directory [openNew] -- explorer %1 (Корпорация Майкрософт)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Корпорация Майкрософт)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Корпорация Майкрософт)
Drive [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"Start" = 4
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{84DB5951-10B0-4D73-A767-C6D4B50E318B}" = ESET NOD32 Antivirus
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office - профессиональный выпуск версии 2003
"{903B0419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version 24.0.1350.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HashTab" = HashTab 1.14
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 19:10:03 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:10 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:16 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:22 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:29 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:35 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:41 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:48 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:10:55 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
Error - 05.02.2013 19:11:03 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description =
 
[ System Events ]
Error - 04.02.2013 18:07:34 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 10:24:21 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 10:24:32 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 11:15:28 | Computer Name = COMP | Source = Service Control Manager | ID = 7026
Description = ???? ??? ???????? ????????(??) ???????????? ??? ??????? ???????:  eamon
ehdrv
Fips
krnl_akl
Processor
 
Error - 05.02.2013 11:18:47 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 11:18:58 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 17:05:34 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 17:05:45 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 06.02.2013 20:13:52 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 06.02.2013 20:14:03 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
 
< End of report >

cosinus 07.02.2013 10:39
Code:
Drive C: | 6.84 Gb Total Space | 0.15 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.13 Gb Free Space | 1.89% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.25 Gb Free Space | 12.66% Space Free | Partition Type: FAT32
Das fällt mir ja jetzt erst auf, woz erstellt man fünf winzige Partitionen?! :balla:
Welchen Sinn soll das ergeben? :confused:

mark24 07.02.2013 11:04
Naja, das ist auch meine Rede. Nur habe ich keine Lust und Moeglichkeit hier das System komplett neu aufzusetzen.

Aber die 7 GB auf C> sind komplett ausgeschoepft, weiss nicht ob das allein durch XP und office sein kann?

cosinus 07.02.2013 11:16
Dann musst du alle Daten von den Volumes D, E, F und G mal sichern. Ein Image von C auch erstellen und auf externe Platte speichern, Image kannst du zB hiermit erstellen => Drive Snapshot - Disk Image Backup leicht gemacht

Wenn alle Daten gesichert sind zB hiermit => Parted Magic - Download - Filepony
über das Tool GParted die Partitionen außer deinem Laufwerk C (was /dev/sda1 entspricht) löschen, anschließend den freien Speicher Laufwerk C (also /dev/sda1) zuordnen. Damit hast du dann deine Systempartition vergrößert.

mark24 07.02.2013 11:23
Danke, sehe das auch als Sinnvoll an. Nur habe ich kein ext. Laufwerk hier zur Verfuegung. Mein Ziel ist es auch nur das System fuers online banking sicher zu machen, was soll ich diesbezueglich als naechstes machen?

cosinus 07.02.2013 11:29
Zitat:
Mein Ziel ist es auch nur das System fuers online banking sicher zu machen, was soll ich diesbezueglich als naechstes machen?
Wenn du sicher banken willst mit dieser Kiste, dann Windows neu aufsetzen.
Oder du installierst Linux.

mark24 07.02.2013 11:46
hmm, wie hoch ist denn das restrisiko ohne neuaufsetzen? Das waere fuer mich nur die letzte variante...

cosinus 07.02.2013 11:51
Bei Rootkits ist die Geschichte einfach zu unsicher. Zudem ist das System ja eh schlecht geplant und installiert worden wie man an der recht fragwürdigen Partitionierung sieht.

mark24 07.02.2013 12:08
ok, dann folgere ich aus deiner Aussage das dieser Rechner womoeglich weiterhin kontaminiert ist. Ein Hinweis darauf ist, das ich bei einem Bootvorgang (abgesicherter Modus) ein Auswahlmenu angezeigt bekommen habe (auf russisch). Ich habe alle varianten durchprobiert und bei einer konnte ich nicht auf den Rechner zugreifen denn es erschien ein XP administrator login das mit passwort geschuetzt ist *welches meine Freundin nicht hat.

werde abchecken ob ich an eine wechselfestplatte rankomme. welche linux version wuerdest Du denn fuer einen Anfaenger (habe vor 20 Jahren mal mit UNIX gearbeitet) empfehlen?

cosinus 07.02.2013 12:47
Wenn du das auf diesem Rechner installieren willst, der schon etwas älter zu sein scheint, dann würde ich es mal mit Lubuntu oder Xubuntu probieren.
Nimm nicht das "echte" Ubuntu, das verwendet einen ziemlich gewöhnungsbedürftigen Desktop (unity) und dürfte diesen alten Rechner auch ziemlich überfordern.

Ansonsten hast du hier noch ne Übersicht:

Alte Hardware
Ubuntu
Sonstige Distributionen
DistroWatch.com: Put the fun back into computing. Use Linux, BSD.

Ich verwende auf meinem privaten Rechner übrigens Xubuntu 12.04

mark24 07.02.2013 12:59
Gut, dann sag ich mal danke fuer die tipps. Wenn ich ne wechselfestplatte aufgetrieben habe werde ich mich mal dem thema xubuntu widmen. Kann ich fragen dazu auch auf TB posten?

cosinus 07.02.2013 13:03
Klar, wir haben hier auch eine Linux-Ecke => http://www.trojaner-board.de/alles-r...mac-osx-linux/

Musst du mal testen und sehen ob Xubuntu das richtige für diesen alten Rechner ist. xfce ist zwar schneller als das unity Geraffel, aber benötigt auch ein Tick mehr als lxde (Lubuntu)
Du musst auch nicht unbedingt Ubuntu bzw. debianartige verwenden


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:17 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131