Лог утилиты random's system information tool 1.16(автор: random/random) Run by Courtuser at 2018-10-10 09:51:43 Microsoft Windows XP Professional Service Pack 3 Системный раздел C: размер 10 GB (36%) Свободно 26 GB Total RAM: 959 MB (37% free) X86 HijackThis download failed ======Папка назначенных заданий====== C:\WINDOWS\tasks\At1.job - C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe /UA C:\WINDOWS\tasks\At2.job - C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe /UA C:\WINDOWS\tasks\At3.job - C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe /UA C:\WINDOWS\tasks\At4.job - C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe /UA ======Снимок реестра====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "StatusAlerts"=C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [2011-10-14 304696] "DrWebAgentUI"=C:\Program Files\DrWeb Enterprise Suite\drwagnui.exe [2013-05-15 2598832] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "NvRegisterMCTrayNview"=C:\WINDOWS\system32\NVMCTRAY.DLL [2010-10-16 110696] "NvRegisterMCTray"=C:\WINDOWS\system32\NVMCTRAY.DLL [2010-10-16 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "Bimoid"=C:\Program Files\Bimoid\Bimoid.exe [2012-04-09 5057328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2007-03-13 39264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DrWebEngine] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\HP LaserJet 400 M401\bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP LaserJet 400 M401\bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Сетевое устройство связи HP (HP LaserJet 400 M401)" "C:\Program Files\HP\HP LaserJet 400 M401\bin\EWSProxy.exe"="C:\Program Files\HP\HP LaserJet 400 M401\bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 400 M401 EWSProxy" "C:\Documents and Settings\Courtuser\Application Data\Garant-Client\apps\F1Shell.run"="C:\Documents and Settings\Courtuser\Application Data\Garant-Client\apps\F1Shell.run:*:Enabled:ГАРАНТ" "C:\HP_SI_8989F6D9-550C-4178-A8CB-75B82A06621F\7zS0038\Installer\hpbcsiInstaller.exe"="C:\HP_SI_8989F6D9-550C-4178-A8CB-75B82A06621F\7zS0038\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer" "C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe"="C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe:*:Enabled:Dr.Web Antivirus" "C:\Plot\task\grad\grad.exe"="C:\Plot\task\grad\grad.exe:*:Enabled:Задача обмена по TCP/IP" "C:\Plot\task\gnet\gnet.exe"="C:\Plot\task\gnet\gnet.exe:*:Enabled:Задача обмена по TCP/IP" "C:\Plot\task\wall\wall.exe"="C:\Plot\task\wall\wall.exe:*:Enabled:Контроль работы клиентских приложений с использованием TCP/IP в сети UP" "C:\HP_SI_8989F6D9-550C-4178-A8CB-75B82A06621F\7zS1BFC\Installer\hpbcsiInstaller.exe"="C:\HP_SI_8989F6D9-550C-4178-A8CB-75B82A06621F\7zS1BFC\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer" "C:\HP_SI_8989F6D9-550C-4178-A8CB-75B82A06621F\7zS5B0A\Installer\hpbcsiInstaller.exe"="C:\HP_SI_8989F6D9-550C-4178-A8CB-75B82A06621F\7zS5B0A\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] "StubPath"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "StubPath"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "StubPath"= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "VIDC.LAGS"=lagarith.dll "VIDC.X264"=x264vfw.dll "VIDC.XVID"=xvidvfw.dll "VIDC.FFDS"=ff_vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm ======Список файлов и папок, созданных за последние 3 месяца====== 2018-10-10 09:51:44 ----D---- C:\Program Files\trend micro 2018-10-10 09:51:43 ----D---- C:\rsit 2018-10-10 09:48:49 ----D---- C:\WINDOWS\LastGood 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\OpenCL.dll 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\nvgenco32.dll 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\nvdispco32.dll 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2018-10-10 09:48:45 ----A---- C:\WINDOWS\system32\nvcuda.dll 2018-10-10 09:48:44 ----A---- C:\WINDOWS\system32\nvcompiler.dll 2018-10-10 09:48:44 ----A---- C:\WINDOWS\system32\nvapi.dll 2018-10-10 09:47:52 ----D---- C:\NVIDIA 2018-10-08 11:22:23 ----A---- C:\WINDOWS\system32\drivers\nvtcp.sys 2018-10-08 11:22:22 ----A---- C:\WINDOWS\system32\nvunrm.exe 2018-10-08 11:19:39 ----A---- C:\WINDOWS\system32\drivers\nvsnpu.sys 2018-10-08 11:19:39 ----A---- C:\WINDOWS\system32\drivers\nvnrm.sys 2018-10-08 11:19:39 ----A---- C:\WINDOWS\system32\drivers\nvnetbus.sys 2018-10-08 11:19:38 ----A---- C:\WINDOWS\system32\nvconrm.dll 2018-10-08 11:19:38 ----A---- C:\WINDOWS\system32\fdco1.dll 2018-10-08 11:19:38 ----A---- C:\WINDOWS\system32\drivers\NVENETFD.sys 2018-10-08 11:19:38 ----A---- C:\WINDOWS\system32\bdco1.dll 2018-10-08 11:06:44 ----D---- C:\Program Files\NVIDIA Corporation 2018-09-28 13:45:42 ----A---- C:\WINDOWS\system32\hidserv.dll 2018-09-28 13:45:40 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys ======Список файлов и папок, измененных за последние 3 месяца====== 2018-10-10 09:51:44 ----RD---- C:\Program Files 2018-10-10 09:51:08 ----D---- C:\WINDOWS\Prefetch 2018-10-10 09:50:02 ----D---- C:\WINDOWS\system32 2018-10-10 09:49:52 ----D---- C:\WINDOWS\Help 2018-10-10 09:49:48 ----SHD---- C:\WINDOWS\Installer 2018-10-10 09:49:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2018-10-10 09:48:57 ----D---- C:\WINDOWS\Temp 2018-10-10 09:48:54 ----D---- C:\WINDOWS\system32\drivers 2018-10-10 09:48:49 ----HD---- C:\WINDOWS\inf 2018-10-10 09:48:49 ----D---- C:\WINDOWS\system32\CatRoot 2018-10-10 09:48:49 ----D---- C:\WINDOWS 2018-10-10 08:11:04 ----D---- C:\Program Files\DrWeb Enterprise Suite 2018-10-10 08:10:34 ----D---- C:\WINDOWS\system32\CatRoot2 2018-10-10 08:10:26 ----D---- C:\Program Files\Bimoid 2018-10-08 11:52:42 ----A---- C:\WINDOWS\SchedLgU.Txt 2018-10-08 11:19:28 ----A---- C:\WINDOWS\system32\fdco1ins.dll 2018-10-08 11:19:28 ----A---- C:\WINDOWS\system32\bdco1ins.dll 2018-09-26 08:04:59 ----SH---- C:\boot.ini 2018-09-26 08:04:59 ----A---- C:\WINDOWS\win.ini 2018-09-26 08:04:59 ----A---- C:\WINDOWS\system.ini File C:\WINDOWS\system32\winlogon.exe is digitally signed File C:\WINDOWS\explorer.exe is digitally signed File C:\WINDOWS\system32\svchost.exe is digitally signed File C:\WINDOWS\system32\services.exe is digitally signed File C:\WINDOWS\system32\User32.dll is digitally signed File C:\WINDOWS\system32\userinit.exe is digitally signed File C:\WINDOWS\system32\rpcss.dll is digitally signed File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed ======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)====== R0 DwProt;DrWeb Protection; C:\WINDOWS\system32\drivers\dwprot.sys [2013-08-15 246328] R0 SpiderG3;DrWeb file system scanner; C:\WINDOWS\system32\drivers\spiderg3.sys [2018-10-08 177336] R1 DrWebWfp;DrWebWfp; C:\WINDOWS\system32\drivers\dw_wfp.sys [2018-10-08 58040] R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000] R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2018-10-08 57856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2018-10-08 20480] R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] R3 usbprint;Класс принтеров Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 10C0820556;10C0820556; \??\C:\WINDOWS\TEMP\10C0820556.sys [] S3 10CE54056A;10CE54056A; \??\C:\WINDOWS\TEMP\10CE54056A.sys [] S3 10D71C4C8E;10D71C4C8E; \??\C:\WINDOWS\TEMP\10D71C4C8E.sys [] S3 139DB00710;139DB00710; \??\C:\WINDOWS\TEMP\139DB00710.sys [] S3 18396885AE;18396885AE; \??\C:\WINDOWS\TEMP\18396885AE.sys [] S3 DFBC1C55C;DFBC1C55C; \??\C:\WINDOWS\TEMP\DFBC1C55C.sys [] S3 E3B793013;E3B793013; \??\C:\WINDOWS\TEMP\E3B793013.sys [] S3 F555FEE07;F555FEE07; \??\C:\WINDOWS\TEMP\F555FEE07.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-22 9623680] S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032] ======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)====== R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\DrWeb Enterprise Suite\dwengine.exe [2018-10-08 1973808] R2 DrWebNetFilter;Dr.Web Net Filtering Service; C:\Program Files\DrWeb Enterprise Suite\DWNETFILTER.EXE [2018-10-08 2321664] R2 HP DS Service;HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824] R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2011-08-04 164352] R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\WINDOWS\system32\HPZinw12.dll R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603] R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\WINDOWS\system32\HPZipm12.dll R3 drwagntd;Dr.Web Enterprise Agent; C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe [2013-05-15 3844016] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 drwupgrade;Dr.Web Enterprise Upgrade Service; C:\Program Files\DrWeb Enterprise Suite\0\drwupgrade.exe [2015-01-19 1199728] S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------