- This topic has 7 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Здравствуйте. Я чайник со стажем. Помогите полечить ком.
Постоянно одно и тоже раньше так было в Ехspl. тепеоь в Operе. Нажимаешь команду. например открыть полностью текст или прослушать mpr3 в в языковой програме не открывает. зависает. а потом выдают. ваша программа не реагирует срочно разъеденеятесь. Жму. Провряет статус и то не всегда . B ответ ни слова. Cнова запуска, вроде начинает работать. Или вдруг, вообще всй сбросит покажет синее поле с белыми письменами . Что то там software или с hardware по немецки или при этом квакает.Я пользуюсь словарём ABBY LINGVO ТАК СЕЙЧАС НЕКОТОРЫЕ КОМАНДЫ НЕ СРАБАТЫВАЮТ.
Недавно подцепила.но с вашейпомощъю удалила эту наиязчиваю порнографическую рекламу. но после неё стало ещё хуже. Щхрана мне ничего не выдаёт Называется Synamtec Endpoint protection. Теперь постояно проситься инсталироватьс Windous Tool для удаления вредоносных software:!:На ленте отражается щит. требует подписания линцензии. Я теперь всего боюсь. Что делать ❓info.txt logfile of random’s system information tool 1.06 2009-09-16 08:33:47
======Uninstall list======
—>MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
—>C:ProgrammeGemeinsame DateienRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{DD4F051C-1A2B-4A91-B187-B093C597418C}setup.exe» -l0x7 anything
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.55 beta—>»C:Programme7-ZipUninstall.exe»
ABBYY Lingvo 12 Multilingual Edition—>MsiExec.exe /I{A1200000-0004-0000-0000-074957833700}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:ProgrammeGemeinsame DateienAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 9.1.1 — Deutsch—>MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ask Toolbar—>rundll32 C:PROGRA~1AskTBarbar1.binAskTBar.dll,O
ASUS Splendid Video Enhancement Technology—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{C0FC1C14-4824-4A73-87A6-9E888C9C3102}setup.exe» -l0x9 -removeonly
Atheros Client Installation Program—>C:ProgrammeInstallShield Installation Information{28006915-2739-4EBE-B5E8-49B25D32EB33}setup.exe -runfromtemp -l0x0007 -removeonly
ATK Hotkey—>C:ProgrammeInstallShield Installation Information{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}SETUP.EXE -runfromtemp -l0x0007 -removeonly
CDBurnerXP—>»C:ProgrammeCDBurnerXPunins000.exe»
FLV Player—>»C:WINDOWSFLV Playeruninstall.exe» «/U:C:ProgrammeFLV PlayerUninstalluninstall.xml»
High Definition Audio — KB888111—>»C:WINDOWS$NtUninstallKB888111WXP$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Programmetrend microHijackThis.exe» /uninstall
Hi-Speed USB Bridge-Network Cable—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{0EAD5B5C-534A-4486-8ECB-679E218ADEE1}Setup.exe» -l0x9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Hotfix fьr Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix fьr Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Hotfix fьr Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
HP Document Viewer 5.3—>C:ProgrammeHPDigital ImagingDocumentViewerhpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3—>C:ProgrammeHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3—>C:ProgrammeHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3—>C:ProgrammeHPDigital ImagingDigitalImagingMonitorhpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B—>»C:ProgrammeHPDigital Imaging{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}setuphpzscr01.exe» -datfile hposcr07.dat
HP Software Update—>MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3—>C:ProgrammeHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSSystem32igxpun.exe -uninstall
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.3.0 Full—>»C:ProgrammeK-Lite Codec Packunins000.exe»
L&H TTS3000 Deutsch—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSGED.inf, Uninstall
Light Alloy 2.4—>C:WINDOWSmuninst.exe «Light Alloy 2.4»
LiveUpdate 3.3 (Symantec Corporation)—>»C:ProgrammeSymantecLiveUpdateLSETUP.EXE» /U
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}Setup.exe» -l0x7 UNINSTALL
Logitech QuickCam—>MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver—>»C:ProgrammeGemeinsame DateienLogiShrdQCDRVBINSETUP.EXE» UNINSTALL REMOVEPROMPT
Malwarebytes’ Anti-Malware—>»D:_softwareprofileMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — DEU—>MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack — DEU—>MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 — DEU—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — deusetup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 — deu—>MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Data Fax Modem—>rundll32.exe sm56coin.dll,SM56UnInstaller
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MVision—>MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 9 Trial—>C:ProgrammeGemeinsame DateienNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL»
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Opera 10.00—>MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power4 Gear—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{4462AD13-F2AA-4CBD-9F95-293C38EED870}Setup.exe» -l0x9
PowerDVD—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
RealPlayer—>C:ProgrammeGemeinsame DateienRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}setup.exe» -l0x7 -removeonly
Replay Media Catcher 3.02—>»C:WINDOWSReplay Media Catcheruninstall.exe» «/U:C:ProgrammeReplay Media CatcherUninstalluninstall.xml»
Sicherheitsupdate fьr Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB944338-v2)—>»C:WINDOWS$NtUninstallKB944338-v2$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB958470)—>»C:WINDOWS$NtUninstallKB958470$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB961371-v2)—>»C:WINDOWS$NtUninstallKB961371-v2$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB971032)—>»C:WINDOWS$NtUninstallKB971032$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB972260)—>»C:WINDOWS$NtUninstallKB972260$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Sicherheitsupdate fьr Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Skype™ 3.6—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX—>RunDll32 C:PROGRA~1GEMEIN~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:ProgrammeInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x7 -removeonly
Symantec Endpoint Protection—>MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Synaptics Pointing Device Driver—>rundll32.exe «C:ProgrammeSynapticsSynTPSynISDLL.dll»,standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update fьr Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Update fьr Windows XP (KB925720)—>»C:WINDOWS$NtUninstallKB925720$spuninstspuninst.exe»
Update fьr Windows XP (KB932823-v3)—>»C:WINDOWS$NtUninstallKB932823-v3$spuninstspuninst.exe»
Update fьr Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update fьr Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
WEB.DE MultiMessenger—>C:ProgrammeWEB.DEWEB.DE MultiMessengeruninst.exe
Winamp (remove only)—>»C:ProgrammeWinampUninstWA.exe»
WinDjView-0.4.3—>»C:ProgrammeWinDjViewuninstall.exe»
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format Runtime—>»C:ProgrammeWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows XP Service Pack 2—>C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe
WinRAR Archivierer—>C:ProgrammeWinRARuninstall.exe
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»======Security center information======
AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection======System event log======
Computer Name: ASUS-GK
Event Code: 4226
Message: TCP/IP hat das Sicherheitslimit erreicht, das fur die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.Record Number: 70694
Source Name: Tcpip
Time Written: 20090912220413.000000+120
Event Type: warning
User:Computer Name: ASUS-GK
Event Code: 1002
Message: Die IP-Adresslease 192.168.2.32 fur die Netzwerkkarte mit der Netzwerkadresse 0015AF3D8ED0 wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).Record Number: 70615
Source Name: Dhcp
Time Written: 20090912214204.000000+120
Event Type: error
User:Computer Name: ASUS-GK
Event Code: 10010
Message: Der Server «{7E477741-01A6-4C06-9DAC-55F6174C08A3}» konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.Record Number: 70570
Source Name: DCOM
Time Written: 20090912214043.000000+120
Event Type: error
User: NT-AUTORITATSYSTEMComputer Name: ASUS-GK
Event Code: 1002
Message: Die IP-Adresslease 192.168.2.32 fur die Netzwerkkarte mit der Netzwerkadresse 0015AF3D8ED0 wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).Record Number: 70265
Source Name: Dhcp
Time Written: 20090911103859.000000+120
Event Type: error
User:Computer Name: ASUS-GK
Event Code: 1002
Message: Die IP-Adresslease 192.168.2.32 fur die Netzwerkkarte mit der Netzwerkadresse 0015AF3D8ED0 wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).Record Number: 70029
Source Name: Dhcp
Time Written: 20090909104038.000000+120
Event Type: error
User:=====Application event log=====
Computer Name: ASUS-GK
Event Code: 1004
Message: Erkennung von Produkt «{364EC092-93CF-4DDC-9D7A-7278452028E0}», Funktion «QuickCam» und Komponente «{B52C7B4D-F46F-438C-ADF2-05A138C57757}» fehlgeschlagen. Die Ressource «HKEY_CURRENT_USERSoftwareLogitechQuickCam10DesktopShortcutKey» ist nicht vorhanden.Record Number: 12476
Source Name: MsiInstaller
Time Written: 20090909101843.000000+120
Event Type: warning
User: ASUS-GKGKComputer Name: ASUS-GK
Event Code: 1001
Message: Erkennung von Produkt «{364EC092-93CF-4DDC-9D7A-7278452028E0}» und Funktion «QuickCam» fehlgeschlagen beim Anfordern von Komponente «{62BA7C13-20BB-41F7-A6A4-482632CE53D4}».Record Number: 12475
Source Name: MsiInstaller
Time Written: 20090909101843.000000+120
Event Type: warning
User: NT-AUTORITATNETZWERKDIENSTComputer Name: ASUS-GK
Event Code: 1004
Message: Erkennung von Produkt «{364EC092-93CF-4DDC-9D7A-7278452028E0}», Funktion «QuickCam» und Komponente «{B52C7B4D-F46F-438C-ADF2-05A138C57757}» fehlgeschlagen. Die Ressource «HKEY_CURRENT_USERSoftwareLogitechQuickCam10DesktopShortcutKey» ist nicht vorhanden.Record Number: 12474
Source Name: MsiInstaller
Time Written: 20090909101843.000000+120
Event Type: warning
User: NT-AUTORITATNETZWERKDIENSTComputer Name: ASUS-GK
Event Code: 1001
Message: Erkennung von Produkt «{364EC092-93CF-4DDC-9D7A-7278452028E0}» und Funktion «QuickCam» fehlgeschlagen beim Anfordern von Komponente «{62BA7C13-20BB-41F7-A6A4-482632CE53D4}».Record Number: 12472
Source Name: MsiInstaller
Time Written: 20090909101827.000000+120
Event Type: warning
User: NT-AUTORITATNETZWERKDIENSTComputer Name: ASUS-GK
Event Code: 1004
Message: Erkennung von Produkt «{364EC092-93CF-4DDC-9D7A-7278452028E0}», Funktion «QuickCam» und Komponente «{B52C7B4D-F46F-438C-ADF2-05A138C57757}» fehlgeschlagen. Die Ressource «HKEY_CURRENT_USERSoftwareLogitechQuickCam10DesktopShortcutKey» ist nicht vorhanden.Record Number: 12471
Source Name: MsiInstaller
Time Written: 20090909101827.000000+120
Event Type: warning
User: NT-AUTORITATNETZWERKDIENST======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 14 Stepping 12, GenuineIntel
«PROCESSOR_REVISION»=0e0c
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«FP_NO_HOST_CHECK»=NO
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by GK at 2009-09-16 08:33:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (29%) free of 20 GB
Total RAM: 1015 MB (46% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:43, on 16.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe
C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe
C:WINDOWSSystem32acs.exe
C:ProgrammeBonjourmDNSResponder.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
C:ProgrammeJavajre6binjqs.exe
C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
C:ProgrammeCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe
C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionSmcGui.exe
C:WINDOWSSystem32hkcmd.exe
C:WINDOWSSystem32igfxpers.exe
C:ProgrammeAtherosACU.exe
C:ProgrammeSynapticsSynTPSynTPEnh.exe
C:ProgrammeASUSPower4 GearBatteryLife.exe
C:ProgrammeASUSSplendidACMON.exe
C:ProgrammeATK HotkeyHcontrol.exe
C:ProgrammeABBYY Lingvo 12Lvagent.exe
C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe
C:ProgrammeLogitechQuickCamQuickcam.exe
C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe
C:ProgrammeJavajre6binjusched.exe
C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe
C:WINDOWSsystem32ACEngSvr.exe
C:WINDOWSsystem32acovcnt.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammeMessengermsmsgs.exe
C:ProgrammeATK HotkeyATKOSD.exe
C:ProgrammeHPDigital Imagingbinhpqtra08.exe
C:WINDOWSsystem32wuauclt.exe
C:ProgrammeHPDigital ImagingbinhpqSTE08.exe
C:ProgrammeHPDigital Imagingbinhpqimzone.exe
C:ProgrammeGemeinsame DateienLogishrdLQCVFXCOCIManager.exe
C:ProgrammeHPDigital ImagingProduct Assistantbinhprblog.exe
C:WINDOWSsystem32rundll32.exe
C:ProgrammeOperaopera.exe
D:удаление гадостейRSIT.exe
C:Programmetrend microGK.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pravoslavie.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:ProgrammeMail.RuAgentMradllnewmrasearch.dll (file missing)
R3 — URLSearchHook: (no name) — {9CB65206-89C4-402c-BA80-02D8C59F9B1D} — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:ProgrammeRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:ProgrammeJavajre6binssv.dll
O2 — BHO: Ask Search Assistant BHO — {9CB65201-89C4-402c-BA80-02D8C59F9B1D} — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:ProgrammeJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:ProgrammeAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:ProgrammeAskTBarbar1.binASKTBAR.DLL
O4 — HKLM..Run: [Verknupfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 — HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSSystem32igfxpers.exe
O4 — HKLM..Run: [ACU] C:ProgrammeAtherosACU.exe -nogui
O4 — HKLM..Run: [SynTPEnh] C:ProgrammeSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [Power_Gear] C:ProgrammeASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [ACMON] C:ProgrammeASUSSplendidACMON.exe
O4 — HKLM..Run: [ATKHOTKEY] «C:ProgrammeATK HotkeyHcontrol.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:ProgrammeABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [LogitechCommunicationsManager] «C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe»
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:ProgrammeLogitechQuickCamQuickcam.exe» /hide
O4 — HKLM..Run: [ccApp] «C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:ProgrammeJavajre6binjusched.exe»
O4 — HKLM..Run: [TkBellExe] «C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:ProgrammeAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [NBKeyScan] «C:ProgrammeNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «D:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:ProgrammeGemeinsame DateienNeroLibNMBgMonitor.exe»
O4 — HKCU..Run: [MSMSGS] «C:ProgrammeMessengermsmsgs.exe» /background
O4 — HKCU..Run: [WEB.DE_WEB.DE MultiMessenger] «C:ProgrammeWEB.DEWEB.DE MultiMessengerMESSENGR.EXE» /hide
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOKALER DIENST’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETZWERKDIENST’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: Nach Microsoft &Excel exportieren — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Recherchieren — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:ProgrammeMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:ProgrammeMessengermsmsgs.exe
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — C:ProgrammeLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1GEMEIN~1SkypeSKYPE4~1.DLL
O23 — Service: Atheros-Konfigurationsdienst (ACS) — Atheros — C:WINDOWSSystem32acs.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:ProgrammeBonjourmDNSResponder.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:ProgrammeGemeinsame DateienMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:ProgrammeJavajre6binjqs.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: LVCOMSer — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: LVSrvLauncher — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdSrvLnchSrvLnch.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:ProgrammeGemeinsame DateienNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:ProgrammeCDBurnerXPNMSAccessU.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Symantec Management Client (SmcService) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe
O23 — Service: Symantec Network Access Control (SNAC) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 — Service: Symantec Endpoint Protection (Symantec AntiVirus) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe—
End of file — 8946 bytes======Scheduled tasks folder======
C:WINDOWStasksWGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:ProgrammeRealRealPlayerrpbrowserrecordplugin.dll [2009-02-18 370296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:ProgrammeJavajre6binssv.dll [2009-02-18 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL [2007-12-02 57344][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:ProgrammeJavajre6binjp2ssv.dll [2009-02-18 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll [2009-02-18 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:ProgrammeAskTBarbar1.binASKTBAR.DLL [2007-12-02 245760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:ProgrammeAskTBarbar1.binASKTBAR.DLL [2007-12-02 245760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Verknupfung mit der High Definition Audio-Eigenschaftenseite»=C:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«IgfxTray»=C:WINDOWSSystem32igfxtray.exe [2006-08-14 98304]
«HotKeysCmds»=C:WINDOWSSystem32hkcmd.exe [2006-08-14 114688]
«Persistence»=C:WINDOWSSystem32igfxpers.exe [2006-08-14 94208]
«ACU»=C:ProgrammeAtherosACU.exe [2007-05-03 376921]
«SynTPEnh»=C:ProgrammeSynapticsSynTPSynTPEnh.exe [2006-05-12 774233]
«Power_Gear»=C:ProgrammeASUSPower4 GearBatteryLife.exe [2006-07-26 90112]
«ACMON»=C:ProgrammeASUSSplendidACMON.exe [2006-05-30 811008]
«ATKHOTKEY»=C:ProgrammeATK HotkeyHcontrol.exe [2007-04-19 225280]
«»= []
«Lingvo Launcher»=C:ProgrammeABBYY Lingvo 12Lvagent.exe [2006-12-13 258048]
«LogitechCommunicationsManager»=C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe [2007-07-25 563984]
«LogitechQuickCamRibbon»=C:ProgrammeLogitechQuickCamQuickcam.exe [2007-07-25 2027792]
«ccApp»=C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe [2007-11-09 115560]
«SunJavaUpdateSched»=C:ProgrammeJavajre6binjusched.exe [2009-02-18 136600]
«TkBellExe»=C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe [2009-02-18 185896]
«Adobe Reader Speed Launcher»=C:ProgrammeAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«NBKeyScan»=C:ProgrammeNeroNero8Nero BackItUpNBKeyScan.exe []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«Malwarebytes Anti-Malware (reboot)»=D:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:ProgrammeGemeinsame DateienNeroLibNMBgMonitor.exe []
«MSMSGS»=C:ProgrammeMessengermsmsgs.exe [2004-08-04 1667584]
«WEB.DE_WEB.DE MultiMessenger»=C:ProgrammeWEB.DEWEB.DE MultiMessengerMESSENGR.EXE /hide []C:Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostart
Bluetooth Manager.lnk — C:ProgrammeToshibaBluetooth Toshiba StackTosBtMng1.exe
HP Digital Imaging Monitor.lnk — C:ProgrammeHPDigital Imagingbinhpqtra08.exe
HP Image Zone Fast Start.lnk — C:ProgrammeHPDigital Imagingbinhpqthb08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2006-08-14 155648][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccEvtMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccSetMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antivirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antvirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkccEvtMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkccSetMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSmcService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSymantec Antivirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSymantec Antvirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:ProgrammeBonjourmDNSResponder.exe»=»C:ProgrammeBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:ProgrammeHPDigital Imagingbinhpqste08.exe»=»C:ProgrammeHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:ProgrammeHPDigital Imagingbinhpofxm08.exe»=»C:ProgrammeHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:ProgrammeHPDigital Imagingbinhposfx08.exe»=»C:ProgrammeHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:ProgrammeHPDigital Imagingbinhposid01.exe»=»C:ProgrammeHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:ProgrammeHPDigital Imagingbinhpqscnvw.exe»=»C:ProgrammeHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:ProgrammeHPDigital Imagingbinhpqkygrp.exe»=»C:ProgrammeHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:ProgrammeHPDigital ImagingbinhpqCopy.exe»=»C:ProgrammeHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:ProgrammeHPDigital Imagingbinhpfccopy.exe»=»C:ProgrammeHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:ProgrammeHPDigital Imagingbinhpzwiz01.exe»=»C:ProgrammeHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:ProgrammeHPDigital ImagingUnloadHpqPhUnl.exe»=»C:ProgrammeHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:ProgrammeHPDigital Imagingbinhpoews01.exe»=»C:ProgrammeHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
«C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe»=»C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service»
«C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE»=»C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service»
«C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe»=»C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe:*:Enabled:Symantec Email»
«C:ProgrammeSkypePhoneSkype.exe»=»C:ProgrammeSkypePhoneSkype.exe:*:Enabled:Skype»
«C:ProgrammeOperaopera.exe»=»C:ProgrammeOperaopera.exe:*:Disabled:Opera Internet Browser»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»======List of files/folders created in the last 1 months======
2009-09-16 08:33:09 —-D—- C:Programmetrend micro
2009-09-16 08:33:06 —-D—- C:rsit
2009-09-16 01:36:48 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-09-16 01:36:39 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-09-16 01:36:30 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-09-16 01:36:22 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-09-16 01:36:15 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-09-16 01:36:07 —-HDC—- C:WINDOWS$NtUninstallKB960859$
2009-09-16 01:36:03 —-D—- C:WINDOWSsystem32KB905474
2009-09-16 01:35:46 —-HDC—- C:WINDOWS$NtUninstallKB961371-v2$
2009-09-16 01:35:21 —-HDC—- C:WINDOWS$NtUninstallKB972260$
2009-09-16 01:35:05 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-09-16 01:34:58 —-HDC—- C:WINDOWS$NtUninstallKB971657$
2009-09-16 01:34:41 —-HDC—- C:WINDOWS$NtUninstallKB961118$
2009-09-16 01:34:32 —-HDC—- C:WINDOWS$NtUninstallKB971557$
2009-09-16 01:34:25 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-09-16 01:34:17 —-HDC—- C:WINDOWS$NtUninstallKB973346$
2009-09-16 01:28:55 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-09-16 01:28:39 —-HDC—- C:WINDOWS$NtUninstallKB956844$
2009-09-16 01:28:30 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-09-16 01:28:10 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-09-16 01:28:02 —-HDC—- C:WINDOWS$NtUninstallKB968816_WM9$
2009-09-16 01:27:53 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-09-16 01:27:25 —-HDC—- C:WINDOWS$NtUninstallKB925720$
2009-09-16 01:27:13 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-09-16 01:27:06 —-HDC—- C:WINDOWS$NtUninstallKB973869$
2009-09-16 01:26:54 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9L$
2009-09-16 01:26:44 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-09-16 01:26:33 —-HDC—- C:WINDOWS$NtUninstallKB973507$
2009-09-16 01:26:24 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-09-16 01:25:26 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-09-16 01:25:17 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-09-16 01:25:07 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-09-16 01:24:58 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-09-16 01:24:50 —-HDC—- C:WINDOWS$NtUninstallKB973354$
2009-09-16 01:24:38 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-09-16 01:24:27 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-09-16 01:24:16 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-09-16 01:24:06 —-HDC—- C:WINDOWS$NtUninstallKB971961$
2009-09-16 01:23:56 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-09-16 01:23:44 —-HDC—- C:WINDOWS$NtUninstallKB958470$
2009-09-16 01:23:33 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-09-16 01:23:21 —-HDC—- C:WINDOWS$NtUninstallKB973815$
2009-09-16 01:21:30 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-09-16 01:21:17 —-HDC—- C:WINDOWS$NtUninstallKB971032$
2009-09-16 01:21:05 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-09-16 01:20:56 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-09-16 01:20:48 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-09-16 01:20:40 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-09-16 01:20:35 —-D—- C:ProgrammeMSXML 4.0
2009-09-16 01:20:18 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2009-09-16 01:20:07 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-09-16 01:19:52 —-HDC—- C:WINDOWS$NtUninstallKB970653-v3$
2009-09-15 18:40:02 —-D—- C:WINDOWSsystem32CatRoot_bak
2009-09-15 18:25:36 —-N—- C:WINDOWSsystem32tzchange.exe
2009-09-15 17:58:33 —-D—- C:WINDOWSsystem32PreInstall
2009-09-15 17:58:30 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-09-15 17:30:25 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-09-14 17:39:08 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMalwarebytes
2009-09-14 17:38:55 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenMalwarebytes
2009-09-14 16:36:43 —-D—- C:Avenger
2009-09-14 16:36:43 —-A—- C:avenger.txt
2009-09-12 08:24:09 —-A—- C:WINDOWSIrremote.ini
2009-09-11 21:53:10 —-D—- C:ProgrammeOpera
2009-09-11 18:43:54 —-A—- C:WINDOWScdplayer.ini
2009-09-06 10:50:27 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenFileZilla
2009-08-30 08:07:52 —-A—- C:WINDOWSsystem32acovcnt.exe
2009-08-26 12:06:10 —-A—- C:WINDOWSsystem32rmc_fixasf.exe
2009-08-26 12:06:09 —-A—- C:WINDOWSsystem32rmc_rtspdl.dll
2009-08-26 12:05:33 —-A—- C:WINDOWSsystem32AUDIOGENIE2.DLL
2009-08-26 12:04:04 —-D—- C:WINDOWSReplay Media Catcher
2009-08-26 11:48:40 —-D—- C:WINDOWSLhsp
2009-08-26 11:41:36 —-D—- C:WINDOWSspeech
2009-08-26 10:48:11 —-D—- C:Programme7-Zip
2009-08-26 10:47:49 —-D—- C:ProgrammeWinDjView
2009-08-25 11:43:32 —-D—- C:WINDOWSSun
2009-08-25 09:14:14 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMail.Ru
2009-08-25 08:47:33 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMra
2009-08-25 00:12:54 —-D—- C:ProgrammeReplay Media Catcher
2009-08-25 00:11:20 —-A—- C:ProgrammeFLV PlayerRCATSetup.exe
2009-08-25 00:10:45 —-A—- C:WINDOWSReplay Converter Setup Log.txt
2009-08-25 00:07:10 —-A—- C:ProgrammeFLV PlayerRCSetup.exe
2009-08-25 00:06:43 —-D—- C:WINDOWSFLV Player
2009-08-25 00:06:43 —-D—- C:ProgrammeFLV Player
2009-08-25 00:06:23 —-A—- C:WINDOWSFLV Player Setup Log.txt
2009-08-23 21:17:03 —-HDC—- C:WINDOWS$NtUninstallKB932823-v3$
2009-08-23 21:16:51 —-HD—- C:WINDOWS$hf_mig$======List of files/folders modified in the last 1 months======
2009-09-16 08:33:09 —-RD—- C:Programme
2009-09-16 08:21:59 —-D—- C:WINDOWSsystem32
2009-09-16 08:21:59 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-16 08:19:15 —-D—- C:WINDOWS
2009-09-16 08:17:50 —-D—- C:WINDOWSPrefetch
2009-09-16 08:17:44 —-D—- C:WINDOWSTemp
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32wbem
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32Setup
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32drivers
2009-09-16 08:16:14 —-D—- C:WINDOWSAppPatch
2009-09-16 01:37:08 —-A—- C:WINDOWSSchedLgU.Txt
2009-09-16 01:36:53 —-HD—- C:WINDOWSinf
2009-09-16 01:36:50 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-09-16 01:36:46 —-D—- C:WINDOWSMicrosoft.NET
2009-09-16 01:36:44 —-A—- C:WINDOWSimsins.BAK
2009-09-16 01:36:37 —-RSD—- C:WINDOWSassembly
2009-09-16 01:36:24 —-D—- C:ProgrammeMessenger
2009-09-16 01:36:12 —-D—- C:WINDOWSsystem32CatRoot
2009-09-16 01:36:03 —-SD—- C:WINDOWSTasks
2009-09-16 01:35:31 —-D—- C:ProgrammeInternet Explorer
2009-09-16 01:35:07 —-D—- C:WINDOWSsystem32CatRoot2
2009-09-16 01:34:06 —-HD—- C:Config.Msi
2009-09-16 01:34:05 —-SHD—- C:WINDOWSInstaller
2009-09-16 01:32:17 —-D—- C:WINDOWSWinSxS
2009-09-16 01:24:52 —-D—- C:ProgrammeOutlook Express
2009-09-16 01:23:14 —-D—- C:WINDOWSRegistration
2009-09-15 18:40:02 —-D—- C:WINDOWSDebug
2009-09-15 17:31:01 —-D—- C:WINDOWSSoftwareDistribution
2009-09-15 17:31:01 —-D—- C:WINDOWSHelp
2009-09-14 14:26:12 —-D—- C:ProgrammeLight Alloy
2009-09-14 09:49:33 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenReal
2009-09-13 21:05:11 —-D—- C:Dokumente und Einstellungen
2009-09-13 14:07:42 —-D—- C:WINDOWSMinidump
2009-09-12 12:04:56 —-D—- C:ProgrammeGemeinsame DateienNero
2009-09-12 11:59:41 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenNero
2009-09-12 11:46:52 —-D—- C:ProgrammeNero
2009-09-12 11:42:26 —-HD—- C:ProgrammeInstallShield Installation Information
2009-09-12 09:27:21 —-A—- C:WINDOWSNeroDigital.ini
2009-09-12 08:57:41 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenNero
2009-09-12 07:54:23 —-D—- C:ProgrammeGemeinsame DateienMicrosoft Shared
2009-09-11 18:43:09 —-A—- C:WINDOWSwinamp.ini
2009-09-11 16:01:23 —-D—- C:WINDOWSsystem32Restore
2009-08-29 22:11:28 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenSkype
2009-08-29 16:02:56 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenskypePM
2009-08-26 11:50:18 —-D—- C:ProgrammeCDBurnerXP
2009-08-26 11:49:02 —-RSD—- C:WINDOWSFonts
2009-08-21 08:50:37 —-A—- C:WINDOWSsystem32jscript.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:ProgrammeGemeinsame DateienSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel-Prozessortreiber; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 40192]
R1 SPBBCDrv;SPBBCDrv; ??C:ProgrammeGemeinsame DateienSymantec SharedSPBBCSPBBCDrv.sys []
R1 SRTSP;SRTSP; C:WINDOWSSystem32DriversSRTSP.SYS [2007-12-01 279088]
R1 SRTSPX;SRTSPX; C:WINDOWSSystem32DriversSRTSPX.SYS [2007-12-01 43696]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2007-01-09 191544]
R1 WPS;WPS; ??C:WINDOWSsystem32driverswpsdrvnt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-06-21 142848]
R3 AR5211;Atheros Wireless Network Adapter Service; C:WINDOWSSystem32DRIVERSar5211.sys [2007-05-02 546976]
R3 CmBatt;Treiber fur Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:WINDOWSSystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:ProgrammeGemeinsame DateienSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA-Bustreiber fur High Definition Audio; C:WINDOWSSystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSSystem32DRIVERSigxpmp32.sys [2006-08-14 1109568]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:WINDOWSsystem32DRIVERSLVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Maus-HID-Treiber; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSSystem32DRIVERSATKACPI.sys [2006-12-14 7680]
R3 NAVENG;NAVENG; ??C:PROGRA~1GEMEIN~1SYMANT~1VIRUSD~120090915.004NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1GEMEIN~1SYMANT~1VIRUSD~120090915.004NAVEX15.SYS []
R3 rimsptsk;rimsptsk; C:WINDOWSSystem32DRIVERSrimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSSystem32DRIVERSRtnicxp.sys [2006-02-27 81408]
R3 smserial;smserial; C:WINDOWSSystem32DRIVERSsmserial.sys [2006-08-07 980608]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSSystem32DRIVERSSynTP.sys [2006-05-12 193056]
R3 Teefer2;Teefer2 Miniport; C:WINDOWSsystem32DRIVERSteefer2.sys [2007-08-06 49024]
R3 usbehci;Miniporttreiber fur erweiterten Microsoft USB 2.0-Hostcontroller; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber fur universellen Microsoft USB-Hostcontroller; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 WpsHelper;WpsHelper; ??C:WINDOWSsystem32driversWpsHelper.sys []
R3 WSIMD;wsimd Service; C:WINDOWSSystem32DRIVERSwsimd.sys [2007-03-28 57024]
S3 CCDECODE;Untertiteldecoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 COH_Mon;COH_Mon; ??C:WINDOWSsystem32DriversCOH_Mon.sys []
S3 HdAudAddService;Microsoft UAA-Funktionstreiber fur den High Definition Audio-Dienst; C:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-08 21744]
S3 LVcKap;Logitech AEC Driver; C:WINDOWSsystem32DRIVERSLVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:WINDOWSsystem32DRIVERSLVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2007-07-19 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2007-07-19 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2007-07-19 1278104]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-03-04 7936]
S3 rtl8139;NT-Treiber fur Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SRTSPL;SRTSPL; C:WINDOWSSystem32DriversSRTSPL.SYS [2007-12-01 317616]
S3 streamip;BDA-IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 Tosrfcom;Tosrfcom; C:WINDOWSsystem32driversTosrfcom.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext-Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 vsdatant;vsdatant; a []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros-Konfigurationsdienst; C:WINDOWSSystem32acs.exe [2007-05-03 364629]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:ProgrammeBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe [2007-11-09 108392]
R2 ccSetMgr;Symantec Settings Manager; C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe [2007-11-09 108392]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:ProgrammeJavajre6binjqs.exe [2009-02-18 152984]
R2 LVCOMSer;LVCOMSer; C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe [2007-07-20 137752]
R2 NMSAccessU;NMSAccessU; C:ProgrammeCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 SmcService;Symantec Management Client; C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe [2007-12-18 2569600]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe [2007-12-18 2189240]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
S2 LVSrvLauncher;LVSrvLauncher; C:ProgrammeGemeinsame DateienLogiShrdSrvLnchSrvLnch.exe [2007-07-20 141848]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:ProgrammeGemeinsame DateienNeroNero BackItUp 4NBService.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:ProgrammeGemeinsame DateienMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2007-08-11 3093872]
S3 ose;Office Source Engine; C:ProgrammeGemeinsame DateienMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SNAC;Symantec Network Access Control; C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE [2007-12-18 234888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Проверим ещё одной программой.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Большое спасибо. Помогло .Всё стало работать веселей. Только где-то потеряла результаты сканирования этот лог файл.Не могу найти. Как не крути. а чайник есть чайник. Не могу не найти, ни выложить файл.
ОГРОМНОЕ СПаСИБОг !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!кажеться нашёлся.
ЕLogfile of random’s system information tool 1.06 (written by random/random)
Run by GK at 2009-09-23 23:54:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (43%) free of 20 GB
Total RAM: 1015 MB (30% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:38, on 23.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe
C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32acs.exe
C:ProgrammeBonjourmDNSResponder.exe
C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
C:ProgrammeCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionSmcGui.exe
C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
C:WINDOWSSystem32hkcmd.exe
C:WINDOWSSystem32igfxpers.exe
C:ProgrammeSynapticsSynTPSynTPEnh.exe
C:ProgrammeASUSPower4 GearBatteryLife.exe
C:ProgrammeASUSSplendidACMON.exe
C:ProgrammeATK HotkeyHcontrol.exe
C:ProgrammeABBYY Lingvo 12Lvagent.exe
C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe
C:ProgrammeLogitechQuickCamQuickcam.exe
C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe
C:WINDOWSsystem32ACEngSvr.exe
C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe
C:ProgrammeATK HotkeyATKOSD.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammeHPDigital Imagingbinhpqtra08.exe
C:ProgrammeHPDigital Imagingbinhpqimzone.exe
C:ProgrammeHPDigital ImagingbinhpqSTE08.exe
C:ProgrammeGemeinsame DateienLogishrdLQCVFXCOCIManager.exe
C:ProgrammeHPDigital ImagingProduct Assistantbinhprblog.exe
C:WINDOWSexplorer.exe
C:ProgrammeABBYY Lingvo 12Lingvo.exe
C:ProgrammeOperaopera.exe
C:ProgrammeMcAfeeSiteAdvisorMcSACore.exe
C:ProgrammeMessengermsmsgs.exe
D:удаление гадостейRSIT.exe
C:Programmetrend microGK.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pravoslavie.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://de.search.yahoo.com/search?fr=mcafee&p=%s
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: (no name) — {9CB65206-89C4-402c-BA80-02D8C59F9B1D} — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:ProgrammeYahoo!CompanionInstallscpnyt.dll
O2 — BHO: &Yahoo! Toolbar Helper — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:ProgrammeYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:ProgrammeRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:ProgrammeJavajre6binssv.dll
O2 — BHO: Ask Search Assistant BHO — {9CB65201-89C4-402c-BA80-02D8C59F9B1D} — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL
O2 — BHO: McAfee SiteAdvisor BHO — {B164E929-A1B6-4A06-B104-2CD0E90A88FF} — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:ProgrammeJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: SingleInstance Class — {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} — C:ProgrammeYahoo!CompanionInstallscpnYTSingleInstance.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:ProgrammeAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:ProgrammeAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:ProgrammeYahoo!CompanionInstallscpnyt.dll
O3 — Toolbar: McAfee SiteAdvisor Toolbar — {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O4 — HKLM..Run: [Verknupfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 — HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSSystem32igfxpers.exe
O4 — HKLM..Run: [ACU] C:ProgrammeAtherosACU.exe -nogui
O4 — HKLM..Run: [SynTPEnh] C:ProgrammeSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [Power_Gear] C:ProgrammeASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [ACMON] C:ProgrammeASUSSplendidACMON.exe
O4 — HKLM..Run: [ATKHOTKEY] «C:ProgrammeATK HotkeyHcontrol.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:ProgrammeABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [LogitechCommunicationsManager] «C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe»
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:ProgrammeLogitechQuickCamQuickcam.exe» /hide
O4 — HKLM..Run: [ccApp] «C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:ProgrammeJavajre6binjusched.exe»
O4 — HKLM..Run: [TkBellExe] «C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:ProgrammeAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «D:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKLM..Run: [WinPatrol Russian v.2] C:ProgrammeBillP StudiosWinPatrolwinpatrol.exe
O4 — HKLM..Run: [WinPatrol] C:ProgrammeBillP StudiosWinPatrolWinPatrol.exe
O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] D:_softwareprofileMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
O4 — HKCU..Run: [MSMSGS] «C:ProgrammeMessengermsmsgs.exe» /background
O4 — HKCU..RunOnce: [SAPostInstallPage] iexplore.exe http://www.siteadvisor.com/download/postinstall.html?premium=false&client_ver=2.9.258&client_type=IEPlugin&suite=true&aff_id=0&locale=de-de&os_ver=5.1.2.0&pip=true&installchoice=2
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: Nach Microsoft &Excel exportieren — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Recherchieren — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:ProgrammeMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:ProgrammeMessengermsmsgs.exe
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — C:ProgrammeLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: sacore — {5513F07E-936B-4E52-9B00-067394E91CC5} — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1GEMEIN~1SkypeSKYPE4~1.DLL
O23 — Service: McAfee Application Installer Cleanup (0181031253738702) (0181031253738702mcinstcleanup) — McAfee, Inc. — C:DOKUME~1GKLOKALE~1Temp18103~1.EXE
O23 — Service: Atheros-Konfigurationsdienst (ACS) — Atheros — C:WINDOWSSystem32acs.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:ProgrammeBonjourmDNSResponder.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:ProgrammeGemeinsame DateienMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:ProgrammeJavajre6binjqs.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: LVCOMSer — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: LVSrvLauncher — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdSrvLnchSrvLnch.exe
O23 — Service: McAfee SiteAdvisor Service — Unknown owner — C:ProgrammeMcAfeeSiteAdvisorMcSACore.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:ProgrammeGemeinsame DateienNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:ProgrammeCDBurnerXPNMSAccessU.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Symantec Management Client (SmcService) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe
O23 — Service: Symantec Network Access Control (SNAC) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 — Service: Symantec Endpoint Protection (Symantec AntiVirus) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe—
End of file — 10161 bytes======Scheduled tasks folder======
C:WINDOWStasksUser_Feed_Synchronization-{6BE504F5-B71C-4123-9784-F14D1BD27B5C}.job
C:WINDOWStasksWGASetup.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper — C:ProgrammeYahoo!CompanionInstallscpnyt.dll [2008-07-28 882416][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:ProgrammeRealRealPlayerrpbrowserrecordplugin.dll [2009-02-18 370296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:ProgrammeJavajre6binssv.dll [2009-02-18 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL [2007-12-02 57344][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:ProgrammeJavajre6binjp2ssv.dll [2009-02-18 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll [2009-02-18 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class — C:ProgrammeYahoo!CompanionInstallscpnYTSingleInstance.dll [2008-07-28 160496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:ProgrammeAskTBarbar1.binASKTBAR.DLL [2007-12-02 245760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:ProgrammeAskTBarbar1.binASKTBAR.DLL [2007-12-02 245760]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:ProgrammeYahoo!CompanionInstallscpnyt.dll [2008-07-28 882416]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} — McAfee SiteAdvisor Toolbar — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Verknupfung mit der High Definition Audio-Eigenschaftenseite»=C:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«IgfxTray»=C:WINDOWSSystem32igfxtray.exe [2006-08-14 98304]
«HotKeysCmds»=C:WINDOWSSystem32hkcmd.exe [2006-08-14 114688]
«Persistence»=C:WINDOWSSystem32igfxpers.exe [2006-08-14 94208]
«ACU»=C:ProgrammeAtherosACU.exe [2007-05-03 376921]
«SynTPEnh»=C:ProgrammeSynapticsSynTPSynTPEnh.exe [2006-05-12 774233]
«Power_Gear»=C:ProgrammeASUSPower4 GearBatteryLife.exe [2006-07-26 90112]
«ACMON»=C:ProgrammeASUSSplendidACMON.exe [2006-05-30 811008]
«ATKHOTKEY»=C:ProgrammeATK HotkeyHcontrol.exe [2007-04-19 225280]
«Lingvo Launcher»=C:ProgrammeABBYY Lingvo 12Lvagent.exe [2006-12-13 258048]
«LogitechCommunicationsManager»=C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe [2007-07-25 563984]
«LogitechQuickCamRibbon»=C:ProgrammeLogitechQuickCamQuickcam.exe [2007-07-25 2027792]
«ccApp»=C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe [2007-11-09 115560]
«SunJavaUpdateSched»=C:ProgrammeJavajre6binjusched.exe [2009-02-18 136600]
«TkBellExe»=C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe [2009-02-18 185896]
«Adobe Reader Speed Launcher»=C:ProgrammeAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«Malwarebytes Anti-Malware (reboot)»=D:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]
«WinPatrol Russian v.2″=C:ProgrammeBillP StudiosWinPatrolwinpatrol.exe [2007-08-06 292152]
«WinPatrol»=C:ProgrammeBillP StudiosWinPatrolWinPatrol.exe [2007-08-06 292152][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Malwarebytes’ Anti-Malware»=D:_softwareprofileMalwarebytes’ Anti-Malwarembamgui.exe [2009-09-10 420176][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:ProgrammeMessengermsmsgs.exe [2004-08-04 1667584][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«SAPostInstallPage»=iexplore.exe http://www.siteadvisor.com/download/postinstall.html?premium=false&client_ver=2.9.258&client_type=IEPlugin&suite=true&aff_id=0&locale=de-de&os_ver=5.1.2.0&pip=true&installchoice=2 []C:Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostart
Bluetooth Manager.lnk — C:ProgrammeToshibaBluetooth Toshiba StackTosBtMng1.exe
HP Digital Imaging Monitor.lnk — C:ProgrammeHPDigital Imagingbinhpqtra08.exe
HP Image Zone Fast Start.lnk — C:ProgrammeHPDigital Imagingbinhpqthb08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2006-08-14 155648][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccEvtMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccSetMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antivirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkccEvtMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkccSetMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSmcService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSymantec Antivirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:ProgrammeBonjourmDNSResponder.exe»=»C:ProgrammeBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:ProgrammeHPDigital Imagingbinhpqste08.exe»=»C:ProgrammeHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:ProgrammeHPDigital Imagingbinhpofxm08.exe»=»C:ProgrammeHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:ProgrammeHPDigital Imagingbinhposfx08.exe»=»C:ProgrammeHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:ProgrammeHPDigital Imagingbinhposid01.exe»=»C:ProgrammeHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:ProgrammeHPDigital Imagingbinhpqscnvw.exe»=»C:ProgrammeHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:ProgrammeHPDigital Imagingbinhpqkygrp.exe»=»C:ProgrammeHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:ProgrammeHPDigital ImagingbinhpqCopy.exe»=»C:ProgrammeHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:ProgrammeHPDigital Imagingbinhpfccopy.exe»=»C:ProgrammeHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:ProgrammeHPDigital Imagingbinhpzwiz01.exe»=»C:ProgrammeHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:ProgrammeHPDigital ImagingUnloadHpqPhUnl.exe»=»C:ProgrammeHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:ProgrammeHPDigital Imagingbinhpoews01.exe»=»C:ProgrammeHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
«C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe»=»C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service»
«C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE»=»C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service»
«C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe»=»C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe:*:Enabled:Symantec Email»
«C:ProgrammeSkypePhoneSkype.exe»=»C:ProgrammeSkypePhoneSkype.exe:*:Enabled:Skype»
«C:ProgrammeOperaopera.exe»=»C:ProgrammeOperaopera.exe:*:Disabled:Opera Internet Browser»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»======List of files/folders created in the last 1 months======
2009-09-23 23:34:19 —-D—- C:WINDOWSReplay Converter 3
2009-09-23 23:34:19 —-D—- C:ProgrammeReplay Converter 3
2009-09-23 23:28:36 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenWinPatrol
2009-09-23 23:28:23 —-D—- C:ProgrammeBillP Studios
2009-09-23 22:46:14 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenSiteAdvisor
2009-09-23 22:45:02 —-D—- C:ProgrammeGemeinsame DateienMcAfee
2009-09-23 22:44:17 —-D—- C:WINDOWSLastGood
2009-09-23 22:44:15 —-D—- C:ProgrammeMcAfee
2009-09-23 22:44:14 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenMcAfee
2009-09-23 22:44:05 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenYahoo!
2009-09-23 22:44:05 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenYahoo! Companion
2009-09-23 22:44:02 —-D—- C:ProgrammeYahoo!
2009-09-23 21:58:45 —-D—- C:ProgrammeMicrosoft Baseline Security Analyzer 2
2009-09-23 16:45:01 —-SHD—- C:RECYCLER
2009-09-23 15:43:30 —-A—- C:Boot.bak
2009-09-23 15:43:19 —-RASHD—- C:cmdcons
2009-09-23 15:42:09 —-A—- C:WINDOWSzip.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSSWXCACLS.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSSWSC.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSSWREG.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSsed.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSPEV.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSNIRCMD.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSgrep.exe
2009-09-23 15:40:37 —-D—- C:WINDOWSERDNT
2009-09-23 15:39:47 —-D—- C:Qoobox
2009-09-22 09:26:44 —-A—- C:WINDOWSsystem32acovcnt.exe
2009-09-19 23:02:57 —-D—- C:WINDOWSie8updates
2009-09-19 23:01:07 —-D—- C:WINDOWSWBEM
2009-09-19 22:58:27 —-HDC—- C:WINDOWSie8
2009-09-19 22:54:37 —-A—- C:WINDOWSsystem32MRT.exe
2009-09-16 08:33:09 —-D—- C:Programmetrend micro
2009-09-16 08:33:06 —-D—- C:rsit
2009-09-16 01:36:48 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-09-16 01:36:39 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-09-16 01:36:30 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-09-16 01:36:22 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-09-16 01:36:15 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-09-16 01:36:07 —-HDC—- C:WINDOWS$NtUninstallKB960859$
2009-09-16 01:36:03 —-D—- C:WINDOWSsystem32KB905474
2009-09-16 01:35:46 —-HDC—- C:WINDOWS$NtUninstallKB961371-v2$
2009-09-16 01:35:21 —-HDC—- C:WINDOWS$NtUninstallKB972260$
2009-09-16 01:35:05 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-09-16 01:34:58 —-HDC—- C:WINDOWS$NtUninstallKB971657$
2009-09-16 01:34:41 —-HDC—- C:WINDOWS$NtUninstallKB961118$
2009-09-16 01:34:32 —-HDC—- C:WINDOWS$NtUninstallKB971557$
2009-09-16 01:34:25 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-09-16 01:34:17 —-HDC—- C:WINDOWS$NtUninstallKB973346$
2009-09-16 01:28:55 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-09-16 01:28:39 —-HDC—- C:WINDOWS$NtUninstallKB956844$
2009-09-16 01:28:30 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-09-16 01:28:10 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-09-16 01:28:02 —-HDC—- C:WINDOWS$NtUninstallKB968816_WM9$
2009-09-16 01:27:53 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-09-16 01:27:25 —-HDC—- C:WINDOWS$NtUninstallKB925720$
2009-09-16 01:27:13 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-09-16 01:27:06 —-HDC—- C:WINDOWS$NtUninstallKB973869$
2009-09-16 01:26:54 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9L$
2009-09-16 01:26:44 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-09-16 01:26:33 —-HDC—- C:WINDOWS$NtUninstallKB973507$
2009-09-16 01:26:24 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-09-16 01:25:26 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-09-16 01:25:17 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-09-16 01:25:07 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-09-16 01:24:58 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-09-16 01:24:50 —-HDC—- C:WINDOWS$NtUninstallKB973354$
2009-09-16 01:24:38 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-09-16 01:24:27 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-09-16 01:24:16 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-09-16 01:24:06 —-HDC—- C:WINDOWS$NtUninstallKB971961$
2009-09-16 01:23:56 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-09-16 01:23:44 —-HDC—- C:WINDOWS$NtUninstallKB958470$
2009-09-16 01:23:33 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-09-16 01:23:21 —-HDC—- C:WINDOWS$NtUninstallKB973815$
2009-09-16 01:21:30 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-09-16 01:21:17 —-HDC—- C:WINDOWS$NtUninstallKB971032$
2009-09-16 01:21:05 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-09-16 01:20:56 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-09-16 01:20:48 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-09-16 01:20:40 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-09-16 01:20:35 —-D—- C:ProgrammeMSXML 4.0
2009-09-16 01:20:18 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2009-09-16 01:20:07 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-09-16 01:19:52 —-HDC—- C:WINDOWS$NtUninstallKB970653-v3$
2009-09-15 18:40:02 —-D—- C:WINDOWSsystem32CatRoot_bak
2009-09-15 18:25:36 —-N—- C:WINDOWSsystem32tzchange.exe
2009-09-15 17:58:33 —-D—- C:WINDOWSsystem32PreInstall
2009-09-15 17:58:30 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-09-15 17:30:25 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-09-14 17:39:08 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMalwarebytes
2009-09-14 17:38:55 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenMalwarebytes
2009-09-14 16:36:43 —-D—- C:Avenger
2009-09-14 16:36:43 —-A—- C:avenger.txt
2009-09-12 08:24:09 —-A—- C:WINDOWSIrremote.ini
2009-09-11 21:53:10 —-D—- C:ProgrammeOpera
2009-09-11 18:43:54 —-A—- C:WINDOWScdplayer.ini
2009-09-06 10:50:27 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenFileZilla
2009-08-26 12:06:10 —-A—- C:WINDOWSsystem32rmc_fixasf.exe
2009-08-26 12:06:09 —-A—- C:WINDOWSsystem32rmc_rtspdl.dll
2009-08-26 12:05:33 —-A—- C:WINDOWSsystem32AUDIOGENIE2.DLL
2009-08-26 12:04:04 —-D—- C:WINDOWSReplay Media Catcher
2009-08-26 11:48:40 —-D—- C:WINDOWSLhsp
2009-08-26 11:41:36 —-D—- C:WINDOWSspeech
2009-08-26 10:48:11 —-D—- C:Programme7-Zip
2009-08-26 10:47:49 —-D—- C:ProgrammeWinDjView
2009-08-25 11:43:32 —-D—- C:WINDOWSSun
2009-08-25 09:14:14 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMail.Ru
2009-08-25 08:47:33 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMra
2009-08-25 00:12:54 —-D—- C:ProgrammeReplay Media Catcher
2009-08-25 00:11:20 —-A—- C:ProgrammeFLV PlayerRCATSetup.exe
2009-08-25 00:10:45 —-A—- C:WINDOWSReplay Converter Setup Log.txt
2009-08-25 00:07:10 —-A—- C:ProgrammeFLV PlayerRCSetup.exe
2009-08-25 00:06:43 —-D—- C:WINDOWSFLV Player
2009-08-25 00:06:43 —-D—- C:ProgrammeFLV Player
2009-08-25 00:06:23 —-A—- C:WINDOWSFLV Player Setup Log.txt======List of files/folders modified in the last 1 months======
2009-09-23 23:51:07 —-D—- C:WINDOWSTemp
2009-09-23 23:50:17 —-HD—- C:WINDOWSinf
2009-09-23 23:45:31 —-D—- C:WINDOWSSoftwareDistribution
2009-09-23 23:34:31 —-D—- C:WINDOWSsystem32
2009-09-23 23:34:19 —-RD—- C:Programme
2009-09-23 23:34:19 —-D—- C:WINDOWS
2009-09-23 22:58:11 —-D—- C:WINDOWSPrefetch
2009-09-23 22:45:02 —-D—- C:ProgrammeGemeinsame Dateien
2009-09-23 22:13:36 —-D—- C:WINDOWSsystem32drivers
2009-09-23 21:58:53 —-SHD—- C:WINDOWSInstaller
2009-09-23 21:58:53 —-D—- C:Config.Msi
2009-09-23 16:45:58 —-D—- C:Dokumente und Einstellungen
2009-09-23 16:08:18 —-SD—- C:WINDOWSTasks
2009-09-23 15:53:39 —-A—- C:WINDOWSsystem.ini
2009-09-23 15:50:08 —-D—- C:WINDOWSAppPatch
2009-09-23 15:44:54 —-D—- C:WINDOWSsystem32CatRoot2
2009-09-23 15:43:30 —-RASH—- C:boot.ini
2009-09-23 15:42:30 —-A—- C:WINDOWSSchedLgU.Txt
2009-09-23 14:25:22 —-D—- C:WINDOWSsystem32CatRoot
2009-09-20 15:03:22 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-09-20 15:03:19 —-HD—- C:WINDOWS$hf_mig$
2009-09-19 23:08:47 —-D—- C:WINDOWSHelp
2009-09-19 23:08:47 —-D—- C:ProgrammeInternet Explorer
2009-09-19 23:04:34 —-A—- C:WINDOWSimsins.BAK
2009-09-19 23:01:12 —-D—- C:WINDOWSsystem32config
2009-09-19 23:01:07 —-D—- C:WINDOWSsystem32de-DE
2009-09-19 23:00:28 —-D—- C:WINDOWSMedia
2009-09-19 22:54:43 —-D—- C:WINDOWSDebug
2009-09-16 13:48:40 —-D—- C:WINDOWSMicrosoft.NET
2009-09-16 13:48:15 —-RSD—- C:WINDOWSassembly
2009-09-16 08:21:59 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32wbem
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32Setup
2009-09-16 01:36:24 —-D—- C:ProgrammeMessenger
2009-09-16 01:32:17 —-D—- C:WINDOWSWinSxS
2009-09-16 01:24:52 —-D—- C:ProgrammeOutlook Express
2009-09-16 01:23:46 —-D—- C:WINDOWSServicePackFiles
2009-09-16 01:23:14 —-D—- C:WINDOWSRegistration
2009-09-14 14:26:12 —-D—- C:ProgrammeLight Alloy
2009-09-14 09:49:33 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenReal
2009-09-13 14:07:42 —-D—- C:WINDOWSMinidump
2009-09-12 12:04:56 —-D—- C:ProgrammeGemeinsame DateienNero
2009-09-12 11:59:41 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenNero
2009-09-12 11:46:52 —-D—- C:ProgrammeNero
2009-09-12 11:42:26 —-HD—- C:ProgrammeInstallShield Installation Information
2009-09-12 09:27:21 —-A—- C:WINDOWSNeroDigital.ini
2009-09-12 08:57:41 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenNero
2009-09-12 07:54:23 —-D—- C:ProgrammeGemeinsame DateienMicrosoft Shared
2009-09-11 18:43:09 —-A—- C:WINDOWSwinamp.ini
2009-09-11 16:01:23 —-D—- C:WINDOWSsystem32Restore
2009-08-29 22:11:28 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenSkype
2009-08-29 16:02:56 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenskypePM
2009-08-26 11:50:18 —-D—- C:ProgrammeCDBurnerXP
2009-08-26 11:49:02 —-RSD—- C:WINDOWSFonts======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:ProgrammeGemeinsame DateienSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel-Prozessortreiber; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 40192]
R1 SPBBCDrv;SPBBCDrv; ??C:ProgrammeGemeinsame DateienSymantec SharedSPBBCSPBBCDrv.sys []
R1 SRTSP;SRTSP; C:WINDOWSSystem32DriversSRTSP.SYS [2007-12-01 279088]
R1 SRTSPX;SRTSPX; C:WINDOWSSystem32DriversSRTSPX.SYS [2007-12-01 43696]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2007-01-09 191544]
R1 WPS;WPS; ??C:WINDOWSsystem32driverswpsdrvnt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-06-21 142848]
R3 AR5211;Atheros Wireless Network Adapter Service; C:WINDOWSSystem32DRIVERSar5211.sys [2007-05-02 546976]
R3 CmBatt;Treiber fur Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:WINDOWSSystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:ProgrammeGemeinsame DateienSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA-Bustreiber fur High Definition Audio; C:WINDOWSSystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSSystem32DRIVERSigxpmp32.sys [2006-08-14 1109568]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:WINDOWSsystem32DRIVERSLVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Maus-HID-Treiber; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSSystem32DRIVERSATKACPI.sys [2006-12-14 7680]
R3 NAVENG;NAVENG; ??C:PROGRA~1GEMEIN~1SYMANT~1VIRUSD~120090923.002NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1GEMEIN~1SYMANT~1VIRUSD~120090923.002NAVEX15.SYS []
R3 rimsptsk;rimsptsk; C:WINDOWSSystem32DRIVERSrimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSSystem32DRIVERSRtnicxp.sys [2006-02-27 81408]
R3 smserial;smserial; C:WINDOWSSystem32DRIVERSsmserial.sys [2006-08-07 980608]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSSystem32DRIVERSSynTP.sys [2006-05-12 193056]
R3 Teefer2;Teefer2 Miniport; C:WINDOWSsystem32DRIVERSteefer2.sys [2007-08-06 49024]
R3 usbehci;Miniporttreiber fur erweiterten Microsoft USB 2.0-Hostcontroller; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber fur universellen Microsoft USB-Hostcontroller; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 WpsHelper;WpsHelper; ??C:WINDOWSsystem32driversWpsHelper.sys []
R3 WSIMD;wsimd Service; C:WINDOWSSystem32DRIVERSwsimd.sys [2007-03-28 57024]
S3 catchme;catchme; ??C:DOKUME~1GKLOKALE~1Tempcatchme.sys []
S3 CCDECODE;Untertiteldecoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 COH_Mon;COH_Mon; ??C:WINDOWSsystem32DriversCOH_Mon.sys []
S3 HdAudAddService;Microsoft UAA-Funktionstreiber fur den High Definition Audio-Dienst; C:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-08 21744]
S3 LVcKap;Logitech AEC Driver; C:WINDOWSsystem32DRIVERSLVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:WINDOWSsystem32DRIVERSLVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2007-07-19 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2007-07-19 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2007-07-19 1278104]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-03-04 7936]
S3 rtl8139;NT-Treiber fur Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SRTSPL;SRTSPL; C:WINDOWSSystem32DriversSRTSPL.SYS [2007-12-01 317616]
S3 streamip;BDA-IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 Tosrfcom;Tosrfcom; C:WINDOWSsystem32driversTosrfcom.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext-Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 vsdatant;vsdatant; a []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros-Konfigurationsdienst; C:WINDOWSSystem32acs.exe [2007-05-03 364629]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:ProgrammeBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe [2007-11-09 108392]
R2 ccSetMgr;Symantec Settings Manager; C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe [2007-11-09 108392]
R2 LVCOMSer;LVCOMSer; C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe [2007-07-20 186904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:ProgrammeMcAfeeSiteAdvisorMcSACore.exe [2009-02-11 210216]
R2 NMSAccessU;NMSAccessU; C:ProgrammeCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 SmcService;Symantec Management Client; C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe [2007-12-18 2569600]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe [2007-12-18 2189240]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
S2 0181031253738702mcinstcleanup;McAfee Application Installer Cleanup (0181031253738702); C:DOKUME~1GKLOKALE~1Temp18103~1.EXE [2009-01-07 315264]
S2 JavaQuickStarterService;Java Quick Starter; C:ProgrammeJavajre6binjqs.exe [2009-02-18 152984]
S2 LVPrcSrv;Process Monitor; C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe [2007-07-20 137752]
S2 LVSrvLauncher;LVSrvLauncher; C:ProgrammeGemeinsame DateienLogiShrdSrvLnchSrvLnch.exe [2007-07-20 141848]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:ProgrammeGemeinsame DateienNeroNero BackItUp 4NBService.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:ProgrammeGemeinsame DateienMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2007-08-11 3093872]
S3 ose;Office Source Engine; C:ProgrammeGemeinsame DateienMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SNAC;Symantec Network Access Control; C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE [2007-12-18 234888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
сли будет возможность прокоментируйте пожалуйстаС УВАЖЕНИЕМ IRINDU
Попробуйте ещё раз запустить программу Combofix. В конце своей работы она откроет блокнот с логом. Выделите весь текст и скопируйте в ваше следующее сообщение.
@Valeri wrote:
Попробуйте ещё раз запустить программу Combofix. В конце своей работы она откроет блокнот с логом. Выделите весь текст и скопируйте в ваше следующее сообщение.
Сделала как вы написали. Посмотрите, пожалуйста, результат. Пожалуйста, прокоментируйте.Не знаю в чём ,,причина .но программы очень долго загружаются и виснут.
ComboFix 09-09-28.01 — GK 29.09.2009 22:25.2.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1031.18.1015.503 [GMT 2:00]
Running from: c:dokumente und einstellungenGKDesktopComboFix.exe
Command switches used :: c:dokumente und einstellungenGKDesktopWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.2009-09-29 10:03 . 2009-09-29 19:47 45056 —-a-w- c:windowssystem32acovcnt.exe
2009-09-23 21:47 . 2009-09-23 21:47
d
w- c:dokumente und einstellungenGKSecurityScans
2009-09-23 21:34 . 2009-09-23 21:34
d
w- c:programmeReplay Converter 3
2009-09-23 21:34 . 2009-09-23 21:34
d
w- c:windowsReplay Converter 3
2009-09-23 21:28 . 2009-09-23 21:28
d
w- c:dokumente und einstellungenGKAnwendungsdatenWinPatrol
2009-09-23 21:28 . 2009-09-23 21:28
d
w- c:programmeBillP Studios
2009-09-23 20:46 . 2009-09-28 19:35
d
w- c:dokumente und einstellungenLocalServiceAnwendungsdatenSACore
2009-09-23 20:46 . 2009-09-23 20:46
d
w- c:windowssystem32configsystemprofileAnwendungsdatenSACore
2009-09-23 20:46 . 2009-09-23 20:46
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenSiteAdvisor
2009-09-23 20:45 . 2009-09-23 20:45
d
w- c:programmeGemeinsame DateienMcAfee
2009-09-23 20:44 . 2009-09-24 05:38
d
w- c:programmeMcAfee
2009-09-23 20:44 . 2009-09-23 20:45
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenMcAfee
2009-09-23 20:44 . 2009-09-23 20:54
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenYahoo! Companion
2009-09-23 20:44 . 2009-09-23 20:44
d
w- c:dokumente und einstellungenGKAnwendungsdatenYahoo!
2009-09-23 20:44 . 2009-09-23 20:44
d
w- c:programmeYahoo!
2009-09-23 19:58 . 2009-09-23 19:58
d
w- c:programmeMicrosoft Baseline Security Analyzer 2
2009-09-21 08:56 . 2009-09-21 08:56
d-sh—w- c:dokumente und einstellungenGKPrivacIE
2009-09-21 08:49 . 2009-09-21 08:49
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2009-09-19 21:09 . 2009-09-19 21:09
d-sh—w- c:dokumente und einstellungenGKIETldCache
2009-09-19 21:03 . 2009-08-07 08:48 100352 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-09-19 21:02 . 2009-09-19 21:04
d
w- c:windowsie8updates
2009-09-19 21:02 . 2009-07-03 16:55 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-09-19 21:02 . 2009-07-03 16:55 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-09-19 21:02 . 2009-07-03 16:55 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-09-19 21:02 . 2009-07-03 16:55 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-09-19 21:02 . 2009-07-03 16:55 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-09-19 21:02 . 2009-07-19 16:41 11067392 -c—-w- c:windowssystem32dllcacheieframe.dll
2009-09-19 20:58 . 2009-09-19 21:01
dc-h—w- c:windowsie8
2009-09-16 06:33 . 2009-09-23 21:54
d
w- c:programmetrend micro
2009-09-16 06:33 . 2009-09-16 06:33
d
w- C:rsit
2009-09-15 23:20 . 2009-09-15 23:20
d
w- c:programmeMSXML 4.0
2009-09-15 16:40 . 2009-09-23 12:25
d
w- c:windowssystem32CatRoot_bak
2009-09-15 16:35 . 2008-06-14 17:57 273024 -c—-w- c:windowssystem32dllcachebthport.sys
2009-09-15 16:33 . 2009-06-21 22:05 153088 -c—-w- c:windowssystem32dllcachetriedit.dll
2009-09-15 16:31 . 2008-05-01 14:30 331776 -c—-w- c:windowssystem32dllcachemsadce.dll
2009-09-15 16:31 . 2008-04-11 18:50 683520 -c—-w- c:windowssystem32dllcacheinetcomm.dll
2009-09-15 16:30 . 2008-09-04 16:43 1106944 -c—-w- c:windowssystem32dllcachemsxml3.dll
2009-09-15 16:30 . 2008-12-11 11:57 333184 -c—-w- c:windowssystem32dllcachesrv.sys
2009-09-15 16:30 . 2008-10-15 16:57 332800 -c—-w- c:windowssystem32dllcachenetapi32.dll
2009-09-15 16:29 . 2008-10-24 11:10 453632 -c—-w- c:windowssystem32dllcachemrxsmb.sys
2009-09-15 16:28 . 2009-07-10 13:39 1315328 -c—-w- c:windowssystem32dllcachemsoe.dll
2009-09-15 16:28 . 2008-10-03 10:15 247326 -c—-w- c:windowssystem32dllcachestrmdll.dll
2009-09-15 16:27 . 2009-06-05 07:42 655872 -c—-w- c:windowssystem32dllcachemstscax.dll
2009-09-15 16:25 . 2008-04-21 21:25 217600 -c—-w- c:windowssystem32dllcachewordpad.exe
2009-09-14 15:39 . 2009-09-14 15:39
d
w- c:dokumente und einstellungenGKAnwendungsdatenMalwarebytes
2009-09-14 15:38 . 2009-09-10 12:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-14 15:38 . 2009-09-14 15:38
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenMalwarebytes
2009-09-14 15:38 . 2009-09-10 12:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-12 06:44 . 2009-09-12 06:44
d
w- c:dokumente und einstellungenGKLokale EinstellungenAnwendungsdatenNero
2009-09-11 19:53 . 2009-09-11 19:53
d
w- c:programmeOpera
2009-09-06 08:50 . 2009-09-23 14:51
d
w- c:dokumente und einstellungenGKAnwendungsdatenFileZilla.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 19:31 . 2007-12-10 18:14
d
w- c:programmeLogitech
2009-09-23 21:03 . 2009-02-18 15:42
d
w- c:dokumente und einstellungenGKAnwendungsdatenMSN6
2009-09-16 06:21 . 2003-04-02 12:00 84656 —-a-w- c:windowssystem32perfc007.dat
2009-09-16 06:21 . 2003-04-02 12:00 459116 —-a-w- c:windowssystem32perfh007.dat
2009-09-14 12:26 . 2007-12-02 13:51
d
w- c:programmeLight Alloy
2009-09-12 10:04 . 2007-12-02 14:29
d
w- c:programmeGemeinsame DateienNero
2009-09-12 09:59 . 2007-12-02 14:29
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenNero
2009-09-12 09:46 . 2007-12-02 14:29
d
w- c:programmeNero
2009-09-12 09:42 . 2007-12-02 11:32
d—h—w- c:programmeInstallShield Installation Information
2009-09-12 06:57 . 2007-12-02 14:35
d
w- c:dokumente und einstellungenGKAnwendungsdatenNero
2009-08-29 20:11 . 2007-12-10 18:51
d
w- c:dokumente und einstellungenGKAnwendungsdatenSkype
2009-08-29 14:02 . 2007-12-10 19:02
d
w- c:dokumente und einstellungenGKAnwendungsdatenskypePM
2009-08-26 10:07 . 2009-08-24 22:12
d
w- c:programmeReplay Media Catcher
2009-08-26 10:06 . 2009-08-26 10:06 156672 —-a-w- c:windowssystem32rmc_fixasf.exe
2009-08-26 10:06 . 2009-08-26 10:06 237568 —-a-w- c:windowssystem32rmc_rtspdl.dll
2009-08-26 10:05 . 2009-08-26 10:05 323584 —-a-w- c:windowssystem32AUDIOGENIE2.DLL
2009-08-26 10:03 . 2009-08-24 22:11 9385791 —-a-w- c:programmeFLV PlayerRCATSetup.exe
2009-08-26 10:00 . 2009-08-24 22:07 21425608 —-a-w- c:programmeFLV PlayerRCSetup.exe
2009-08-26 09:50 . 2007-12-02 12:40 23808 —-a-w- c:dokumente und einstellungenGKLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
2009-08-26 09:50 . 2009-06-12 19:21
d
w- c:programmeCDBurnerXP
2009-08-26 08:48 . 2009-08-26 08:48
d
w- c:programme7-Zip
2009-08-26 08:47 . 2009-08-26 08:47
d
w- c:programmeWinDjView
2009-08-25 07:14 . 2009-08-25 07:14
d
w- c:dokumente und einstellungenGKAnwendungsdatenMail.Ru
2009-08-25 06:48 . 2009-08-25 06:47
d
w- c:dokumente und einstellungenGKAnwendungsdatenMra
2009-08-24 22:06 . 2009-08-24 22:06
d
w- c:programmeFLV Player
2009-08-05 09:05 . 2003-04-02 12:00 206336 —-a-w- c:windowssystem32mswebdvd.dll
2009-07-29 04:48 . 2003-04-02 12:00 119808 —-a-w- c:windowssystem32t2embed.dll
2009-07-29 04:48 . 2003-04-02 12:00 82432 —-a-w- c:windowssystem32fontsub.dll
2009-07-17 18:56 . 2003-04-02 12:00 58880 —-a-w- c:windowssystem32atl.dll
2009-07-13 00:18 . 2007-12-02 12:33 233472
w- c:windowssystem32wmpdxm.dll
2009-07-03 16:55 . 2003-04-02 12:00 915456
w- c:windowssystem32wininet.dll
.
Sigcheck
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:windowsSoftwareDistributionDownloada746b2abbbec3e139e29152ba22decd1winlogon.exe
[-] 2007-12-02 . DB37D307003055ED09711CB3417814C7 . 507392 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe
[-] 2007-12-02 . 12A682E34CCCC8FCE5B484DACA6CE267 . 521728 . . [5.1.2600.1106] . . c:windows$NtServicePackUninstall$winlogon.exe
[7] 2004-08-03 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:windowsServicePackFilesi386winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-09-23_13.53.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-29 19:49 . 2009-09-29 19:49 16384 c:windowsTempPerflib_Perfdata_bcc.dat
+ 2009-09-23 19:58 . 2009-09-23 19:58 30240 c:windowsInstaller{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}mbsa.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 970632 c:windowssystem32WgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 265096 c:windowssystem32WgaLogon.dll
+ 2009-03-10 20:18 . 2009-03-10 20:18 970632 c:windowssystem32dllcacheWgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 265096 c:windowssystem32dllcachewgaLogon.dll
+ 2009-01-20 04:59 . 2008-06-20 07:14 719872 c:windowssystem32devil.dll
+ 2009-01-20 04:58 . 2008-06-20 07:14 308224 c:windowssystem32avisynth.dll
+ 2009-09-23 21:34 . 2009-09-23 21:34 471552 c:windowsReplay Converter 3uninstall.exe
+ 2009-09-23 19:58 . 2009-09-23 19:58 562688 c:windowsInstaller1a9d11b.msi
+ 2009-03-10 20:18 . 2009-03-10 20:18 1482112 c:windowssystem32LegitCheckControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{9CB65206-89C4-402c-BA80-02D8C59F9B1D}»= «c:programmeAskTBarSrchAstt1.binA5SRCHAS.DLL» [2007-12-02 57344][HKEY_CLASSES_ROOTclsid{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:programmeMessengermsmsgs.exe» [2004-08-03 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowsSystem32igfxtray.exe» [2006-08-14 98304]
«HotKeysCmds»=»c:windowsSystem32hkcmd.exe» [2006-08-14 114688]
«Persistence»=»c:windowsSystem32igfxpers.exe» [2006-08-14 94208]
«ACU»=»c:programmeAtherosACU.exe» [2007-05-03 376921]
«SynTPEnh»=»c:programmeSynapticsSynTPSynTPEnh.exe» [2006-05-12 774233]
«Power_Gear»=»c:programmeASUSPower4 GearBatteryLife.exe» [2006-07-26 90112]
«ACMON»=»c:programmeASUSSplendidACMON.exe» [2006-05-30 811008]
«ATKHOTKEY»=»c:programmeATK HotkeyHcontrol.exe» [2007-04-19 225280]
«Lingvo Launcher»=»c:programmeABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«LogitechCommunicationsManager»=»c:programmeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe» [2007-07-25 563984]
«LogitechQuickCamRibbon»=»c:programmeLogitechQuickCamQuickcam.exe» [2007-07-25 2027792]
«ccApp»=»c:programmeGemeinsame DateienSymantec SharedccApp.exe» [2007-11-09 115560]
«SunJavaUpdateSched»=»c:programmeJavajre6binjusched.exe» [2009-02-18 136600]
«TkBellExe»=»c:programmeGemeinsame DateienRealUpdate_OBrealsched.exe» [2009-02-18 185896]
«Adobe Reader Speed Launcher»=»c:programmeAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«Malwarebytes Anti-Malware (reboot)»=»d:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«Verknupfung mit der High Definition Audio-Eigenschaftenseite»=»HDAShCut.exe» — c:windowssystem32HdAShCut.exe [2005-01-07 61952][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2004-08-03 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccEvtMgr]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccSetMgr]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antivirus]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Programme\Bonjour\mDNSResponder.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpofxm08.exe»=
«c:\Programme\HP\Digital Imaging\bin\hposfx08.exe»=
«c:\Programme\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqCopy.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpfccopy.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe»=
«c:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE»=
«c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe»=
«c:\Programme\Skype\Phone\Skype.exe»=
«c:\Programme\Opera\opera.exe»=R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:programmeMcAfeeSiteAdvisorMcSACore.exe [23.09.2009 22:44 210216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:programmeGemeinsame DateienSymantec SharedEENGINEEraserUtilRebootDrv.sys [01.09.2009 21:16 102448]
R3 WSIMD;wsimd Service;c:windowssystem32driverswsimd.sys [02.12.2007 13:43 57024]
S3 COH_Mon;COH_Mon;c:windowssystem32driversCOH_Mon.sys [29.05.2007 14:55 23888]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;c:windowssystem32driversusbbc2.sys [02.12.2007 15:59 7936][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-09-29 c:windowsTasksUser_Feed_Synchronization-{6BE504F5-B71C-4123-9784-F14D1BD27B5C}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.pravoslavie.ru/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Nach Microsoft &Excel exportieren — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-WinPatrol Russian v.2 — c:programmeBillP StudiosWinPatrolwinpatrol.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 22:33
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Verknьpfung mit der High Definition Audio-Eigenschaftenseite»=»HDAShCut.exe»[HKEY_LOCAL_MACHINESystemControlSet001Servicesvsdatant]
«ImagePath»=»a»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(4856)
c:programmeMcAfeeSiteAdvisorsaHook.dll
c:programmeABBYY Lingvo 12LvHook.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
.
Completion time: 2009-09-29 22:36
ComboFix-quarantined-files.txt 2009-09-29 20:36Pre-Run: 9.687.691.264 Bytes frei
Post-Run: 9.778.065.408 Bytes frei220 — E O F — 2009-09-28 20:16
Заранее спасибо за ответЛог выглядит нормально.
Проверим ещё одной программой.Скачайте RootRepeal кликнув по этой ссылке или этой ссылке и распакуйте на ваш рабочий стол.
Кликните по файлу RootRepeal.exe для запуска программы.
Откройте вкладку Report, затем кликните Scan. Откроется окно с запросом что включать в лог, выберите пункты перечисленные ниже и кликните OK.
* Drivers
* Files
* Processes
* SSDT
* Stealth Objects
* Hidden Services
На следующем этапе появится запрос о том, какой диск сканировать, выберите C: и кликните OK снова, после этого запустится процесс сканирования. Когда сканирование закончится кликните Save Report для сохранения лога.Жду от вас содержимое получившегося лога.
@Valeri wrote:
Лог выглядит нормально.
Проверим ещё одной программой.Скачайте RootRepeal кликнув по этой ссылке или этой ссылке и распакуйте на ваш рабочий стол.
Кликните по файлу RootRepeal.exe для запуска программы.
Откройте вкладку Report, затем кликните Scan. Откроется окно с запросом что включать в лог, выберите пункты перечисленные ниже и кликните OK.
* Drivers
* Files
* Processes
* SSDT
* Stealth Objects
* Hidden Services
На следующем этапе появится запрос о том, какой диск сканировать, выберите C: и кликните OK снова, после этого запустится процесс сканирования. Когда сканирование закончится кликните Save Report для сохранения лога.Жду от вас содержимое получившегося лога.
Спасибо за быстрый ответ. Вот результат.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 18:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Drivers
Name:
Image Path:
Address: 0xF73A4000 Size: 98304 File Visible: No Signed: —
Status: —Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: —
Status: —Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xAA11B000 Size: 98304 File Visible: No Signed: —
Status: —Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7AF6000 Size: 8192 File Visible: No Signed: —
Status: —Name: kwldrpoc.sys
Image Path: C:DOKUME~1GKLOKALE~1Tempkwldrpoc.sys
Address: 0xA80ED000 Size: 84480 File Visible: No Signed: —
Status: —Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA91BA000 Size: 49152 File Visible: No Signed: —
Status: —Hidden/Locked Files
Path: c:windowstempsqlite_k2d2tolwckym0yi
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_kdcvedonyfrzgsh
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_lfd8zjiax797xph
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_mv4agihkkbzfiwx
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_nesvjrfell6mdiu
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_omkwxufujhrvyfb
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_slpoiivplymnyzm
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_utxkwuf3onuvgs8
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_wsrkzm6qehfkumg
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_zrqvu3qdhbb6aal
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_4fwtznvczvla82i
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_6b5cgkbpbfo3r7p
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_8qoyf7fluange2u
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_bzua929ddhg28zl
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_drgb8r1ubbjuhxf
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_gb2igsklemp9njg
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_hccoxyzvbvac4fb
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_hfodhrleaqyyrkt
Status: Allocation size mismatch (API: 4096, Raw: 0)SSDT
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by «» at address 0x863318d8#: 013 Function Name: NtAlertThread
Status: Hooked by «» at address 0x86325a18#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by «» at address 0x86254c98#: 025 Function Name: NtClose
Status: Hooked by «a347bus.sys» at address 0xf746d028#: 031 Function Name: NtConnectPort
Status: Hooked by «» at address 0x86309520#: 041 Function Name: NtCreateKey
Status: Hooked by «a347bus.sys» at address 0xf746cfe0#: 043 Function Name: NtCreateMutant
Status: Hooked by «» at address 0x862e9d20#: 045 Function Name: NtCreatePagingFile
Status: Hooked by «a347bus.sys» at address 0xf7460b00#: 053 Function Name: NtCreateThread
Status: Hooked by «» at address 0x862b16b0#: 071 Function Name: NtEnumerateKey
Status: Hooked by «a347bus.sys» at address 0xf74615dc#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by «a347bus.sys» at address 0xf746d120#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by «» at address 0x862e8e00#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by «» at address 0x862f2b48#: 091 Function Name: NtImpersonateThread
Status: Hooked by «» at address 0x86303e68#: 108 Function Name: NtMapViewOfSection
Status: Hooked by «» at address 0x862cd238#: 114 Function Name: NtOpenEvent
Status: Hooked by «» at address 0x862df0e8#: 116 Function Name: NtOpenFile
Status: Hooked by «a347bus.sys» at address 0xf7460b40#: 119 Function Name: NtOpenKey
Status: Hooked by «a347bus.sys» at address 0xf746cfa4#: 123 Function Name: NtOpenProcessToken
Status: Hooked by «» at address 0x862fe300#: 129 Function Name: NtOpenThreadToken
Status: Hooked by «» at address 0x86229ea8#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by «C:WINDOWSsystem32driverswpsdrvnt.sys» at address 0xf6e2d280#: 143 Function Name: NtQueryDefaultLocale
Status: Hooked by «SysPlant.sys» at address 0xf72727b0#: 160 Function Name: NtQueryKey
Status: Hooked by «a347bus.sys» at address 0xf74615fc#: 177 Function Name: NtQueryValueKey
Status: Hooked by «a347bus.sys» at address 0xf746d076#: 206 Function Name: NtResumeThread
Status: Hooked by «» at address 0x863193d8#: 213 Function Name: NtSetContextThread
Status: Hooked by «» at address 0x862c70e8#: 228 Function Name: NtSetInformationProcess
Status: Hooked by «» at address 0x861d1ea8#: 229 Function Name: NtSetInformationThread
Status: Hooked by «» at address 0x862228c0#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by «a347bus.sys» at address 0xf746c550#: 253 Function Name: NtSuspendProcess
Status: Hooked by «» at address 0x862cf108#: 254 Function Name: NtSuspendThread
Status: Hooked by «» at address 0x8634b308#: 257 Function Name: NtTerminateProcess
Status: Hooked by «» at address 0x862fd090#: 258 Function Name: NtTerminateThread
Status: Hooked by «» at address 0x863633a0#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by «» at address 0x862e19d8#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by «» at address 0x861c74c0Stealth Objects
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x865a3b30 Size: 11Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8623ce60 Size: 11Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x852de2e0 Size: 11Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8627ca30 Size: 11Object: Hidden Code [Driver: NpfsЅః瑎て, IRP_MJ_READ]
Process: System Address: 0x8631c0d8 Size: 11Object: Hidden Code [Driver: MsfsЅఆ剒敬, IRP_MJ_READ]
Process: System Address: 0x862eb210 Size: 11Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x86428180 Size: 11Object: Hidden Code [Driver: Cdfsࠅ慓故ࠁఄ䵃‷夨㥈က, IRP_MJ_READ]
Process: System Address: 0x86242340 Size: 11Shadow SSDT
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by «» at address 0x85c7d608==EOF==
Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:Drivers to delete:
kwldrpoc.sysКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ.Кроме этого проверим ваш компьютер с помощью программы которая ищет руткиты.
Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.
Этот лог так же вставьте в ваш ответ.
- Для ответа в этой теме необходимо авторизоваться.
