Созданные ответы форума
-
Сообщения
-
@Valeri wrote:
Лог выглядит нормально.
Проверим ещё одной программой.Скачайте RootRepeal кликнув по этой ссылке или этой ссылке и распакуйте на ваш рабочий стол.
Кликните по файлу RootRepeal.exe для запуска программы.
Откройте вкладку Report, затем кликните Scan. Откроется окно с запросом что включать в лог, выберите пункты перечисленные ниже и кликните OK.
* Drivers
* Files
* Processes
* SSDT
* Stealth Objects
* Hidden Services
На следующем этапе появится запрос о том, какой диск сканировать, выберите C: и кликните OK снова, после этого запустится процесс сканирования. Когда сканирование закончится кликните Save Report для сохранения лога.Жду от вас содержимое получившегося лога.
Спасибо за быстрый ответ. Вот результат.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 18:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Drivers
Name:
Image Path:
Address: 0xF73A4000 Size: 98304 File Visible: No Signed: —
Status: —Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: —
Status: —Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xAA11B000 Size: 98304 File Visible: No Signed: —
Status: —Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7AF6000 Size: 8192 File Visible: No Signed: —
Status: —Name: kwldrpoc.sys
Image Path: C:DOKUME~1GKLOKALE~1Tempkwldrpoc.sys
Address: 0xA80ED000 Size: 84480 File Visible: No Signed: —
Status: —Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA91BA000 Size: 49152 File Visible: No Signed: —
Status: —Hidden/Locked Files
Path: c:windowstempsqlite_k2d2tolwckym0yi
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_kdcvedonyfrzgsh
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_lfd8zjiax797xph
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_mv4agihkkbzfiwx
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_nesvjrfell6mdiu
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_omkwxufujhrvyfb
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_slpoiivplymnyzm
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_utxkwuf3onuvgs8
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_wsrkzm6qehfkumg
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_zrqvu3qdhbb6aal
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_4fwtznvczvla82i
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_6b5cgkbpbfo3r7p
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_8qoyf7fluange2u
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_bzua929ddhg28zl
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_drgb8r1ubbjuhxf
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_gb2igsklemp9njg
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_hccoxyzvbvac4fb
Status: Allocation size mismatch (API: 4096, Raw: 0)Path: c:windowstempsqlite_hfodhrleaqyyrkt
Status: Allocation size mismatch (API: 4096, Raw: 0)SSDT
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by «» at address 0x863318d8#: 013 Function Name: NtAlertThread
Status: Hooked by «» at address 0x86325a18#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by «» at address 0x86254c98#: 025 Function Name: NtClose
Status: Hooked by «a347bus.sys» at address 0xf746d028#: 031 Function Name: NtConnectPort
Status: Hooked by «» at address 0x86309520#: 041 Function Name: NtCreateKey
Status: Hooked by «a347bus.sys» at address 0xf746cfe0#: 043 Function Name: NtCreateMutant
Status: Hooked by «» at address 0x862e9d20#: 045 Function Name: NtCreatePagingFile
Status: Hooked by «a347bus.sys» at address 0xf7460b00#: 053 Function Name: NtCreateThread
Status: Hooked by «» at address 0x862b16b0#: 071 Function Name: NtEnumerateKey
Status: Hooked by «a347bus.sys» at address 0xf74615dc#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by «a347bus.sys» at address 0xf746d120#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by «» at address 0x862e8e00#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by «» at address 0x862f2b48#: 091 Function Name: NtImpersonateThread
Status: Hooked by «» at address 0x86303e68#: 108 Function Name: NtMapViewOfSection
Status: Hooked by «» at address 0x862cd238#: 114 Function Name: NtOpenEvent
Status: Hooked by «» at address 0x862df0e8#: 116 Function Name: NtOpenFile
Status: Hooked by «a347bus.sys» at address 0xf7460b40#: 119 Function Name: NtOpenKey
Status: Hooked by «a347bus.sys» at address 0xf746cfa4#: 123 Function Name: NtOpenProcessToken
Status: Hooked by «» at address 0x862fe300#: 129 Function Name: NtOpenThreadToken
Status: Hooked by «» at address 0x86229ea8#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by «C:WINDOWSsystem32driverswpsdrvnt.sys» at address 0xf6e2d280#: 143 Function Name: NtQueryDefaultLocale
Status: Hooked by «SysPlant.sys» at address 0xf72727b0#: 160 Function Name: NtQueryKey
Status: Hooked by «a347bus.sys» at address 0xf74615fc#: 177 Function Name: NtQueryValueKey
Status: Hooked by «a347bus.sys» at address 0xf746d076#: 206 Function Name: NtResumeThread
Status: Hooked by «» at address 0x863193d8#: 213 Function Name: NtSetContextThread
Status: Hooked by «» at address 0x862c70e8#: 228 Function Name: NtSetInformationProcess
Status: Hooked by «» at address 0x861d1ea8#: 229 Function Name: NtSetInformationThread
Status: Hooked by «» at address 0x862228c0#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by «a347bus.sys» at address 0xf746c550#: 253 Function Name: NtSuspendProcess
Status: Hooked by «» at address 0x862cf108#: 254 Function Name: NtSuspendThread
Status: Hooked by «» at address 0x8634b308#: 257 Function Name: NtTerminateProcess
Status: Hooked by «» at address 0x862fd090#: 258 Function Name: NtTerminateThread
Status: Hooked by «» at address 0x863633a0#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by «» at address 0x862e19d8#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by «» at address 0x861c74c0Stealth Objects
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x865a3b30 Size: 11Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System Address: 0x862d47c0 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x85c04e80 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x85c16b70 Size: 99Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8623ce60 Size: 11Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x852de2e0 Size: 11Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8627ca30 Size: 11Object: Hidden Code [Driver: NpfsЅః瑎て, IRP_MJ_READ]
Process: System Address: 0x8631c0d8 Size: 11Object: Hidden Code [Driver: MsfsЅఆ剒敬, IRP_MJ_READ]
Process: System Address: 0x862eb210 Size: 11Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x86428180 Size: 11Object: Hidden Code [Driver: Cdfsࠅ慓故ࠁఄ䵃‷夨㥈က, IRP_MJ_READ]
Process: System Address: 0x86242340 Size: 11Shadow SSDT
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by «» at address 0x85c7d608==EOF==
@Valeri wrote:
Попробуйте ещё раз запустить программу Combofix. В конце своей работы она откроет блокнот с логом. Выделите весь текст и скопируйте в ваше следующее сообщение.
Сделала как вы написали. Посмотрите, пожалуйста, результат. Пожалуйста, прокоментируйте.Не знаю в чём ,,причина .но программы очень долго загружаются и виснут.
ComboFix 09-09-28.01 — GK 29.09.2009 22:25.2.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1031.18.1015.503 [GMT 2:00]
Running from: c:dokumente und einstellungenGKDesktopComboFix.exe
Command switches used :: c:dokumente und einstellungenGKDesktopWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.2009-09-29 10:03 . 2009-09-29 19:47 45056 —-a-w- c:windowssystem32acovcnt.exe
2009-09-23 21:47 . 2009-09-23 21:47
d
w- c:dokumente und einstellungenGKSecurityScans
2009-09-23 21:34 . 2009-09-23 21:34
d
w- c:programmeReplay Converter 3
2009-09-23 21:34 . 2009-09-23 21:34
d
w- c:windowsReplay Converter 3
2009-09-23 21:28 . 2009-09-23 21:28
d
w- c:dokumente und einstellungenGKAnwendungsdatenWinPatrol
2009-09-23 21:28 . 2009-09-23 21:28
d
w- c:programmeBillP Studios
2009-09-23 20:46 . 2009-09-28 19:35
d
w- c:dokumente und einstellungenLocalServiceAnwendungsdatenSACore
2009-09-23 20:46 . 2009-09-23 20:46
d
w- c:windowssystem32configsystemprofileAnwendungsdatenSACore
2009-09-23 20:46 . 2009-09-23 20:46
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenSiteAdvisor
2009-09-23 20:45 . 2009-09-23 20:45
d
w- c:programmeGemeinsame DateienMcAfee
2009-09-23 20:44 . 2009-09-24 05:38
d
w- c:programmeMcAfee
2009-09-23 20:44 . 2009-09-23 20:45
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenMcAfee
2009-09-23 20:44 . 2009-09-23 20:54
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenYahoo! Companion
2009-09-23 20:44 . 2009-09-23 20:44
d
w- c:dokumente und einstellungenGKAnwendungsdatenYahoo!
2009-09-23 20:44 . 2009-09-23 20:44
d
w- c:programmeYahoo!
2009-09-23 19:58 . 2009-09-23 19:58
d
w- c:programmeMicrosoft Baseline Security Analyzer 2
2009-09-21 08:56 . 2009-09-21 08:56
d-sh—w- c:dokumente und einstellungenGKPrivacIE
2009-09-21 08:49 . 2009-09-21 08:49
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2009-09-19 21:09 . 2009-09-19 21:09
d-sh—w- c:dokumente und einstellungenGKIETldCache
2009-09-19 21:03 . 2009-08-07 08:48 100352 -c—-w- c:windowssystem32dllcacheiecompat.dll
2009-09-19 21:02 . 2009-09-19 21:04
d
w- c:windowsie8updates
2009-09-19 21:02 . 2009-07-03 16:55 12800 -c—-w- c:windowssystem32dllcachexpshims.dll
2009-09-19 21:02 . 2009-07-03 16:55 594432 -c—-w- c:windowssystem32dllcachemsfeeds.dll
2009-09-19 21:02 . 2009-07-03 16:55 55296 -c—-w- c:windowssystem32dllcachemsfeedsbs.dll
2009-09-19 21:02 . 2009-07-03 16:55 1985536 -c—-w- c:windowssystem32dllcacheiertutil.dll
2009-09-19 21:02 . 2009-07-03 16:55 246272 -c—-w- c:windowssystem32dllcacheieproxy.dll
2009-09-19 21:02 . 2009-07-19 16:41 11067392 -c—-w- c:windowssystem32dllcacheieframe.dll
2009-09-19 20:58 . 2009-09-19 21:01
dc-h—w- c:windowsie8
2009-09-16 06:33 . 2009-09-23 21:54
d
w- c:programmetrend micro
2009-09-16 06:33 . 2009-09-16 06:33
d
w- C:rsit
2009-09-15 23:20 . 2009-09-15 23:20
d
w- c:programmeMSXML 4.0
2009-09-15 16:40 . 2009-09-23 12:25
d
w- c:windowssystem32CatRoot_bak
2009-09-15 16:35 . 2008-06-14 17:57 273024 -c—-w- c:windowssystem32dllcachebthport.sys
2009-09-15 16:33 . 2009-06-21 22:05 153088 -c—-w- c:windowssystem32dllcachetriedit.dll
2009-09-15 16:31 . 2008-05-01 14:30 331776 -c—-w- c:windowssystem32dllcachemsadce.dll
2009-09-15 16:31 . 2008-04-11 18:50 683520 -c—-w- c:windowssystem32dllcacheinetcomm.dll
2009-09-15 16:30 . 2008-09-04 16:43 1106944 -c—-w- c:windowssystem32dllcachemsxml3.dll
2009-09-15 16:30 . 2008-12-11 11:57 333184 -c—-w- c:windowssystem32dllcachesrv.sys
2009-09-15 16:30 . 2008-10-15 16:57 332800 -c—-w- c:windowssystem32dllcachenetapi32.dll
2009-09-15 16:29 . 2008-10-24 11:10 453632 -c—-w- c:windowssystem32dllcachemrxsmb.sys
2009-09-15 16:28 . 2009-07-10 13:39 1315328 -c—-w- c:windowssystem32dllcachemsoe.dll
2009-09-15 16:28 . 2008-10-03 10:15 247326 -c—-w- c:windowssystem32dllcachestrmdll.dll
2009-09-15 16:27 . 2009-06-05 07:42 655872 -c—-w- c:windowssystem32dllcachemstscax.dll
2009-09-15 16:25 . 2008-04-21 21:25 217600 -c—-w- c:windowssystem32dllcachewordpad.exe
2009-09-14 15:39 . 2009-09-14 15:39
d
w- c:dokumente und einstellungenGKAnwendungsdatenMalwarebytes
2009-09-14 15:38 . 2009-09-10 12:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-14 15:38 . 2009-09-14 15:38
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenMalwarebytes
2009-09-14 15:38 . 2009-09-10 12:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-12 06:44 . 2009-09-12 06:44
d
w- c:dokumente und einstellungenGKLokale EinstellungenAnwendungsdatenNero
2009-09-11 19:53 . 2009-09-11 19:53
d
w- c:programmeOpera
2009-09-06 08:50 . 2009-09-23 14:51
d
w- c:dokumente und einstellungenGKAnwendungsdatenFileZilla.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 19:31 . 2007-12-10 18:14
d
w- c:programmeLogitech
2009-09-23 21:03 . 2009-02-18 15:42
d
w- c:dokumente und einstellungenGKAnwendungsdatenMSN6
2009-09-16 06:21 . 2003-04-02 12:00 84656 —-a-w- c:windowssystem32perfc007.dat
2009-09-16 06:21 . 2003-04-02 12:00 459116 —-a-w- c:windowssystem32perfh007.dat
2009-09-14 12:26 . 2007-12-02 13:51
d
w- c:programmeLight Alloy
2009-09-12 10:04 . 2007-12-02 14:29
d
w- c:programmeGemeinsame DateienNero
2009-09-12 09:59 . 2007-12-02 14:29
d
w- c:dokumente und einstellungenAll UsersAnwendungsdatenNero
2009-09-12 09:46 . 2007-12-02 14:29
d
w- c:programmeNero
2009-09-12 09:42 . 2007-12-02 11:32
d—h—w- c:programmeInstallShield Installation Information
2009-09-12 06:57 . 2007-12-02 14:35
d
w- c:dokumente und einstellungenGKAnwendungsdatenNero
2009-08-29 20:11 . 2007-12-10 18:51
d
w- c:dokumente und einstellungenGKAnwendungsdatenSkype
2009-08-29 14:02 . 2007-12-10 19:02
d
w- c:dokumente und einstellungenGKAnwendungsdatenskypePM
2009-08-26 10:07 . 2009-08-24 22:12
d
w- c:programmeReplay Media Catcher
2009-08-26 10:06 . 2009-08-26 10:06 156672 —-a-w- c:windowssystem32rmc_fixasf.exe
2009-08-26 10:06 . 2009-08-26 10:06 237568 —-a-w- c:windowssystem32rmc_rtspdl.dll
2009-08-26 10:05 . 2009-08-26 10:05 323584 —-a-w- c:windowssystem32AUDIOGENIE2.DLL
2009-08-26 10:03 . 2009-08-24 22:11 9385791 —-a-w- c:programmeFLV PlayerRCATSetup.exe
2009-08-26 10:00 . 2009-08-24 22:07 21425608 —-a-w- c:programmeFLV PlayerRCSetup.exe
2009-08-26 09:50 . 2007-12-02 12:40 23808 —-a-w- c:dokumente und einstellungenGKLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
2009-08-26 09:50 . 2009-06-12 19:21
d
w- c:programmeCDBurnerXP
2009-08-26 08:48 . 2009-08-26 08:48
d
w- c:programme7-Zip
2009-08-26 08:47 . 2009-08-26 08:47
d
w- c:programmeWinDjView
2009-08-25 07:14 . 2009-08-25 07:14
d
w- c:dokumente und einstellungenGKAnwendungsdatenMail.Ru
2009-08-25 06:48 . 2009-08-25 06:47
d
w- c:dokumente und einstellungenGKAnwendungsdatenMra
2009-08-24 22:06 . 2009-08-24 22:06
d
w- c:programmeFLV Player
2009-08-05 09:05 . 2003-04-02 12:00 206336 —-a-w- c:windowssystem32mswebdvd.dll
2009-07-29 04:48 . 2003-04-02 12:00 119808 —-a-w- c:windowssystem32t2embed.dll
2009-07-29 04:48 . 2003-04-02 12:00 82432 —-a-w- c:windowssystem32fontsub.dll
2009-07-17 18:56 . 2003-04-02 12:00 58880 —-a-w- c:windowssystem32atl.dll
2009-07-13 00:18 . 2007-12-02 12:33 233472
w- c:windowssystem32wmpdxm.dll
2009-07-03 16:55 . 2003-04-02 12:00 915456
w- c:windowssystem32wininet.dll
.
Sigcheck
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:windowsSoftwareDistributionDownloada746b2abbbec3e139e29152ba22decd1winlogon.exe
[-] 2007-12-02 . DB37D307003055ED09711CB3417814C7 . 507392 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe
[-] 2007-12-02 . 12A682E34CCCC8FCE5B484DACA6CE267 . 521728 . . [5.1.2600.1106] . . c:windows$NtServicePackUninstall$winlogon.exe
[7] 2004-08-03 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:windowsServicePackFilesi386winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-09-23_13.53.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-29 19:49 . 2009-09-29 19:49 16384 c:windowsTempPerflib_Perfdata_bcc.dat
+ 2009-09-23 19:58 . 2009-09-23 19:58 30240 c:windowsInstaller{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}mbsa.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 970632 c:windowssystem32WgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 265096 c:windowssystem32WgaLogon.dll
+ 2009-03-10 20:18 . 2009-03-10 20:18 970632 c:windowssystem32dllcacheWgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 265096 c:windowssystem32dllcachewgaLogon.dll
+ 2009-01-20 04:59 . 2008-06-20 07:14 719872 c:windowssystem32devil.dll
+ 2009-01-20 04:58 . 2008-06-20 07:14 308224 c:windowssystem32avisynth.dll
+ 2009-09-23 21:34 . 2009-09-23 21:34 471552 c:windowsReplay Converter 3uninstall.exe
+ 2009-09-23 19:58 . 2009-09-23 19:58 562688 c:windowsInstaller1a9d11b.msi
+ 2009-03-10 20:18 . 2009-03-10 20:18 1482112 c:windowssystem32LegitCheckControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{9CB65206-89C4-402c-BA80-02D8C59F9B1D}»= «c:programmeAskTBarSrchAstt1.binA5SRCHAS.DLL» [2007-12-02 57344][HKEY_CLASSES_ROOTclsid{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:programmeMessengermsmsgs.exe» [2004-08-03 1667584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowsSystem32igfxtray.exe» [2006-08-14 98304]
«HotKeysCmds»=»c:windowsSystem32hkcmd.exe» [2006-08-14 114688]
«Persistence»=»c:windowsSystem32igfxpers.exe» [2006-08-14 94208]
«ACU»=»c:programmeAtherosACU.exe» [2007-05-03 376921]
«SynTPEnh»=»c:programmeSynapticsSynTPSynTPEnh.exe» [2006-05-12 774233]
«Power_Gear»=»c:programmeASUSPower4 GearBatteryLife.exe» [2006-07-26 90112]
«ACMON»=»c:programmeASUSSplendidACMON.exe» [2006-05-30 811008]
«ATKHOTKEY»=»c:programmeATK HotkeyHcontrol.exe» [2007-04-19 225280]
«Lingvo Launcher»=»c:programmeABBYY Lingvo 12Lvagent.exe» [2006-12-13 258048]
«LogitechCommunicationsManager»=»c:programmeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe» [2007-07-25 563984]
«LogitechQuickCamRibbon»=»c:programmeLogitechQuickCamQuickcam.exe» [2007-07-25 2027792]
«ccApp»=»c:programmeGemeinsame DateienSymantec SharedccApp.exe» [2007-11-09 115560]
«SunJavaUpdateSched»=»c:programmeJavajre6binjusched.exe» [2009-02-18 136600]
«TkBellExe»=»c:programmeGemeinsame DateienRealUpdate_OBrealsched.exe» [2009-02-18 185896]
«Adobe Reader Speed Launcher»=»c:programmeAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«Malwarebytes Anti-Malware (reboot)»=»d:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«Verknupfung mit der High Definition Audio-Eigenschaftenseite»=»HDAShCut.exe» — c:windowssystem32HdAShCut.exe [2005-01-07 61952][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2004-08-03 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccEvtMgr]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccSetMgr]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antivirus]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Programme\Bonjour\mDNSResponder.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpofxm08.exe»=
«c:\Programme\HP\Digital Imaging\bin\hposfx08.exe»=
«c:\Programme\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpqCopy.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpfccopy.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Programme\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe»=
«c:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE»=
«c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe»=
«c:\Programme\Skype\Phone\Skype.exe»=
«c:\Programme\Opera\opera.exe»=R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:programmeMcAfeeSiteAdvisorMcSACore.exe [23.09.2009 22:44 210216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:programmeGemeinsame DateienSymantec SharedEENGINEEraserUtilRebootDrv.sys [01.09.2009 21:16 102448]
R3 WSIMD;wsimd Service;c:windowssystem32driverswsimd.sys [02.12.2007 13:43 57024]
S3 COH_Mon;COH_Mon;c:windowssystem32driversCOH_Mon.sys [29.05.2007 14:55 23888]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;c:windowssystem32driversusbbc2.sys [02.12.2007 15:59 7936][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-09-29 c:windowsTasksUser_Feed_Synchronization-{6BE504F5-B71C-4123-9784-F14D1BD27B5C}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.pravoslavie.ru/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Nach Microsoft &Excel exportieren — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-WinPatrol Russian v.2 — c:programmeBillP StudiosWinPatrolwinpatrol.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 22:33
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Verknьpfung mit der High Definition Audio-Eigenschaftenseite»=»HDAShCut.exe»[HKEY_LOCAL_MACHINESystemControlSet001Servicesvsdatant]
«ImagePath»=»a»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(4856)
c:programmeMcAfeeSiteAdvisorsaHook.dll
c:programmeABBYY Lingvo 12LvHook.dll
c:windowssystem32msi.dll
c:windowssystem32webcheck.dll
.
Completion time: 2009-09-29 22:36
ComboFix-quarantined-files.txt 2009-09-29 20:36Pre-Run: 9.687.691.264 Bytes frei
Post-Run: 9.778.065.408 Bytes frei220 — E O F — 2009-09-28 20:16
Заранее спасибо за ответБольшое спасибо. Помогло .Всё стало работать веселей. Только где-то потеряла результаты сканирования этот лог файл.Не могу найти. Как не крути. а чайник есть чайник. Не могу не найти, ни выложить файл.
ОГРОМНОЕ СПаСИБОг !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!кажеться нашёлся.
ЕLogfile of random’s system information tool 1.06 (written by random/random)
Run by GK at 2009-09-23 23:54:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (43%) free of 20 GB
Total RAM: 1015 MB (30% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:38, on 23.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe
C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32acs.exe
C:ProgrammeBonjourmDNSResponder.exe
C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
C:ProgrammeCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe
C:ProgrammeSymantecSymantec Endpoint ProtectionSmcGui.exe
C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
C:WINDOWSSystem32hkcmd.exe
C:WINDOWSSystem32igfxpers.exe
C:ProgrammeSynapticsSynTPSynTPEnh.exe
C:ProgrammeASUSPower4 GearBatteryLife.exe
C:ProgrammeASUSSplendidACMON.exe
C:ProgrammeATK HotkeyHcontrol.exe
C:ProgrammeABBYY Lingvo 12Lvagent.exe
C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe
C:ProgrammeLogitechQuickCamQuickcam.exe
C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe
C:WINDOWSsystem32ACEngSvr.exe
C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe
C:ProgrammeATK HotkeyATKOSD.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammeHPDigital Imagingbinhpqtra08.exe
C:ProgrammeHPDigital Imagingbinhpqimzone.exe
C:ProgrammeHPDigital ImagingbinhpqSTE08.exe
C:ProgrammeGemeinsame DateienLogishrdLQCVFXCOCIManager.exe
C:ProgrammeHPDigital ImagingProduct Assistantbinhprblog.exe
C:WINDOWSexplorer.exe
C:ProgrammeABBYY Lingvo 12Lingvo.exe
C:ProgrammeOperaopera.exe
C:ProgrammeMcAfeeSiteAdvisorMcSACore.exe
C:ProgrammeMessengermsmsgs.exe
D:удаление гадостейRSIT.exe
C:Programmetrend microGK.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pravoslavie.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://de.search.yahoo.com/search?fr=mcafee&p=%s
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 — URLSearchHook: (no name) — {9CB65206-89C4-402c-BA80-02D8C59F9B1D} — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:ProgrammeYahoo!CompanionInstallscpnyt.dll
O2 — BHO: &Yahoo! Toolbar Helper — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:ProgrammeYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:ProgrammeRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:ProgrammeJavajre6binssv.dll
O2 — BHO: Ask Search Assistant BHO — {9CB65201-89C4-402c-BA80-02D8C59F9B1D} — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL
O2 — BHO: McAfee SiteAdvisor BHO — {B164E929-A1B6-4A06-B104-2CD0E90A88FF} — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:ProgrammeJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: SingleInstance Class — {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} — C:ProgrammeYahoo!CompanionInstallscpnYTSingleInstance.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:ProgrammeAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:ProgrammeAskTBarbar1.binASKTBAR.DLL
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:ProgrammeYahoo!CompanionInstallscpnyt.dll
O3 — Toolbar: McAfee SiteAdvisor Toolbar — {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O4 — HKLM..Run: [Verknupfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 — HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSSystem32igfxpers.exe
O4 — HKLM..Run: [ACU] C:ProgrammeAtherosACU.exe -nogui
O4 — HKLM..Run: [SynTPEnh] C:ProgrammeSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [Power_Gear] C:ProgrammeASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [ACMON] C:ProgrammeASUSSplendidACMON.exe
O4 — HKLM..Run: [ATKHOTKEY] «C:ProgrammeATK HotkeyHcontrol.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:ProgrammeABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [LogitechCommunicationsManager] «C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe»
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:ProgrammeLogitechQuickCamQuickcam.exe» /hide
O4 — HKLM..Run: [ccApp] «C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:ProgrammeJavajre6binjusched.exe»
O4 — HKLM..Run: [TkBellExe] «C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:ProgrammeAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «D:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKLM..Run: [WinPatrol Russian v.2] C:ProgrammeBillP StudiosWinPatrolwinpatrol.exe
O4 — HKLM..Run: [WinPatrol] C:ProgrammeBillP StudiosWinPatrolWinPatrol.exe
O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] D:_softwareprofileMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
O4 — HKCU..Run: [MSMSGS] «C:ProgrammeMessengermsmsgs.exe» /background
O4 — HKCU..RunOnce: [SAPostInstallPage] iexplore.exe http://www.siteadvisor.com/download/postinstall.html?premium=false&client_ver=2.9.258&client_type=IEPlugin&suite=true&aff_id=0&locale=de-de&os_ver=5.1.2.0&pip=true&installchoice=2
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: Nach Microsoft &Excel exportieren — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Recherchieren — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:ProgrammeMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:ProgrammeMessengermsmsgs.exe
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — C:ProgrammeLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: sacore — {5513F07E-936B-4E52-9B00-067394E91CC5} — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1GEMEIN~1SkypeSKYPE4~1.DLL
O23 — Service: McAfee Application Installer Cleanup (0181031253738702) (0181031253738702mcinstcleanup) — McAfee, Inc. — C:DOKUME~1GKLOKALE~1Temp18103~1.EXE
O23 — Service: Atheros-Konfigurationsdienst (ACS) — Atheros — C:WINDOWSSystem32acs.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:ProgrammeBonjourmDNSResponder.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:ProgrammeGemeinsame DateienMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:ProgrammeJavajre6binjqs.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 — Service: LVCOMSer — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: LVSrvLauncher — Logitech Inc. — C:ProgrammeGemeinsame DateienLogiShrdSrvLnchSrvLnch.exe
O23 — Service: McAfee SiteAdvisor Service — Unknown owner — C:ProgrammeMcAfeeSiteAdvisorMcSACore.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:ProgrammeGemeinsame DateienNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:ProgrammeCDBurnerXPNMSAccessU.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Symantec Management Client (SmcService) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe
O23 — Service: Symantec Network Access Control (SNAC) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 — Service: Symantec Endpoint Protection (Symantec AntiVirus) — Symantec Corporation — C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe—
End of file — 10161 bytes======Scheduled tasks folder======
C:WINDOWStasksUser_Feed_Synchronization-{6BE504F5-B71C-4123-9784-F14D1BD27B5C}.job
C:WINDOWStasksWGASetup.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper — C:ProgrammeYahoo!CompanionInstallscpnyt.dll [2008-07-28 882416][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:ProgrammeRealRealPlayerrpbrowserrecordplugin.dll [2009-02-18 370296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:ProgrammeJavajre6binssv.dll [2009-02-18 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO — C:ProgrammeAskTBarSrchAstt1.binA5SRCHAS.DLL [2007-12-02 57344][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:ProgrammeJavajre6binjp2ssv.dll [2009-02-18 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll [2009-02-18 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class — C:ProgrammeYahoo!CompanionInstallscpnYTSingleInstance.dll [2008-07-28 160496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:ProgrammeAskTBarbar1.binASKTBAR.DLL [2007-12-02 245760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:ProgrammeAskTBarbar1.binASKTBAR.DLL [2007-12-02 245760]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:ProgrammeYahoo!CompanionInstallscpnyt.dll [2008-07-28 882416]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} — McAfee SiteAdvisor Toolbar — c:PROGRA~1mcafeeSITEAD~1mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Verknupfung mit der High Definition Audio-Eigenschaftenseite»=C:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952]
«IgfxTray»=C:WINDOWSSystem32igfxtray.exe [2006-08-14 98304]
«HotKeysCmds»=C:WINDOWSSystem32hkcmd.exe [2006-08-14 114688]
«Persistence»=C:WINDOWSSystem32igfxpers.exe [2006-08-14 94208]
«ACU»=C:ProgrammeAtherosACU.exe [2007-05-03 376921]
«SynTPEnh»=C:ProgrammeSynapticsSynTPSynTPEnh.exe [2006-05-12 774233]
«Power_Gear»=C:ProgrammeASUSPower4 GearBatteryLife.exe [2006-07-26 90112]
«ACMON»=C:ProgrammeASUSSplendidACMON.exe [2006-05-30 811008]
«ATKHOTKEY»=C:ProgrammeATK HotkeyHcontrol.exe [2007-04-19 225280]
«Lingvo Launcher»=C:ProgrammeABBYY Lingvo 12Lvagent.exe [2006-12-13 258048]
«LogitechCommunicationsManager»=C:ProgrammeGemeinsame DateienLogiShrdLComMgrCommunications_Helper.exe [2007-07-25 563984]
«LogitechQuickCamRibbon»=C:ProgrammeLogitechQuickCamQuickcam.exe [2007-07-25 2027792]
«ccApp»=C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe [2007-11-09 115560]
«SunJavaUpdateSched»=C:ProgrammeJavajre6binjusched.exe [2009-02-18 136600]
«TkBellExe»=C:ProgrammeGemeinsame DateienRealUpdate_OBrealsched.exe [2009-02-18 185896]
«Adobe Reader Speed Launcher»=C:ProgrammeAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«Malwarebytes Anti-Malware (reboot)»=D:_softwareprofileMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]
«WinPatrol Russian v.2″=C:ProgrammeBillP StudiosWinPatrolwinpatrol.exe [2007-08-06 292152]
«WinPatrol»=C:ProgrammeBillP StudiosWinPatrolWinPatrol.exe [2007-08-06 292152][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Malwarebytes’ Anti-Malware»=D:_softwareprofileMalwarebytes’ Anti-Malwarembamgui.exe [2009-09-10 420176][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:ProgrammeMessengermsmsgs.exe [2004-08-04 1667584][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«SAPostInstallPage»=iexplore.exe http://www.siteadvisor.com/download/postinstall.html?premium=false&client_ver=2.9.258&client_type=IEPlugin&suite=true&aff_id=0&locale=de-de&os_ver=5.1.2.0&pip=true&installchoice=2 []C:Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostart
Bluetooth Manager.lnk — C:ProgrammeToshibaBluetooth Toshiba StackTosBtMng1.exe
HP Digital Imaging Monitor.lnk — C:ProgrammeHPDigital Imagingbinhpqtra08.exe
HP Image Zone Fast Start.lnk — C:ProgrammeHPDigital Imagingbinhpqthb08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2006-08-14 155648][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccEvtMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccSetMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antivirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkccEvtMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkccSetMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSmcService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSymantec Antivirus]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:ProgrammeBonjourmDNSResponder.exe»=»C:ProgrammeBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:ProgrammeHPDigital Imagingbinhpqste08.exe»=»C:ProgrammeHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:ProgrammeHPDigital Imagingbinhpofxm08.exe»=»C:ProgrammeHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:ProgrammeHPDigital Imagingbinhposfx08.exe»=»C:ProgrammeHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:ProgrammeHPDigital Imagingbinhposid01.exe»=»C:ProgrammeHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:ProgrammeHPDigital Imagingbinhpqscnvw.exe»=»C:ProgrammeHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:ProgrammeHPDigital Imagingbinhpqkygrp.exe»=»C:ProgrammeHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:ProgrammeHPDigital ImagingbinhpqCopy.exe»=»C:ProgrammeHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:ProgrammeHPDigital Imagingbinhpfccopy.exe»=»C:ProgrammeHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:ProgrammeHPDigital Imagingbinhpzwiz01.exe»=»C:ProgrammeHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:ProgrammeHPDigital ImagingUnloadHpqPhUnl.exe»=»C:ProgrammeHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:ProgrammeHPDigital Imagingbinhpoews01.exe»=»C:ProgrammeHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
«C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe»=»C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service»
«C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE»=»C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service»
«C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe»=»C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe:*:Enabled:Symantec Email»
«C:ProgrammeSkypePhoneSkype.exe»=»C:ProgrammeSkypePhoneSkype.exe:*:Enabled:Skype»
«C:ProgrammeOperaopera.exe»=»C:ProgrammeOperaopera.exe:*:Disabled:Opera Internet Browser»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:ProgrammeLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»======List of files/folders created in the last 1 months======
2009-09-23 23:34:19 —-D—- C:WINDOWSReplay Converter 3
2009-09-23 23:34:19 —-D—- C:ProgrammeReplay Converter 3
2009-09-23 23:28:36 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenWinPatrol
2009-09-23 23:28:23 —-D—- C:ProgrammeBillP Studios
2009-09-23 22:46:14 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenSiteAdvisor
2009-09-23 22:45:02 —-D—- C:ProgrammeGemeinsame DateienMcAfee
2009-09-23 22:44:17 —-D—- C:WINDOWSLastGood
2009-09-23 22:44:15 —-D—- C:ProgrammeMcAfee
2009-09-23 22:44:14 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenMcAfee
2009-09-23 22:44:05 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenYahoo!
2009-09-23 22:44:05 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenYahoo! Companion
2009-09-23 22:44:02 —-D—- C:ProgrammeYahoo!
2009-09-23 21:58:45 —-D—- C:ProgrammeMicrosoft Baseline Security Analyzer 2
2009-09-23 16:45:01 —-SHD—- C:RECYCLER
2009-09-23 15:43:30 —-A—- C:Boot.bak
2009-09-23 15:43:19 —-RASHD—- C:cmdcons
2009-09-23 15:42:09 —-A—- C:WINDOWSzip.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSSWXCACLS.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSSWSC.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSSWREG.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSsed.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSPEV.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSNIRCMD.exe
2009-09-23 15:42:09 —-A—- C:WINDOWSgrep.exe
2009-09-23 15:40:37 —-D—- C:WINDOWSERDNT
2009-09-23 15:39:47 —-D—- C:Qoobox
2009-09-22 09:26:44 —-A—- C:WINDOWSsystem32acovcnt.exe
2009-09-19 23:02:57 —-D—- C:WINDOWSie8updates
2009-09-19 23:01:07 —-D—- C:WINDOWSWBEM
2009-09-19 22:58:27 —-HDC—- C:WINDOWSie8
2009-09-19 22:54:37 —-A—- C:WINDOWSsystem32MRT.exe
2009-09-16 08:33:09 —-D—- C:Programmetrend micro
2009-09-16 08:33:06 —-D—- C:rsit
2009-09-16 01:36:48 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-09-16 01:36:39 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-09-16 01:36:30 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-09-16 01:36:22 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-09-16 01:36:15 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-09-16 01:36:07 —-HDC—- C:WINDOWS$NtUninstallKB960859$
2009-09-16 01:36:03 —-D—- C:WINDOWSsystem32KB905474
2009-09-16 01:35:46 —-HDC—- C:WINDOWS$NtUninstallKB961371-v2$
2009-09-16 01:35:21 —-HDC—- C:WINDOWS$NtUninstallKB972260$
2009-09-16 01:35:05 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-09-16 01:34:58 —-HDC—- C:WINDOWS$NtUninstallKB971657$
2009-09-16 01:34:41 —-HDC—- C:WINDOWS$NtUninstallKB961118$
2009-09-16 01:34:32 —-HDC—- C:WINDOWS$NtUninstallKB971557$
2009-09-16 01:34:25 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-09-16 01:34:17 —-HDC—- C:WINDOWS$NtUninstallKB973346$
2009-09-16 01:28:55 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-09-16 01:28:39 —-HDC—- C:WINDOWS$NtUninstallKB956844$
2009-09-16 01:28:30 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-09-16 01:28:10 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-09-16 01:28:02 —-HDC—- C:WINDOWS$NtUninstallKB968816_WM9$
2009-09-16 01:27:53 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-09-16 01:27:25 —-HDC—- C:WINDOWS$NtUninstallKB925720$
2009-09-16 01:27:13 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-09-16 01:27:06 —-HDC—- C:WINDOWS$NtUninstallKB973869$
2009-09-16 01:26:54 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9L$
2009-09-16 01:26:44 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-09-16 01:26:33 —-HDC—- C:WINDOWS$NtUninstallKB973507$
2009-09-16 01:26:24 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-09-16 01:25:26 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-09-16 01:25:17 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-09-16 01:25:07 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-09-16 01:24:58 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-09-16 01:24:50 —-HDC—- C:WINDOWS$NtUninstallKB973354$
2009-09-16 01:24:38 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-09-16 01:24:27 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-09-16 01:24:16 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-09-16 01:24:06 —-HDC—- C:WINDOWS$NtUninstallKB971961$
2009-09-16 01:23:56 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-09-16 01:23:44 —-HDC—- C:WINDOWS$NtUninstallKB958470$
2009-09-16 01:23:33 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-09-16 01:23:21 —-HDC—- C:WINDOWS$NtUninstallKB973815$
2009-09-16 01:21:30 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-09-16 01:21:17 —-HDC—- C:WINDOWS$NtUninstallKB971032$
2009-09-16 01:21:05 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-09-16 01:20:56 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-09-16 01:20:48 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-09-16 01:20:40 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-09-16 01:20:35 —-D—- C:ProgrammeMSXML 4.0
2009-09-16 01:20:18 —-HDC—- C:WINDOWS$NtUninstallKB944338-v2$
2009-09-16 01:20:07 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-09-16 01:19:52 —-HDC—- C:WINDOWS$NtUninstallKB970653-v3$
2009-09-15 18:40:02 —-D—- C:WINDOWSsystem32CatRoot_bak
2009-09-15 18:25:36 —-N—- C:WINDOWSsystem32tzchange.exe
2009-09-15 17:58:33 —-D—- C:WINDOWSsystem32PreInstall
2009-09-15 17:58:30 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-09-15 17:30:25 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-09-14 17:39:08 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMalwarebytes
2009-09-14 17:38:55 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenMalwarebytes
2009-09-14 16:36:43 —-D—- C:Avenger
2009-09-14 16:36:43 —-A—- C:avenger.txt
2009-09-12 08:24:09 —-A—- C:WINDOWSIrremote.ini
2009-09-11 21:53:10 —-D—- C:ProgrammeOpera
2009-09-11 18:43:54 —-A—- C:WINDOWScdplayer.ini
2009-09-06 10:50:27 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenFileZilla
2009-08-26 12:06:10 —-A—- C:WINDOWSsystem32rmc_fixasf.exe
2009-08-26 12:06:09 —-A—- C:WINDOWSsystem32rmc_rtspdl.dll
2009-08-26 12:05:33 —-A—- C:WINDOWSsystem32AUDIOGENIE2.DLL
2009-08-26 12:04:04 —-D—- C:WINDOWSReplay Media Catcher
2009-08-26 11:48:40 —-D—- C:WINDOWSLhsp
2009-08-26 11:41:36 —-D—- C:WINDOWSspeech
2009-08-26 10:48:11 —-D—- C:Programme7-Zip
2009-08-26 10:47:49 —-D—- C:ProgrammeWinDjView
2009-08-25 11:43:32 —-D—- C:WINDOWSSun
2009-08-25 09:14:14 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMail.Ru
2009-08-25 08:47:33 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenMra
2009-08-25 00:12:54 —-D—- C:ProgrammeReplay Media Catcher
2009-08-25 00:11:20 —-A—- C:ProgrammeFLV PlayerRCATSetup.exe
2009-08-25 00:10:45 —-A—- C:WINDOWSReplay Converter Setup Log.txt
2009-08-25 00:07:10 —-A—- C:ProgrammeFLV PlayerRCSetup.exe
2009-08-25 00:06:43 —-D—- C:WINDOWSFLV Player
2009-08-25 00:06:43 —-D—- C:ProgrammeFLV Player
2009-08-25 00:06:23 —-A—- C:WINDOWSFLV Player Setup Log.txt======List of files/folders modified in the last 1 months======
2009-09-23 23:51:07 —-D—- C:WINDOWSTemp
2009-09-23 23:50:17 —-HD—- C:WINDOWSinf
2009-09-23 23:45:31 —-D—- C:WINDOWSSoftwareDistribution
2009-09-23 23:34:31 —-D—- C:WINDOWSsystem32
2009-09-23 23:34:19 —-RD—- C:Programme
2009-09-23 23:34:19 —-D—- C:WINDOWS
2009-09-23 22:58:11 —-D—- C:WINDOWSPrefetch
2009-09-23 22:45:02 —-D—- C:ProgrammeGemeinsame Dateien
2009-09-23 22:13:36 —-D—- C:WINDOWSsystem32drivers
2009-09-23 21:58:53 —-SHD—- C:WINDOWSInstaller
2009-09-23 21:58:53 —-D—- C:Config.Msi
2009-09-23 16:45:58 —-D—- C:Dokumente und Einstellungen
2009-09-23 16:08:18 —-SD—- C:WINDOWSTasks
2009-09-23 15:53:39 —-A—- C:WINDOWSsystem.ini
2009-09-23 15:50:08 —-D—- C:WINDOWSAppPatch
2009-09-23 15:44:54 —-D—- C:WINDOWSsystem32CatRoot2
2009-09-23 15:43:30 —-RASH—- C:boot.ini
2009-09-23 15:42:30 —-A—- C:WINDOWSSchedLgU.Txt
2009-09-23 14:25:22 —-D—- C:WINDOWSsystem32CatRoot
2009-09-20 15:03:22 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-09-20 15:03:19 —-HD—- C:WINDOWS$hf_mig$
2009-09-19 23:08:47 —-D—- C:WINDOWSHelp
2009-09-19 23:08:47 —-D—- C:ProgrammeInternet Explorer
2009-09-19 23:04:34 —-A—- C:WINDOWSimsins.BAK
2009-09-19 23:01:12 —-D—- C:WINDOWSsystem32config
2009-09-19 23:01:07 —-D—- C:WINDOWSsystem32de-DE
2009-09-19 23:00:28 —-D—- C:WINDOWSMedia
2009-09-19 22:54:43 —-D—- C:WINDOWSDebug
2009-09-16 13:48:40 —-D—- C:WINDOWSMicrosoft.NET
2009-09-16 13:48:15 —-RSD—- C:WINDOWSassembly
2009-09-16 08:21:59 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32wbem
2009-09-16 08:16:14 —-D—- C:WINDOWSsystem32Setup
2009-09-16 01:36:24 —-D—- C:ProgrammeMessenger
2009-09-16 01:32:17 —-D—- C:WINDOWSWinSxS
2009-09-16 01:24:52 —-D—- C:ProgrammeOutlook Express
2009-09-16 01:23:46 —-D—- C:WINDOWSServicePackFiles
2009-09-16 01:23:14 —-D—- C:WINDOWSRegistration
2009-09-14 14:26:12 —-D—- C:ProgrammeLight Alloy
2009-09-14 09:49:33 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenReal
2009-09-13 14:07:42 —-D—- C:WINDOWSMinidump
2009-09-12 12:04:56 —-D—- C:ProgrammeGemeinsame DateienNero
2009-09-12 11:59:41 —-D—- C:Dokumente und EinstellungenAll UsersAnwendungsdatenNero
2009-09-12 11:46:52 —-D—- C:ProgrammeNero
2009-09-12 11:42:26 —-HD—- C:ProgrammeInstallShield Installation Information
2009-09-12 09:27:21 —-A—- C:WINDOWSNeroDigital.ini
2009-09-12 08:57:41 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenNero
2009-09-12 07:54:23 —-D—- C:ProgrammeGemeinsame DateienMicrosoft Shared
2009-09-11 18:43:09 —-A—- C:WINDOWSwinamp.ini
2009-09-11 16:01:23 —-D—- C:WINDOWSsystem32Restore
2009-08-29 22:11:28 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenSkype
2009-08-29 16:02:56 —-D—- C:Dokumente und EinstellungenGKAnwendungsdatenskypePM
2009-08-26 11:50:18 —-D—- C:ProgrammeCDBurnerXP
2009-08-26 11:49:02 —-RSD—- C:WINDOWSFonts======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:ProgrammeGemeinsame DateienSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel-Prozessortreiber; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 40192]
R1 SPBBCDrv;SPBBCDrv; ??C:ProgrammeGemeinsame DateienSymantec SharedSPBBCSPBBCDrv.sys []
R1 SRTSP;SRTSP; C:WINDOWSSystem32DriversSRTSP.SYS [2007-12-01 279088]
R1 SRTSPX;SRTSPX; C:WINDOWSSystem32DriversSRTSPX.SYS [2007-12-01 43696]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2007-01-09 191544]
R1 WPS;WPS; ??C:WINDOWSsystem32driverswpsdrvnt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-06-21 142848]
R3 AR5211;Atheros Wireless Network Adapter Service; C:WINDOWSSystem32DRIVERSar5211.sys [2007-05-02 546976]
R3 CmBatt;Treiber fur Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:WINDOWSSystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:ProgrammeGemeinsame DateienSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA-Bustreiber fur High Definition Audio; C:WINDOWSSystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSSystem32DRIVERSigxpmp32.sys [2006-08-14 1109568]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:WINDOWSsystem32DRIVERSLVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Maus-HID-Treiber; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSSystem32DRIVERSATKACPI.sys [2006-12-14 7680]
R3 NAVENG;NAVENG; ??C:PROGRA~1GEMEIN~1SYMANT~1VIRUSD~120090923.002NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1GEMEIN~1SYMANT~1VIRUSD~120090923.002NAVEX15.SYS []
R3 rimsptsk;rimsptsk; C:WINDOWSSystem32DRIVERSrimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSSystem32DRIVERSRtnicxp.sys [2006-02-27 81408]
R3 smserial;smserial; C:WINDOWSSystem32DRIVERSsmserial.sys [2006-08-07 980608]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSSystem32DRIVERSSynTP.sys [2006-05-12 193056]
R3 Teefer2;Teefer2 Miniport; C:WINDOWSsystem32DRIVERSteefer2.sys [2007-08-06 49024]
R3 usbehci;Miniporttreiber fur erweiterten Microsoft USB 2.0-Hostcontroller; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber fur universellen Microsoft USB-Hostcontroller; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 WpsHelper;WpsHelper; ??C:WINDOWSsystem32driversWpsHelper.sys []
R3 WSIMD;wsimd Service; C:WINDOWSSystem32DRIVERSwsimd.sys [2007-03-28 57024]
S3 catchme;catchme; ??C:DOKUME~1GKLOKALE~1Tempcatchme.sys []
S3 CCDECODE;Untertiteldecoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 COH_Mon;COH_Mon; ??C:WINDOWSsystem32DriversCOH_Mon.sys []
S3 HdAudAddService;Microsoft UAA-Funktionstreiber fur den High Definition Audio-Dienst; C:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-08 21744]
S3 LVcKap;Logitech AEC Driver; C:WINDOWSsystem32DRIVERSLVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:WINDOWSsystem32DRIVERSLVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2007-07-19 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2007-07-19 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2007-07-19 1278104]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-03-04 7936]
S3 rtl8139;NT-Treiber fur Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SRTSPL;SRTSPL; C:WINDOWSSystem32DriversSRTSPL.SYS [2007-12-01 317616]
S3 streamip;BDA-IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 Tosrfcom;Tosrfcom; C:WINDOWSsystem32driversTosrfcom.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext-Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 vsdatant;vsdatant; a []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros-Konfigurationsdienst; C:WINDOWSSystem32acs.exe [2007-05-03 364629]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:ProgrammeBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe [2007-11-09 108392]
R2 ccSetMgr;Symantec Settings Manager; C:ProgrammeGemeinsame DateienSymantec SharedccSvcHst.exe [2007-11-09 108392]
R2 LVCOMSer;LVCOMSer; C:ProgrammeGemeinsame DateienLogiShrdLVCOMSERLVComSer.exe [2007-07-20 186904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:ProgrammeMcAfeeSiteAdvisorMcSACore.exe [2009-02-11 210216]
R2 NMSAccessU;NMSAccessU; C:ProgrammeCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 SmcService;Symantec Management Client; C:ProgrammeSymantecSymantec Endpoint ProtectionSmc.exe [2007-12-18 2569600]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:ProgrammeSymantecSymantec Endpoint ProtectionRtvscan.exe [2007-12-18 2189240]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
S2 0181031253738702mcinstcleanup;McAfee Application Installer Cleanup (0181031253738702); C:DOKUME~1GKLOKALE~1Temp18103~1.EXE [2009-01-07 315264]
S2 JavaQuickStarterService;Java Quick Starter; C:ProgrammeJavajre6binjqs.exe [2009-02-18 152984]
S2 LVPrcSrv;Process Monitor; C:ProgrammeGemeinsame DateienLogiShrdLVMVFMLVPrcSrv.exe [2007-07-20 137752]
S2 LVSrvLauncher;LVSrvLauncher; C:ProgrammeGemeinsame DateienLogiShrdSrvLnchSrvLnch.exe [2007-07-20 141848]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:ProgrammeGemeinsame DateienNeroNero BackItUp 4NBService.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:ProgrammeGemeinsame DateienMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE [2007-08-11 3093872]
S3 ose;Office Source Engine; C:ProgrammeGemeinsame DateienMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SNAC;Symantec Network Access Control; C:ProgrammeSymantecSymantec Endpoint ProtectionSNAC.EXE [2007-12-18 234888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
сли будет возможность прокоментируйте пожалуйстаС УВАЖЕНИЕМ IRINDU
