|
Log-Analyse und Auswertung: OTL-LOG vom Verschlüsselungs-Trojaner-PatientenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.06.2012, 17:44 | #1 |
| OTL-LOG vom Verschlüsselungs-Trojaner-Patienten Hallo Trojaner-Boarder Ein Freund von mir hat sich den Verschlüsselungs-Trojaner dummerweise eingefangen. Auf der Suche nach Abhilfe bin ich auf Euer tolles Forum gestoßen und bereits viele Themen durchstöbert. Bin so weit gekommen, dass ich den OTL-Log erstellt habe kann aber ohne Eure Hilfe den Fix nicht erstellen. Bitte erstellt für mich den Fix, mit dem ich dann den Virus erledigen kann... Was dann alles noch verschlüsselt bleibt, muss ich dann schauen. Riesen-Dank schon mal vorab für Eure Hilfe!!! Grüße Max Code:
ATTFilter 08OTL logfile created on: 6/10/2012 10:25:34 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 195.31 Gb Total Space | 100.47 Gb Free Space | 51.44% Space Free | Partition Type: NTFS Drive D: | 270.44 Gb Total Space | 245.28 Gb Free Space | 90.69% Space Free | Partition Type: NTFS Drive F: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.99% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - [2012/05/06 06:09:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/02 14:28:47 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/18 12:04:24 | 001,790,016 | ---- | M] () [Auto] -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru) SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/09/06 13:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/10/07 04:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/10/07 04:16:50 | 000,472,280 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009/02/09 07:25:55 | 000,111,104 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2009/02/09 07:25:55 | 000,111,104 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2009/02/09 06:54:17 | 000,687,616 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) Расширения драйверов WMI (Windows Management Instrumentation) SRV - [2008/12/16 15:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/10/20 14:54:01 | 000,483,840 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2008/10/20 14:02:12 | 000,175,616 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\w32time.dll -- (W32Time) SRV - [2008/10/20 14:01:49 | 000,247,296 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Служба сетевого расположения (NLA) SRV - [2008/10/20 14:01:40 | 000,330,752 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Брандмауэр Windows/Общий доступ к Интернету (ICS) SRV - [2008/04/15 08:00:00 | 000,409,088 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) Фоновая интеллектуальная служба передачи (BITS) SRV - [2008/04/15 08:00:00 | 000,333,824 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Служба загрузки изображений (WIA) SRV - [2008/04/15 08:00:00 | 000,295,936 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2008/04/15 08:00:00 | 000,249,856 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008/04/15 08:00:00 | 000,198,144 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008/04/15 08:00:00 | 000,193,024 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008/04/15 08:00:00 | 000,186,368 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost) SRV - [2008/04/15 08:00:00 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008/04/15 08:00:00 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt) SRV - [2008/04/15 08:00:00 | 000,150,528 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008/04/15 08:00:00 | 000,145,408 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2008/04/15 08:00:00 | 000,141,824 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - [2008/04/15 08:00:00 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008/04/15 08:00:00 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008/04/15 08:00:00 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008/04/15 08:00:00 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv) SRV - [2008/04/15 08:00:00 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2008/04/15 08:00:00 | 000,096,768 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr) SRV - [2008/04/15 08:00:00 | 000,091,648 | ---- | M] (Корпорация Майкрософт) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog) SRV - [2008/04/15 08:00:00 | 000,045,568 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2008/04/15 08:00:00 | 000,024,064 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [File_System | On_Demand] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2009/10/07 04:18:36 | 000,035,168 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/10/07 04:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009/10/07 04:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2008/12/17 02:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008/12/17 02:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S7500(UVC) DRV - [2008/12/17 02:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008/12/17 02:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008/12/16 15:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008/11/15 13:39:55 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008/11/15 11:18:06 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/10/20 14:54:01 | 000,080,128 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/10/20 14:54:01 | 000,030,208 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem) DRV - [2008/10/20 14:54:01 | 000,023,296 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/10/20 14:53:14 | 000,012,160 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) DRV - [2008/10/20 14:02:11 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) Драйвер протокола IPv6 (Microsoft) DRV - [2008/07/28 12:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/15 08:00:00 | 000,188,288 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI) DRV - [2008/04/15 08:00:00 | 000,125,440 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk) DRV - [2008/04/15 08:00:00 | 000,120,192 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/15 08:00:00 | 000,073,472 | ---- | M] (Корпорация Майкрософт) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (Sr) DRV - [2008/04/15 08:00:00 | 000,068,480 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI) DRV - [2008/04/15 08:00:00 | 000,065,024 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/15 08:00:00 | 000,053,120 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\System32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/15 08:00:00 | 000,044,544 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips) DRV - [2008/04/15 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/15 08:00:00 | 000,037,504 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp) DRV - [2008/04/15 08:00:00 | 000,024,832 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/15 08:00:00 | 000,014,720 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/15 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/04/15 08:00:00 | 000,011,776 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2008/04/15 08:00:00 | 000,006,912 | ---- | M] (Корпорация Майкрософт) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm) DRV - [2008/04/15 08:00:00 | 000,003,328 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde) DRV - [2008/04/14 13:11:48 | 000,058,368 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2007/09/05 05:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/06/28 05:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/06/28 05:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/06/18 16:38:16 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2001/08/17 11:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/04 17:27:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/02 14:28:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 10:50:57 | 000,000,000 | ---D | M] [2012/02/18 03:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/07/15 04:56:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009/08/21 12:24:54 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009/08/21 12:24:54 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2012/05/02 14:28:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/17 14:52:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/12 05:19:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/12 05:19:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/12 05:19:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/12 05:19:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/12 05:19:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/12 05:19:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/12/19 12:22:41 | 000,000,998 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe (Mail.Ru) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKU\.DEFAULT..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe () O4 - HKU\LocalService_ON_C..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe () O4 - HKU\NetworkService_ON_C..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe () O4 - HKU\.DEFAULT..\RunOnce: [IE7_011] File not found O4 - HKU\LocalService_ON_C..\RunOnce: [IE7_011] File not found O4 - HKU\NetworkService_ON_C..\RunOnce: [IE7_011] File not found O4 - Startup: C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk = File not found O4 - Startup: C:\Documents and Settings\Администратор\Главное меню\Программы\Автозагрузка\MagicDisc.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru) O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт) O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/11/15 11:17:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/10 22:18:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent [2012/06/10 22:17:40 | 000,000,000 | ---D | C] -- C:\_OTL [2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/10 13:58:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/10 13:37:58 | 000,193,866 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/06/10 13:37:56 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/10 13:37:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/10 13:37:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2012/06/10 13:37:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2012/06/10 13:32:16 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/08 09:02:07 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/05/21 14:02:01 | 000,139,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2012/05/21 14:01:51 | 000,282,472 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2012/05/21 13:57:27 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0 [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/01 14:53:04 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2009/10/05 12:55:46 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009/04/17 09:46:01 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/04/17 09:46:01 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/04/17 09:45:48 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2009/04/17 09:42:23 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/04/08 12:32:23 | 000,074,547 | ---- | C] () -- C:\WINDOWS\Uninstal.exe [2009/03/08 10:25:15 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009/03/08 10:25:15 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009/03/08 10:25:15 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009/03/08 10:23:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2009/03/01 16:21:01 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008/12/19 11:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 13:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 13:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 13:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 13:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 12:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/16 15:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008/12/16 15:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008/12/11 14:25:59 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [2008/12/11 14:18:58 | 000,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/11/15 16:19:05 | 000,139,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/11/15 16:18:37 | 000,282,472 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008/11/15 16:18:36 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2008/11/15 14:38:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/11/15 14:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/11/15 14:19:12 | 000,005,709 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak [2008/11/15 14:19:12 | 000,003,289 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak [2008/11/15 14:19:11 | 000,000,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hosts.bak [2008/11/15 14:12:03 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/11/15 14:12:03 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/11/15 14:12:03 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/11/15 14:12:03 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/11/15 14:12:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/11/15 14:12:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/11/15 14:12:03 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/11/15 14:12:03 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/11/15 14:12:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvwrsru.dll [2008/11/15 14:12:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvrsru.dll [2008/11/15 14:11:48 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2008/11/15 14:10:37 | 000,004,512 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/11/15 14:07:38 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/11/15 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvwssr.dll [2008/11/15 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvvitvsr.dll [2008/11/15 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvmoblsr.dll [2008/11/15 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvmccssr.dll [2008/11/15 14:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvgamesr.dll [2008/11/15 14:04:56 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/11/15 13:38:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/11/15 13:29:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/11/15 13:29:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/11/15 11:19:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/11/15 11:18:04 | 000,000,749 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/11/15 11:17:20 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll [2008/11/15 11:17:20 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll [2008/11/15 11:17:20 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2008/11/15 11:15:40 | 000,022,564 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/06/11 04:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/06/11 04:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/06/11 04:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/06/11 04:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/06/11 04:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/06/11 04:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/06/11 04:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/06/11 04:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/06/11 04:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/06/05 03:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/04/15 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/15 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/15 08:00:00 | 000,430,608 | ---- | C] () -- C:\WINDOWS\System32\perfh019.dat [2008/04/15 08:00:00 | 000,388,268 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/15 08:00:00 | 000,305,414 | ---- | C] () -- C:\WINDOWS\System32\perfi019.dat [2008/04/15 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/15 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/15 08:00:00 | 000,069,802 | ---- | C] () -- C:\WINDOWS\System32\perfc019.dat [2008/04/15 08:00:00 | 000,057,660 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/15 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/15 08:00:00 | 000,036,176 | ---- | C] () -- C:\WINDOWS\System32\perfd019.dat [2008/04/15 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/15 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/15 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/15 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2007/12/21 02:21:56 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2007/09/04 06:56:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007/02/05 15:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2005/10/15 08:25:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe [2005/10/15 08:25:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe [2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2012/02/28 09:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} [2010/07/01 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2010/02/08 09:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010/07/24 07:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2011/06/01 14:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Degener [2011/11/10 10:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO [2009/09/11 16:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2009/09/11 16:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA [2012/04/18 12:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guard.Mail.Ru [2010/11/25 12:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009/04/17 09:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010/01/30 16:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009/03/04 22:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/06/10 22:18:02 | 000,000,077 | -HS- | M] ()(C:\Documents and Settings\LocalService\??? ?????????\desktop.ini) -- C:\Documents and Settings\LocalService\Мои документы\desktop.ini [2012/06/10 22:18:02 | 000,000,077 | -HS- | C] ()(C:\Documents and Settings\LocalService\??? ?????????\desktop.ini) -- C:\Documents and Settings\LocalService\Мои документы\desktop.ini [2012/06/10 22:18:02 | 000,000,000 | R--D | M](C:\Documents and Settings\LocalService\??? ?????????) -- C:\Documents and Settings\LocalService\Мои документы [2012/06/10 22:18:02 | 000,000,000 | R--D | M](C:\Documents and Settings\LocalService\??? ?????????) -- C:\Documents and Settings\LocalService\Мои документы [2012/06/10 22:18:02 | 000,000,000 | R--D | C](C:\Documents and Settings\LocalService\??? ?????????) -- C:\Documents and Settings\LocalService\Мои документы [2012/06/08 09:04:31 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????\?????????\Sniper Ghost Warrior) -- C:\Documents and Settings\All Users\Главное меню\Программы\Sniper Ghost Warrior [2012/06/08 09:04:27 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????\?????????\EPSON Drucker) -- C:\Documents and Settings\All Users\Главное меню\Программы\EPSON Drucker [2012/06/07 09:41:49 | 000,002,265 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Skype.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk [2012/05/29 10:39:18 | 000,002,499 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Word.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Word.lnk [2012/04/16 16:10:52 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол [2012/04/15 13:41:42 | 000,001,729 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader 9.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader 9.lnk [2012/01/12 10:50:57 | 000,001,729 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader 9.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader 9.lnk [2011/11/27 06:33:14 | 000,000,810 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Mozilla Firefox.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Mozilla Firefox.lnk [2011/11/22 09:53:37 | 000,001,915 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Google ??????? ?????.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Google Планета Земля.lnk [2011/11/22 09:53:37 | 000,001,915 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Google ??????? ?????.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Google Планета Земля.lnk [2011/11/10 10:28:39 | 000,002,265 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Skype.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk [2011/02/10 06:49:08 | 000,001,492 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Opera.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Opera.lnk [2011/02/10 06:49:08 | 000,001,492 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Opera.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Opera.lnk [2011/01/05 15:17:47 | 000,000,776 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Sniper Ghost Warrior.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Sniper Ghost Warrior.lnk [2011/01/05 15:17:47 | 000,000,776 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Sniper Ghost Warrior.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Sniper Ghost Warrior.lnk [2010/12/31 12:46:29 | 000,000,719 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\VLC media player.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\VLC media player.lnk [2010/11/25 11:57:33 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню [2010/02/08 09:58:06 | 000,001,505 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Vuze.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Vuze.lnk [2010/02/08 09:58:06 | 000,001,505 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Vuze.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Vuze.lnk [2009/10/19 13:55:06 | 000,001,781 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Brother Creative Center.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Brother Creative Center.lnk [2009/10/19 13:55:06 | 000,001,781 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Brother Creative Center.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Brother Creative Center.lnk [2009/10/05 12:57:08 | 000,001,825 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Logitech QuickCam.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Logitech QuickCam.lnk [2009/10/05 12:57:08 | 000,001,825 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Logitech QuickCam.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Logitech QuickCam.lnk [2009/02/11 14:29:09 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы [2009/02/11 14:29:09 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????\microsoft) -- C:\Documents and Settings\All Users\Документы\microsoft [2009/02/11 14:29:09 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\?????????\microsoft) -- C:\Documents and Settings\All Users\Документы\microsoft [2009/01/28 09:10:50 | 000,000,137 | -HS- | M] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini [2009/01/12 17:55:34 | 000,001,583 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Mail.Ru ?????.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Mail.Ru Агент.lnk [2009/01/12 17:55:34 | 000,001,583 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Mail.Ru ?????.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Mail.Ru Агент.lnk [2008/12/11 14:18:17 | 000,001,729 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\Microsoft Office.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk [2008/12/11 14:18:17 | 000,001,729 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\Microsoft Office.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk [2008/12/11 14:13:17 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\??????? ????) -- C:\WINDOWS\system32\config\systemprofile\Рабочий стол [2008/12/11 14:13:17 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\??????? ????) -- C:\WINDOWS\system32\config\systemprofile\Рабочий стол [2008/11/17 19:01:19 | 000,000,719 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\VLC media player.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\VLC media player.lnk [2008/11/15 20:04:42 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи [2008/11/15 20:04:42 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи [2008/11/15 16:19:27 | 000,001,691 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Call of Duty(R) Singleplayer.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Call of Duty(R) Singleplayer.lnk [2008/11/15 16:19:27 | 000,001,691 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Call of Duty(R) Multiplayer.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Call of Duty(R) Multiplayer.lnk [2008/11/15 16:19:27 | 000,001,691 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Call of Duty(R) Singleplayer.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Call of Duty(R) Singleplayer.lnk [2008/11/15 16:19:27 | 000,001,691 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Call of Duty(R) Multiplayer.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Call of Duty(R) Multiplayer.lnk [2008/11/15 14:34:05 | 000,000,810 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Mozilla Firefox.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Mozilla Firefox.lnk [2008/11/15 14:10:40 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки [2008/11/15 14:10:40 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка [2008/11/15 14:10:20 | 000,000,137 | -HS- | C] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini [2008/11/15 14:10:20 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini [2008/11/15 14:10:20 | 000,000,000 | R--D | M](C:\WINDOWS\system32\config\systemprofile\??????? ????) -- C:\WINDOWS\system32\config\systemprofile\Главное меню [2008/11/15 14:10:20 | 000,000,000 | R--D | M](C:\WINDOWS\system32\config\systemprofile\??????? ????) -- C:\WINDOWS\system32\config\systemprofile\Главное меню [2008/11/15 14:10:20 | 000,000,000 | -H-D | M](C:\WINDOWS\system32\config\systemprofile\???????) -- C:\WINDOWS\system32\config\systemprofile\Шаблоны [2008/11/15 14:10:20 | 000,000,000 | -H-D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны [2008/11/15 14:10:20 | 000,000,000 | -H-D | M](C:\WINDOWS\system32\config\systemprofile\???????) -- C:\WINDOWS\system32\config\systemprofile\Шаблоны [2008/11/15 14:10:20 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\?????????) -- C:\WINDOWS\system32\config\systemprofile\Избранное [2008/11/15 14:10:20 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\??? ?????????) -- C:\WINDOWS\system32\config\systemprofile\Мои документы [2008/11/15 14:10:20 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное [2008/11/15 14:10:20 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\?????????) -- C:\WINDOWS\system32\config\systemprofile\Избранное [2008/11/15 14:10:20 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\??? ?????????) -- C:\WINDOWS\system32\config\systemprofile\Мои документы [2008/11/15 11:19:43 | 000,000,084 | -HS- | C] ()(C:\WINDOWS\system32\config\systemprofile\??????? ????\?????????\????????????\desktop.ini) -- C:\WINDOWS\system32\config\systemprofile\Главное меню\Программы\Автозагрузка\desktop.ini [2008/11/15 11:17:06 | 000,000,084 | -HS- | M] ()(C:\WINDOWS\system32\config\systemprofile\??????? ????\?????????\????????????\desktop.ini) -- C:\WINDOWS\system32\config\systemprofile\Главное меню\Программы\Автозагрузка\desktop.ini [2008/11/15 11:17:06 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini [2008/11/15 11:16:17 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки [2008/11/15 11:15:03 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка [2008/04/15 08:00:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf [2008/04/15 08:00:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf (C:\WINDOWS\system32\config\systemprofile\?????????) -- C:\WINDOWS\system32\config\systemprofile\Избранное (C:\WINDOWS\system32\config\systemprofile\???????) -- C:\WINDOWS\system32\config\systemprofile\Шаблоны (C:\WINDOWS\system32\config\systemprofile\??????? ????\?????????\????????????) -- C:\WINDOWS\system32\config\systemprofile\Главное меню\Программы\Автозагрузка (C:\WINDOWS\system32\config\systemprofile\??????? ????\?????????\???????????) -- C:\WINDOWS\system32\config\systemprofile\Главное меню\Программы\Стандартные (C:\WINDOWS\system32\config\systemprofile\??????? ????) -- C:\WINDOWS\system32\config\systemprofile\Рабочий стол (C:\WINDOWS\system32\config\systemprofile\??????? ????) -- C:\WINDOWS\system32\config\systemprofile\Главное меню (C:\WINDOWS\system32\config\systemprofile\??? ?????????) -- C:\WINDOWS\system32\config\systemprofile\Мои документы (C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное (C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы (C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны (C:\Documents and Settings\All Users\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\All Users\Главное меню\Программы\WinRAR (C:\Documents and Settings\All Users\??????? ????\?????????\WebCallDirect) -- C:\Documents and Settings\All Users\Главное меню\Программы\WebCallDirect (C:\Documents and Settings\All Users\??????? ????\?????????\VistaCodecs) -- C:\Documents and Settings\All Users\Главное меню\Программы\VistaCodecs (C:\Documents and Settings\All Users\??????? ????\?????????\VideoLAN) -- C:\Documents and Settings\All Users\Главное меню\Программы\VideoLAN (C:\Documents and Settings\All Users\??????? ????\?????????\Sniper Ghost Warrior) -- C:\Documents and Settings\All Users\Главное меню\Программы\Sniper Ghost Warrior (C:\Documents and Settings\All Users\??????? ????\?????????\Skype) -- C:\Documents and Settings\All Users\Главное меню\Программы\Skype (C:\Documents and Settings\All Users\??????? ????\?????????\ScanSoft PaperPort 11) -- C:\Documents and Settings\All Users\Главное меню\Программы\ScanSoft PaperPort 11 (C:\Documents and Settings\All Users\??????? ????\?????????\NVIDIA Corporation) -- C:\Documents and Settings\All Users\Главное меню\Программы\NVIDIA Corporation (C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Silverlight) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Silverlight (C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Office Tools) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Office Tools (C:\Documents and Settings\All Users\??????? ????\?????????\Mail.Ru) -- C:\Documents and Settings\All Users\Главное меню\Программы\Mail.Ru (C:\Documents and Settings\All Users\??????? ????\?????????\Logitech) -- C:\Documents and Settings\All Users\Главное меню\Программы\Logitech (C:\Documents and Settings\All Users\??????? ????\?????????\Google Earth) -- C:\Documents and Settings\All Users\Главное меню\Программы\Google Earth (C:\Documents and Settings\All Users\??????? ????\?????????\ESET) -- C:\Documents and Settings\All Users\Главное меню\Программы\ESET (C:\Documents and Settings\All Users\??????? ????\?????????\EPSON Drucker) -- C:\Documents and Settings\All Users\Главное меню\Программы\EPSON Drucker (C:\Documents and Settings\All Users\??????? ????\?????????\DivX Plus) -- C:\Documents and Settings\All Users\Главное меню\Программы\DivX Plus (C:\Documents and Settings\All Users\??????? ????\?????????\Clip2Net) -- C:\Documents and Settings\All Users\Главное меню\Программы\Clip2Net (C:\Documents and Settings\All Users\??????? ????\?????????\Brother) -- C:\Documents and Settings\All Users\Главное меню\Программы\Brother (C:\Documents and Settings\All Users\??????? ????\?????????\Administrative Tools) -- C:\Documents and Settings\All Users\Главное меню\Программы\Administrative Tools (C:\Documents and Settings\All Users\??????? ????\?????????\Activision) -- C:\Documents and Settings\All Users\Главное меню\Программы\Activision (C:\Documents and Settings\All Users\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Администрирование (C:\Documents and Settings\All Users\??????? ????\?????????\????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка (C:\Documents and Settings\All Users\??????? ????\?????????\???????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Стандартные (C:\Documents and Settings\All Users\??????? ????\?????????\???????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Утилиты (C:\Documents and Settings\All Users\??????? ????\?????????\????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Игры (C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол (C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню < End of report > |
12.06.2012, 20:39 | #2 |
| OTL-LOG vom Verschlüsselungs-Trojaner-Patienten Hallo Leute
__________________fehlt noch irgend was für die Analyse? Grüße Max Hallo Leute! Hilfee, hilfee! Bitte bitte! |
Themen zu OTL-LOG vom Verschlüsselungs-Trojaner-Patienten |
.dll, adobe, antivirus, bho, browser, call of duty, conduit, desktop.ini, disabletaskmgr, eset nod32, explorer, firefox, flash player, format, google earth, helper, home, logfile, mozilla, msvcrt, object, pdfforge toolbar, plug-in, realtek, registry, rundll, scan, searchsettings.dll, services.exe, software, staropen, virus, windows, windows xp, wmi |