Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Log-Analyse und Auswertung: Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 04.02.2013, 19:11   #1
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Gruss an alle Experten aus der Ukraine! Bin hier gerade bei meiner Freundin zu Besuch und muss ihren Computer nutzen. Der lief bisher mit XP ohne jeglichen Schutz. Es war sehr schwierig ein Anti-Vieren Programm zum laufen zu bringen, jetzt ist NOD32 installiert. Es wurden eine reihe von Viren erkannt, leider wohl nicht alle da ich z.B. viele Programme immer noch nicht starten kann *es geht aber teilweise ueber den Umweg vom USB stick.
Nun habe ich die hier beschriebenen Massnahmen durchgefuehrt>

1. Nach der installation von defogger und neustart tauchten ploetzlich viele verschwundene Dateien wieder auf, der ganze Desktop war veraendert.

2. Beim Durchlauf von OLT wurden zwar zwei TEXT dokumente erstellt, jedoch leer! (Es handelt sich genau genommen um AKEL PAD format)

3. GMER hat den Fund von Rootkit gemeldet, hier klappte das Logfile auch nicht. Jedoch habe ich die Daten haendisch in eine Text Datei kopiert und umbenannt.

4. Die installation von 7zip funktioniert nur ueber usb, 7 wird mit rechtsklick angezeigt jedoch oeffnet sich kein weiteres menue. Daher kommt das .log ungezippt.

Ich hoffe hier unterstuetzung zu finden den Rechner hier einigermassen sicher zu machen da ich die naechsten Wochen hier bin und auch online banking betreiben muss!

Vielen Dank im Vorraus

Mark

Alt 04.02.2013, 22:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Hallo und

Zitat:
jetzt ist NOD32 installiert. Es wurden eine reihe von Viren erkannt,
Die Logs bitte alle nachreichen, warum ist hier erklärt => http://www.trojaner-board.de/125889-...tml#post941520

Zitat:
2. Beim Durchlauf von OLT wurden zwar zwei TEXT dokumente erstellt, jedoch leer! (Es handelt sich genau genommen um AKEL PAD format)
Welche Größe haben die OTL-Log?
AKEL PAD kenn ich nicht. Öffne die Logdateien mit notepad oder notepad++ (kostenlos), die Logs sind ganz normale Textdateien.

Und bitte alle Logs in CODE-Tags posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 04.02.2013, 23:47   #3
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Hallo cosinus, vielen Dank fuer die Antwort.
Habe das wie geschrieben gemacht, sieht aber sehr unleserlich aus... was kann ich tun?

Die OLT logs sind von alleine leer aufgegangen, und nach dem schliessen im nirvana verschwunden... Werde aber jetzt nochmal scannen und schauen was passiert.


Code:
ATTFilter
03.02.2013 17:46:10	Real-time file system protection	file	C:\Documents and Settings\User\Мои документы\Downloads\SoftonicDownloader_fuer_cpu-z.exe.part	a variant of Win32/SoftonicDownloader.E potentially unwanted application	cleaned by deleting - quarantined	COMP\User	Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
03.02.2013 17:45:48	HTTP filter	file	hxxp://sd-cf.softonic.de/15000/15311/ud_100/SoftonicDownloader_fuer_cpu-z.exe?Expires=1359922508&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Mf9SYIJHRVrvB-hoOpBL0jh0UXY248q~9bz8v7Q-dtYCnHcKnPlAiMNCCKDdyDbx2MdDYT6bjZ7a5xpp5p8WJBrl50tTXP9Meqis~WghnHyhqpvrLre9UHvhJ2abBX1uj0QEU6gE2ZiZY0LMMG8zVUoL5Suu1HYd2ODWyRSticQ_&file=/SoftonicDownloader_fuer_cpu-z.exe	a variant of Win32/SoftonicDownloader.E potentially unwanted application	connection terminated - quarantined	COMP\User	Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
03.02.2013 17:45:46	Real-time file system protection	file	C:\DOCUME~1\User\LOCALS~1\Temp\cPHELzZp.exe.part	a variant of Win32/SoftonicDownloader.E potentially unwanted application	cleaned by deleting	COMP\User	Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
21.01.2013 09:09:22	Real-time file system protection	file	I:\firefox downloads\01net_Revo_Uninstaller.exe.part	Win32/Amonetize potentially unwanted application	cleaned by deleting		Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
21.01.2013 09:08:44	Real-time file system protection	file	I:\firefox downloads\01net_Revo_Uninstaller.exe.part	Win32/Amonetize potentially unwanted application	cleaned by deleting - quarantined		Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
21.01.2013 09:08:40	Real-time file system protection	file	C:\DOCUME~1\User\LOCALS~1\Temp\_b8nIsHe.exe.part	Win32/Amonetize potentially unwanted application	cleaned by deleting		Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
21.01.2013 09:08:12	HTTP filter	file	hxxp://dde.integration.storage.conduit-services.com/91/550/ct5502891/d1718c7201e140abac1fbe7db36fea8c/Downloads/Prod/DDE1.3.6.1/12-12-11-17.08.51.100/01net_Revo_Uninstaller.exe	Win32/Amonetize potentially unwanted application	connection terminated - quarantined	COMP\User	Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
18.01.2013 11:35:34	Real-time file system protection	file	C:\System Volume Information\_restore{BD39B512-862F-4621-942F-DA01D2B28B20}\RP407\A0109871.exe	multiple threats	cleaned by deleting - quarantined	NT AUTHORITY\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.
17.01.2013 12:45:46	Real-time file system protection	file	C:\RECYCLER\S-1-5-21-1606980848-220523388-1547161642-1003\Dc9.exe	multiple threats	cleaned by deleting - quarantined	COMP\User	Event occurred on a file modified by the application: C:\WINDOWS\explorer.exe.
Habe nochmal mit OLT einen quick scan durchgefuehrt und es wurden wieder nur zwei leere Text Fenster erstellt, von denen eines automatisch geschlossen wurde. Die speichergroesse des verbliebenen konnte ich nicht feststellen (wie?).
__________________
Alt 05.02.2013, 08:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Log mit OTL erstellen:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.


Anschließend MBAR:

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.02.2013, 21:25   #5
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


o.k. habe OTL gestartet, allerdings vom USB stick weil es sich vom Desktop nicht starten lies. Leider habe dann OTL.exe so gestartet wie im gleichnamigen link beschrieben, erst danach daemmerte es mir das ich OTL nur so konfigurieren soll wie in meinem thread von Dir beschrieben... Prompt habe ich auch nur *immerhin) 1 OTL.txt Datei ausgegeben bekommen. Nun scanne ich nochmals wie verlangt und poste dann wieder.

Code:
ATTFilter
OTL logfile created on: 05.02.2013 21:49:55 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = I:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy
 
767.48 Mb Total Physical Memory | 369.66 Mb Available Physical Memory | 48.16% Memory free
1.08 Gb Paging File | 0.73 Gb Available in Paging File | 67.01% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.15 Gb Free Space | 2.14% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.39 Gb Free Space | 14.03% Space Free | Partition Type: FAT32
Drive I: | 960.53 Mb Total Space | 757.19 Mb Free Space | 78.83% Space Free | Partition Type: FAT
 
Computer Name: COMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - I:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SRWare Iron\iron.exe (SRWare)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\ndp20sp2-kb2742596-x86.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - g:\a6c9994407f27630b66a22b0b45bf7\HotFixInstaller.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\winlogon.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\smss.exe (Корпорация Майкрософт)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files\SRWare Iron\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Корпорация Майкрософт)
SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
SRV - (Wmi) -- C:\WINDOWS\system32\advapi32.dll (Корпорация Майкрософт)
SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Корпорация Майкрософт)
SRV - (Nla) -- C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Корпорация Майкрософт)
SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Корпорация Майкрософт)
SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Корпорация Майкрософт)
SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Корпорация Майкрософт)
SRV - (stisvc) -- C:\WINDOWS\system32\wiaservc.dll (Корпорация Майкрософт)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Корпорация Майкрософт)
SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Корпорация Майкрософт)
SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Корпорация Майкрософт)
SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Корпорация Майкрософт)
SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Корпорация Майкрософт)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Корпорация Майкрософт)
SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Корпорация Майкрософт)
SRV - (AppMgmt) -- C:\WINDOWS\system32\appmgmts.dll (Корпорация Майкрософт)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Корпорация Майкрософт)
SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Корпорация Майкрософт)
SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Корпорация Майкрософт)
SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт)
SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Корпорация Майкрософт)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Корпорация Майкрософт)
SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Корпорация Майкрософт)
SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Корпорация Майкрософт)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Корпорация Майкрософт)
SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Корпорация Майкрософт)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (mnmdd) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
DRV - (ApfiltrService) -- system32\DRIVERS\Apfiltr.sys File not found
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (krnl_akl) -- C:\WINDOWS\system32\drivers\krnl_akl.sys (Global Information Technology (UK) Limited.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Корпорация Майкрософт)
DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Корпорация Майкрософт)
DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys (Корпорация Майкрософт)
DRV - (Ftdisk) -- C:\WINDOWS\system32\drivers\ftdisk.sys (Корпорация Майкрософт)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Корпорация Майкрософт)
DRV - (sr) -- C:\WINDOWS\system32\drivers\sr.sys (Корпорация Майкрософт)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Корпорация Майкрософт)
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Корпорация Майкрософт)
DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Корпорация Майкрософт)
DRV - (isapnp) -- C:\WINDOWS\system32\drivers\isapnp.sys (Корпорация Майкрософт)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Корпорация Майкрософт)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Корпорация Майкрософт)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Корпорация Майкрософт)
DRV - (PCI) -- C:\WINDOWS\system32\drivers\pci.sys (Корпорация Майкрософт)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Корпорация Майкрософт)
DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Корпорация Майкрософт)
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Корпорация Майкрософт)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvmpu401) -- C:\WINDOWS\system32\drivers\nvmpu401.sys (NVIDIA Corporation)
DRV - (EL910) -- C:\WINDOWS\system32\drivers\EL910N51.sys (3Com Corporation)
DRV - (PCIIde) -- C:\WINDOWS\system32\drivers\pciide.sys (Корпорация Майкрософт)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=135294&text={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Page = 
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.ukrtelecom.ua/
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Корпорация Майкрософт)
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes,DefaultScope = {3E0C9769-C75E-4D54-9BA8-ACE7DDE006DD6B4}
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{3E0C9769-C75E-4D54-9BA8-ACE7DDE006DD6B4}: "URL" = hxxp://superru.net/?q={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{8A0349E9-5932-C082-03A2-591DDE006DBACE7}: "URL" = hxxp://superru.net/?text={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.01.17 12:32:09 | 000,000,000 | ---D | M]
 
[2013.01.03 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013.02.03 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions
[2013.02.03 15:43:27 | 000,045,184 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions\jsonovich@lackoftalent.org.xpi
 
O1 HOSTS File: ([2013.02.04 17:20:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Ссылки) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O4 - HKLM..\Run: [C:\Documents and Settings\User\Рабочий стол\test.exe.exe] C:\Documents and Settings\User\Рабочий стол\test.exe.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - Startup: C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled [2012.06.02 13:21:05 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360018479234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{189530A2-4083-4693-87DC-BC9167B1706D}: NameServer = 213.179.249.136 213.179.249.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D08FDA9D-D240-4754-922D-EB72EF7089C5}: NameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 () - 
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.14 16:13:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 21:28:38 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2013.02.05 17:42:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsroute.dll
[2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxssend.exe
[2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclntR.dll
[2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscfgwz.dll
[2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2013.02.05 17:42:09 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2013.02.05 17:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.02.05 17:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.02.05 02:03:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.05 01:54:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013.02.05 01:40:08 | 000,457,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013.02.05 01:38:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2013.02.05 01:32:04 | 008,480,256 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2013.02.05 01:26:39 | 000,048,128 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2013.02.05 01:26:36 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2013.02.05 01:12:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado28.tlb
[2013.02.05 01:05:23 | 002,150,912 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013.02.05 01:05:22 | 002,194,816 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013.02.05 01:05:18 | 002,029,568 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013.02.05 01:05:17 | 002,071,424 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013.02.05 00:53:39 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013.02.05 00:53:39 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013.02.05 00:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013.02.04 19:26:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.04 19:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\7-Zip
[2013.02.04 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.02.04 16:58:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.04 16:56:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.04 16:56:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.04 16:56:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.04 16:56:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.04 16:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.04 16:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.04 15:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2013.01.21 09:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\VS Revo Group
[2013.01.20 09:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013.01.17 14:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013.01.17 14:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.01.17 12:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.16 21:28:51 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.16 21:28:51 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.16 21:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.swt
[2013.01.16 16:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013.01.07 18:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013.01.07 18:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2013.01.07 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013.01.07 18:24:57 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.07 18:24:57 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.01.07 18:24:57 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.07 18:24:14 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.07 18:24:14 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.07 18:24:13 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.07 18:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.05 21:43:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.05 21:39:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.05 21:33:30 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.05 17:42:32 | 000,436,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.05 17:42:32 | 000,068,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.05 17:42:31 | 000,443,244 | ---- | M] () -- C:\WINDOWS\System32\perfh019.dat
[2013.02.05 17:42:31 | 000,065,056 | ---- | M] () -- C:\WINDOWS\System32\perfc019.dat
[2013.02.05 17:42:27 | 000,000,570 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2013.02.05 17:18:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.05 16:57:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.05 04:59:23 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.04 18:20:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2013.02.04 17:20:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.02.04 16:58:40 | 000,000,322 | RHS- | M] () -- C:\boot.ini
[2013.02.04 15:56:53 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2013.01.21 23:28:56 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.18 22:17:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.18 22:17:46 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.07 18:23:44 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.07 18:23:37 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.07 18:23:37 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.07 18:23:36 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.07 18:23:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.07 18:23:35 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.07 18:23:35 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.05 17:42:17 | 000,000,570 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2013.02.05 17:42:12 | 000,003,556 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013.02.05 17:42:12 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h
[2013.02.05 16:26:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.05 01:54:57 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013.02.04 18:20:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2013.02.04 16:58:40 | 000,000,206 | ---- | C] () -- C:\Boot.bak
[2013.02.04 16:58:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013.02.04 16:56:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.04 16:56:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.04 16:56:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.04 16:56:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.04 16:56:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.04 15:56:53 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2013.01.18 22:17:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.20 12:04:54 | 003,207,168 | ---- | C] () -- C:\WINDOWS\System32\defrasvr.exe
[2012.01.18 17:20:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\{7C89722B-9EC8-42DC-82FA-0805F0D77017}
[2011.12.14 19:15:53 | 000,000,133 | ---- | C] () -- C:\WINDOWS\operaprefs.ini
[2010.04.09 18:16:19 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\intlname.ols
[2009.05.14 17:16:36 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.05.14 17:08:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:31:45 | 001,510,400 | ---- | M] (Корпорация Майкрософт)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:54:16 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.15 09:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.05.14 17:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.05.14 17:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012.10.16 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VKSaver
[2002.01.01 01:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2009.06.27 14:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity
[2009.10.05 16:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Desperate Housewives
[2012.12.26 13:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2013.01.03 12:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FK_Monitor
[2009.06.24 22:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mra
[2009.06.22 13:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QIP
[2012.08.18 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2012.10.17 12:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2012.12.27 21:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wondershare
[2012.10.17 13:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yandex
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.02.05 21:38:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
[2013.02.05 21:31:20 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
[2013.02.05 21:31:20 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
[2013.02.05 21:14:48 | 000,001,554 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt
[2013.02.05 18:02:55 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads
[2013.02.05 17:42:29 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\??????? ????\?????????\????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Игры
[2013.02.05 03:01:02 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
[2013.02.05 03:01:02 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads
[2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню
[2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню
[2013.02.04 20:07:02 | 000,080,976 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log
[2013.02.04 20:06:21 | 000,080,976 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log
[2013.02.04 16:55:36 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи
[2013.02.04 16:55:36 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи
[2013.02.04 16:55:35 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки
[2013.02.04 16:55:35 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки
[2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
[2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
[2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\User\Главное меню\Программы\WinRAR
[2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\All Users\Главное меню\Программы\WinRAR
[2013.01.26 22:50:09 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ
[2013.01.26 16:48:38 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ
[2013.01.17 12:43:04 | 000,000,323 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk
[2013.01.17 12:42:58 | 000,000,323 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk
[2013.01.17 12:42:10 | 000,000,308 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk
[2013.01.17 12:42:06 | 000,000,308 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk
[2013.01.17 12:31:38 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\ESET) -- C:\Documents and Settings\All Users\Главное меню\Программы\ESET
[2013.01.17 11:37:31 | 000,001,554 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt
[2013.01.16 17:04:55 | 000,001,734 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk
[2013.01.16 17:04:54 | 000,001,804 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Adobe Reader XI.lnk
[2013.01.16 17:04:54 | 000,001,734 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk
[2012.11.07 12:18:13 | 000,432,640 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db
[2012.06.02 13:21:05 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled
[2012.06.02 13:21:05 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled
[2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
[2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
[2012.01.08 02:52:37 | 002,410,584 | ---- | M] (iMesh Inc.                                                                                                                                                                                                                                                                                                  )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe
[2012.01.08 02:52:37 | 002,410,584 | ---- | C] (iMesh Inc.                                                                                                                                                                                                                                                                                                  )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe
[2010.02.06 16:39:34 | 000,269,312 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db
[2010.02.06 16:32:38 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF
[2010.02.06 16:32:13 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF
[2009.10.22 21:27:03 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка
[2009.06.22 13:49:16 | 000,269,312 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db
[2009.05.14 19:53:47 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 19:53:47 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini
[2009.05.14 19:53:47 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini
[2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
[2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
[2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
[2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
[2009.05.14 16:31:46 | 000,000,779 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk
[2009.05.14 16:31:45 | 000,000,200 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini
[2009.05.14 16:31:45 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2009.05.14 16:31:45 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2009.05.14 16:31:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
[2009.05.14 16:31:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
[2009.05.14 16:31:28 | 000,000,779 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk
[2009.05.14 16:31:25 | 000,000,200 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini
[2009.05.14 16:22:07 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:15 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка
[2009.05.14 16:10:04 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки
[2009.05.14 16:08:43 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки
[2009.05.14 16:07:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка
[2009.05.14 16:06:08 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
[2009.05.14 16:06:08 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
[2009.05.14 16:05:11 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи
[2009.05.14 16:05:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи
[2008.07.04 14:10:02 | 000,022,486 | R--- | M] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico
[2008.06.17 22:07:45 | 000,432,640 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db
[2008.04.15 09:30:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf
[2008.04.15 09:30:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf
[2002.01.14 06:11:09 | 000,022,486 | R--- | C] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico
[2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
[2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
[2002.01.01 00:34:13 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка
(C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
(C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
(C:\Documents and Settings\User\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Администрирование
(C:\Documents and Settings\User\??????? ????\?????????\????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка
(C:\Documents and Settings\User\??????? ????\?????????\???????????) -- C:\Documents and Settings\User\Главное меню\Программы\Стандартные
(C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
(C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
(C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
(C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
(C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
(C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
(C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Office) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Office
(C:\Documents and Settings\All Users\??????? ????\?????????\K-Lite Codec Pack) -- C:\Documents and Settings\All Users\Главное меню\Программы\K-Lite Codec Pack
(C:\Documents and Settings\All Users\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Администрирование
(C:\Documents and Settings\All Users\??????? ????\?????????\????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
(C:\Documents and Settings\All Users\??????? ????\?????????\???????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Стандартные
(C:\Documents and Settings\All Users\??????? ????\?????????\???????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Утилиты
(C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
(C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню

< End of report >


Alt 05.02.2013, 21:37   #6
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


o.k. hier der 2. Scan und diesmal hat es mit der Datei Ausgabe geklappt.
Inhalt der Extra Datei weiter unten.


Code:
ATTFilter
OTL logfile created on: 05.02.2013 22:19:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = I:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy
 
767.48 Mb Total Physical Memory | 346.42 Mb Available Physical Memory | 45.14% Memory free
1.08 Gb Paging File | 0.72 Gb Available in Paging File | 66.41% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.84 Gb Total Space | 0.01 Gb Free Space | 0.13% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.15 Gb Free Space | 2.14% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.39 Gb Free Space | 14.03% Space Free | Partition Type: FAT32
Drive I: | 960.53 Mb Total Space | 757.06 Mb Free Space | 78.82% Space Free | Partition Type: FAT
 
Computer Name: COMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - I:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SRWare Iron\iron.exe (SRWare)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\ndp20sp2-kb2742596-x86.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - g:\a6c9994407f27630b66a22b0b45bf7\HotFixInstaller.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\winlogon.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\system32\smss.exe (Корпорация Майкрософт)
PRC - C:\WINDOWS\notepad.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\SRWare Iron\ffmpegsumo.dll ()
MOD - C:\WINDOWS\notepad.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Корпорация Майкрософт)
SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Корпорация Майкрософт)
SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Корпорация Майкрософт)
SRV - (Wmi) -- C:\WINDOWS\system32\advapi32.dll (Корпорация Майкрософт)
SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Корпорация Майкрософт)
SRV - (Nla) -- C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Корпорация Майкрософт)
SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Корпорация Майкрософт)
SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Корпорация Майкрософт)
SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Корпорация Майкрософт)
SRV - (stisvc) -- C:\WINDOWS\system32\wiaservc.dll (Корпорация Майкрософт)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Корпорация Майкрософт)
SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Корпорация Майкрософт)
SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Корпорация Майкрософт)
SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Корпорация Майкрософт)
SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Корпорация Майкрософт)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Корпорация Майкрософт)
SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Корпорация Майкрософт)
SRV - (AppMgmt) -- C:\WINDOWS\system32\appmgmts.dll (Корпорация Майкрософт)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Корпорация Майкрософт)
SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Корпорация Майкрософт)
SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Корпорация Майкрософт)
SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Корпорация Майкрософт)
SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Корпорация Майкрософт)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Корпорация Майкрософт)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Корпорация Майкрософт)
SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Корпорация Майкрософт)
SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Корпорация Майкрософт)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Корпорация Майкрософт)
SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Корпорация Майкрософт)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (mnmdd) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
DRV - (ApfiltrService) -- system32\DRIVERS\Apfiltr.sys File not found
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (krnl_akl) -- C:\WINDOWS\system32\drivers\krnl_akl.sys (Global Information Technology (UK) Limited.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Корпорация Майкрософт)
DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Корпорация Майкрософт)
DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys (Корпорация Майкрософт)
DRV - (Ftdisk) -- C:\WINDOWS\system32\drivers\ftdisk.sys (Корпорация Майкрософт)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Корпорация Майкрософт)
DRV - (sr) -- C:\WINDOWS\system32\drivers\sr.sys (Корпорация Майкрософт)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Корпорация Майкрософт)
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Корпорация Майкрософт)
DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Корпорация Майкрософт)
DRV - (isapnp) -- C:\WINDOWS\system32\drivers\isapnp.sys (Корпорация Майкрософт)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Корпорация Майкрософт)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Корпорация Майкрософт)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Корпорация Майкрософт)
DRV - (PCI) -- C:\WINDOWS\system32\drivers\pci.sys (Корпорация Майкрософт)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Корпорация Майкрософт)
DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Корпорация Майкрософт)
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Корпорация Майкрософт)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvmpu401) -- C:\WINDOWS\system32\drivers\nvmpu401.sys (NVIDIA Corporation)
DRV - (EL910) -- C:\WINDOWS\system32\drivers\EL910N51.sys (3Com Corporation)
DRV - (PCIIde) -- C:\WINDOWS\system32\drivers\pciide.sys (Корпорация Майкрософт)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=135294&text={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie_rsearch.html
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Page = 
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.ukrtelecom.ua/
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Корпорация Майкрософт)
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes,DefaultScope = {3E0C9769-C75E-4D54-9BA8-ACE7DDE006DD6B4}
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{3E0C9769-C75E-4D54-9BA8-ACE7DDE006DD6B4}: "URL" = hxxp://superru.net/?q={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\SearchScopes\{8A0349E9-5932-C082-03A2-591DDE006DBACE7}: "URL" = hxxp://superru.net/?text={searchTerms}&utm_medium=cse&utm_source=ut&utm_campaign=bp&utm_content=11-10
IE - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013.02.05 02:50:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.01.17 12:32:09 | 000,000,000 | ---D | M]
 
[2013.01.03 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013.02.03 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions
[2013.02.03 15:43:27 | 000,045,184 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0n7tkpfc.default-1359367750718\extensions\jsonovich@lackoftalent.org.xpi
 
O1 HOSTS File: ([2013.02.04 17:20:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O3 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\..\Toolbar\WebBrowser: (&Ссылки) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C:\Documents and Settings\User\Рабочий стол\test.exe.exe] C:\Documents and Settings\User\Рабочий стол\test.exe.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled [2012.06.02 13:21:05 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Экспорт в Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360018479234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{189530A2-4083-4693-87DC-BC9167B1706D}: NameServer = 213.179.249.136 213.179.249.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D08FDA9D-D240-4754-922D-EB72EF7089C5}: NameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 () - 
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Корпорация Майкрософт (Microsoft Corp.))
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.14 16:13:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 21:28:38 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2013.02.05 17:42:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsroute.dll
[2013.02.05 17:42:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxssend.exe
[2013.02.05 17:42:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2013.02.05 17:42:11 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclntR.dll
[2013.02.05 17:42:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscfgwz.dll
[2013.02.05 17:42:11 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2013.02.05 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2013.02.05 17:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2013.02.05 17:42:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2013.02.05 17:42:09 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2013.02.05 17:42:09 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2013.02.05 17:42:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2013.02.05 17:42:08 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2013.02.05 17:42:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2013.02.05 17:42:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2013.02.05 17:42:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2013.02.05 17:42:07 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2013.02.05 17:42:07 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2013.02.05 17:42:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2013.02.05 17:42:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2013.02.05 17:42:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2013.02.05 17:42:04 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2013.02.05 17:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.02.05 17:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.02.05 02:03:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.05 01:54:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013.02.05 01:40:08 | 000,457,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013.02.05 01:38:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2013.02.05 01:32:04 | 008,480,256 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2013.02.05 01:26:39 | 000,048,128 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2013.02.05 01:26:36 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2013.02.05 01:12:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado28.tlb
[2013.02.05 01:05:23 | 002,150,912 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013.02.05 01:05:22 | 002,194,816 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013.02.05 01:05:18 | 002,029,568 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013.02.05 01:05:17 | 002,071,424 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013.02.05 00:53:39 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013.02.05 00:53:39 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013.02.05 00:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013.02.04 19:26:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.04 19:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\7-Zip
[2013.02.04 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.02.04 16:58:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.04 16:56:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.04 16:56:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.04 16:56:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.04 16:56:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.04 16:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.04 16:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.04 15:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2013.01.21 09:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\VS Revo Group
[2013.01.20 09:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013.01.17 14:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013.01.17 14:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.01.17 12:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.16 21:28:51 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.16 21:28:51 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.16 21:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.swt
[2013.01.16 16:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013.01.07 18:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013.01.07 18:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2013.01.07 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013.01.07 18:24:57 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.07 18:24:57 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.01.07 18:24:57 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.07 18:24:14 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.07 18:24:14 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.07 18:24:13 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.07 18:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.05 21:43:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.05 21:39:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.05 21:33:30 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.05 17:42:32 | 000,436,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.05 17:42:32 | 000,068,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.05 17:42:31 | 000,443,244 | ---- | M] () -- C:\WINDOWS\System32\perfh019.dat
[2013.02.05 17:42:31 | 000,065,056 | ---- | M] () -- C:\WINDOWS\System32\perfc019.dat
[2013.02.05 17:42:27 | 000,000,570 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2013.02.05 17:18:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.05 16:57:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.05 04:59:23 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.04 18:20:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2013.02.04 17:20:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.02.04 16:58:40 | 000,000,322 | RHS- | M] () -- C:\boot.ini
[2013.02.04 15:56:53 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2013.01.21 23:28:56 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.18 22:17:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.18 22:17:46 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.07 18:23:44 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.07 18:23:37 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.07 18:23:37 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.07 18:23:36 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.07 18:23:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.07 18:23:35 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.07 18:23:35 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.05 17:42:17 | 000,000,570 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2013.02.05 17:42:12 | 000,003,556 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013.02.05 17:42:12 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h
[2013.02.05 16:26:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.05 01:54:57 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.02.05 01:04:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013.02.04 18:20:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2013.02.04 16:58:40 | 000,000,206 | ---- | C] () -- C:\Boot.bak
[2013.02.04 16:58:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013.02.04 16:56:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.04 16:56:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.04 16:56:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.04 16:56:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.04 16:56:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.04 15:56:53 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2013.01.18 22:17:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.20 12:04:54 | 003,207,168 | ---- | C] () -- C:\WINDOWS\System32\defrasvr.exe
[2012.01.18 17:20:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\{7C89722B-9EC8-42DC-82FA-0805F0D77017}
[2011.12.14 19:15:53 | 000,000,133 | ---- | C] () -- C:\WINDOWS\operaprefs.ini
[2010.04.09 18:16:19 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\intlname.ols
[2009.05.14 17:16:36 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.05.14 17:08:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:31:45 | 001,510,400 | ---- | M] (Корпорация Майкрософт)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:54:16 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.15 09:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013.02.05 21:38:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
[2013.02.05 21:38:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
[2013.02.05 21:31:20 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
[2013.02.05 21:31:20 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
[2013.02.05 21:14:48 | 000,001,554 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt
[2013.02.05 18:02:55 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads
[2013.02.05 17:42:29 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\??????? ????\?????????\????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Игры
[2013.02.05 17:41:56 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
[2013.02.05 17:41:56 | 000,000,000 | ---D | M](C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
[2013.02.05 03:01:02 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\Downloads) -- C:\Documents and Settings\User\Мои документы\Downloads
[2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню
[2013.02.05 02:04:16 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню
[2013.02.04 20:07:02 | 000,080,976 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log
[2013.02.04 20:06:21 | 000,080,976 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\gmer.log.log) -- C:\Documents and Settings\User\Рабочий стол\gmer.log.log
[2013.02.04 16:55:36 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи
[2013.02.04 16:55:36 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????????) -- C:\Documents and Settings\User\Мои документы\Мои видеозаписи
[2013.02.04 16:55:35 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки
[2013.02.04 16:55:35 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ???????) -- C:\Documents and Settings\User\Мои документы\Мои рисунки
[2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
[2013.02.04 15:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
[2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\User\Главное меню\Программы\WinRAR
[2013.02.04 14:12:53 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\WinRAR) -- C:\Documents and Settings\All Users\Главное меню\Программы\WinRAR
[2013.01.26 22:50:09 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ
[2013.01.26 16:48:38 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??? ?????????\????? ??) -- C:\Documents and Settings\User\Мои документы\Марго ЦЗ
[2013.01.17 12:43:04 | 000,000,323 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk
[2013.01.17 12:42:58 | 000,000,323 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\desktop documents.lnk) -- C:\Documents and Settings\User\Рабочий стол\desktop documents.lnk
[2013.01.17 12:42:10 | 000,000,308 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk
[2013.01.17 12:42:06 | 000,000,308 | ---- | M] ()(C:\Documents and Settings\User\??????? ????\Markus desktop.lnk) -- C:\Documents and Settings\User\Рабочий стол\Markus desktop.lnk
[2013.01.17 12:31:38 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\??????? ????\?????????\ESET) -- C:\Documents and Settings\All Users\Главное меню\Программы\ESET
[2013.01.17 11:37:31 | 000,001,554 | ---- | C] ()(C:\Documents and Settings\User\??????? ????\link closed.txt) -- C:\Documents and Settings\User\Рабочий стол\link closed.txt
[2013.01.16 17:04:55 | 000,001,734 | ---- | M] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk
[2013.01.16 17:04:54 | 000,001,804 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Главное меню\Программы\Adobe Reader XI.lnk
[2013.01.16 17:04:54 | 000,001,734 | ---- | C] ()(C:\Documents and Settings\All Users\??????? ????\Adobe Reader XI.lnk) -- C:\Documents and Settings\All Users\Рабочий стол\Adobe Reader XI.lnk
[2012.11.07 12:18:13 | 000,432,640 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db
[2012.06.02 13:21:05 | 000,000,000 | ---D | M](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled
[2012.06.02 13:21:05 | 000,000,000 | ---D | C](C:\Documents and Settings\User\??????? ????\?????????\????????????\AutorunsDisabled) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\AutorunsDisabled
[2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
[2012.04.18 17:24:36 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
[2012.01.08 02:52:37 | 002,410,584 | ---- | M] (iMesh Inc.                                                                                                                                                                                                                                                                                                  )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe
[2012.01.08 02:52:37 | 002,410,584 | ---- | C] (iMesh Inc.                                                                                                                                                                                                                                                                                                  )(C:\Documents and Settings\User\??????? ????\iMeshV11.exe) -- C:\Documents and Settings\User\Рабочий стол\iMeshV11.exe
[2010.02.06 16:39:34 | 000,269,312 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db
[2010.02.06 16:32:38 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF
[2010.02.06 16:32:13 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\?????????\Adobe PDF) -- C:\Documents and Settings\All Users\Документы\Adobe PDF
[2009.10.22 21:27:03 | 000,000,000 | R--D | C](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка
[2009.06.22 13:49:16 | 000,269,312 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\Thumbs.db) -- C:\Documents and Settings\User\Мои документы\Thumbs.db
[2009.05.14 19:53:47 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 19:53:47 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini
[2009.05.14 19:53:47 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\All Users\?????????\desktop.ini) -- C:\Documents and Settings\All Users\Документы\desktop.ini
[2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
[2009.05.14 19:53:47 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
[2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
[2009.05.14 19:53:47 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
[2009.05.14 16:31:46 | 000,000,779 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk
[2009.05.14 16:31:45 | 000,000,200 | -HS- | M] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini
[2009.05.14 16:31:45 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2009.05.14 16:31:45 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2009.05.14 16:31:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
[2009.05.14 16:31:45 | 000,000,000 | R--D | M](C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
[2009.05.14 16:31:28 | 000,000,779 | ---- | C] ()(C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Запустить обозреватель Internet Explorer.lnk
[2009.05.14 16:31:25 | 000,000,200 | -HS- | C] ()(C:\Documents and Settings\User\??? ?????????\desktop.ini) -- C:\Documents and Settings\User\Мои документы\desktop.ini
[2009.05.14 16:22:07 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\User\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:37 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\All Users\??????? ????\?????????\????????????\desktop.ini) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini
[2009.05.14 16:13:15 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка
[2009.05.14 16:10:04 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки
[2009.05.14 16:08:43 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????) -- C:\Documents and Settings\All Users\Документы\Мои рисунки
[2009.05.14 16:07:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ??????) -- C:\Documents and Settings\All Users\Документы\Моя музыка
[2009.05.14 16:05:11 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи
[2009.05.14 16:05:11 | 000,000,000 | R--D | C](C:\Documents and Settings\All Users\?????????\??? ???????????) -- C:\Documents and Settings\All Users\Документы\Мои видеозаписи
[2008.07.04 14:10:02 | 000,022,486 | R--- | M] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico
[2008.06.17 22:07:45 | 000,432,640 | -HS- | C] ()(C:\Documents and Settings\User\??????? ????\Thumbs.db) -- C:\Documents and Settings\User\Рабочий стол\Thumbs.db
[2008.04.15 09:30:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf
[2008.04.15 09:30:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\???????? ???????.scf) -- C:\WINDOWS\System32\Просмотр каналов.scf
[2002.01.14 06:11:09 | 000,022,486 | R--- | C] ()(C:\Documents and Settings\User\??? ?????????\ogo.ico) -- C:\Documents and Settings\User\Мои документы\ogo.ico
[2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
[2002.01.01 01:10:17 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
[2002.01.01 00:34:13 | 000,000,000 | R--D | M](C:\Documents and Settings\User\??? ?????????\??? ??????) -- C:\Documents and Settings\User\Мои документы\Моя музыка
(C:\Documents and Settings\User\?????????) -- C:\Documents and Settings\User\Избранное
(C:\Documents and Settings\User\???????) -- C:\Documents and Settings\User\Шаблоны
(C:\Documents and Settings\User\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Администрирование
(C:\Documents and Settings\User\??????? ????\?????????\????????????) -- C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка
(C:\Documents and Settings\User\??????? ????\?????????\???????????) -- C:\Documents and Settings\User\Главное меню\Программы\Стандартные
(C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Рабочий стол
(C:\Documents and Settings\User\??????? ????) -- C:\Documents and Settings\User\Главное меню
(C:\Documents and Settings\User\??? ?????????) -- C:\Documents and Settings\User\Мои документы
(C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Избранное
(C:\Documents and Settings\All Users\?????????) -- C:\Documents and Settings\All Users\Документы
(C:\Documents and Settings\All Users\???????) -- C:\Documents and Settings\All Users\Шаблоны
(C:\Documents and Settings\All Users\??????? ????\?????????\Microsoft Office) -- C:\Documents and Settings\All Users\Главное меню\Программы\Microsoft Office
(C:\Documents and Settings\All Users\??????? ????\?????????\K-Lite Codec Pack) -- C:\Documents and Settings\All Users\Главное меню\Программы\K-Lite Codec Pack
(C:\Documents and Settings\All Users\??????? ????\?????????\?????????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Администрирование
(C:\Documents and Settings\All Users\??????? ????\?????????\????????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
(C:\Documents and Settings\All Users\??????? ????\?????????\???????????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Стандартные
(C:\Documents and Settings\All Users\??????? ????\?????????\???????) -- C:\Documents and Settings\All Users\Главное меню\Программы\Утилиты
(C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Рабочий стол
(C:\Documents and Settings\All Users\??????? ????) -- C:\Documents and Settings\All Users\Главное меню

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 05.02.2013 22:19:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = I:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000807 | Country: Швейцария | Language: DES | Date Format: dd.MM.yyyy
 
767.48 Mb Total Physical Memory | 346.42 Mb Available Physical Memory | 45.14% Memory free
1.08 Gb Paging File | 0.72 Gb Available in Paging File | 66.41% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.84 Gb Total Space | 0.01 Gb Free Space | 0.13% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 0.15 Gb Free Space | 2.14% Space Free | Partition Type: FAT32
Drive E: | 6.83 Gb Total Space | 0.37 Gb Free Space | 5.37% Space Free | Partition Type: FAT32
Drive F: | 6.83 Gb Total Space | 0.33 Gb Free Space | 4.77% Space Free | Partition Type: FAT32
Drive G: | 9.90 Gb Total Space | 1.39 Gb Free Space | 14.03% Space Free | Partition Type: FAT32
Drive I: | 960.53 Mb Total Space | 757.06 Mb Free Space | 78.82% Space Free | Partition Type: FAT
 
Computer Name: COMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (?????????? ??????????)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (?????????? ??????????)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (?????????? ??????????)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
 
[HKEY_USERS\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Корпорация Майкрософт)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Корпорация Майкрософт)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Корпорация Майкрософт)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Корпорация Майкрософт)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Корпорация Майкрософт)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Корпорация Майкрософт)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Корпорация Майкрософт)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Корпорация Майкрософт)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [open] -- regedit.exe "%1" (Корпорация Майкрософт)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Корпорация Майкрософт)
Directory [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Directory [openNew] -- explorer %1 (Корпорация Майкрософт)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Корпорация Майкрософт)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Корпорация Майкрософт)
Drive [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Корпорация Майкрософт)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Корпорация Майкрософт)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"Start" = 4
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{84DB5951-10B0-4D73-A767-C6D4B50E318B}" = ESET NOD32 Antivirus
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office - профессиональный выпуск версии 2003
"{90170419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90A10419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version 24.0.1350.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HashTab" = HashTab 1.14
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1606980848-220523388-1547161642-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.02.2013 22:55:23 | Computer Name = COMP | Source = ESENT | ID = 439
Description = wuauclt (2412) ?? ??????? ???????? ??????? ????????? ??? ????? C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk.
 ?????? -1808
 
Error - 04.02.2013 22:55:23 | Computer Name = COMP | Source = ESENT | ID = 454
Description = wuauclt (2412) ???? ?????????????? ???? ?????? ??-?? ??????????????
 ?????? -510.
 
Error - 04.02.2013 22:55:27 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 05.02.2013 11:31:39 | Computer Name = COMP | Source = MsiInstaller | ID = 11704
Description = 
 
Error - 05.02.2013 15:36:30 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 05.02.2013 15:36:30 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 05.02.2013 15:36:30 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 05.02.2013 16:04:33 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 05.02.2013 16:04:40 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 05.02.2013 16:04:47 | Computer Name = COMP | Source = MsiInstaller | ID = 11711
Description = 
 
[ System Events ]
Error - 04.02.2013 09:25:47 | Computer Name = COMP | Source = DCOM | ID = 10005
Description = ?????? DCOM "%1058" ??? ??????? ??????? ?????? wuauserv ? ???????????
 ""  ??? ??????? ???????:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 04.02.2013 12:21:44 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 04.02.2013 12:21:52 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 04.02.2013 18:07:23 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 04.02.2013 18:07:34 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 10:24:21 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 10:24:32 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 11:15:28 | Computer Name = COMP | Source = Service Control Manager | ID = 7026
Description = ???? ??? ???????? ????????(??) ???????????? ??? ??????? ???????:   eamon
ehdrv
Fips
krnl_akl
Processor
 
Error - 05.02.2013 11:18:47 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
Error - 05.02.2013 11:18:58 | Computer Name = COMP | Source = atapi | ID = 262153
Description = ?????????? \Device\Ide\IdePort1 ?? ???????? ? ??????? ????????? ????????.
 
 
< End of report >
Habe mbar nun vom desktop ausgefuehrt, was aber zuerst nicht ging> es kam die meldung es fehlt ein DDA treiber?, koennte route kit sein und es soll neu gestartet werden. Ich hatte es gerade gelesen da hat der rechner auch schon von selbst neu gestartet.
Beim zweiten Anlauf lief mbar sofort an. Log wie untenstehend. Irgendwie trau ich dem Braten nicht...

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.05.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: COMP [administrator]

06.02.2013 00:17:07
mbar-log-2013-02-06 (00-17-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 24691
Time elapsed: 42 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Habe mbar nun vom desktop ausgefuehrt, was aber zuerst nicht ging> es kam die meldung es fehlt ein DDA treiber?, koennte route kit sein und es soll neu gestartet werden. Ich hatte es gerade gelesen da hat der rechner auch schon von selbst neu gestartet.
Beim zweiten Anlauf lief mbar sofort an. Log wie untenstehend. Irgendwie trau ich dem Braten nicht...

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.05.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: COMP [administrator]

06.02.2013 00:17:07
mbar-log-2013-02-06 (00-17-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 24691
Time elapsed: 42 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 06.02.2013, 11:02   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2013, 12:05   #8
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


CF laesst sich vom Desktop nicht starten> Fehlermeldung> NSIS Error "Error launching installer".

Programme lassen sich aber vom USB stick starten, kann ich so verfahren?

Alt 06.02.2013, 12:48   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Ja probier aus
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2013, 13:08   #10
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


habs versucht, leider haengt sich CF bei der Datei Lang.bat auf und bricht ab. Was nun?

das C> laufwerk ist voll (6,8 GB) obwohl nur xp und notwendigste programme installiert sind. ist das normal? weiss nicht wie ich da noch platz schaffen soll. Jedenfalls hat nach freigabe von speicher auf c> das ausfuehren von CF geklappt.

Code:
ATTFilter
ComboFix 13-02-03.03 - User 06.02.2013  14:17:20.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1049.18.767.438 [GMT 2:00]
Running from: i:\downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\msmqinst.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\system32\TZLog.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-06 to 2013-02-06  )))))))))))))))))))))))))))))))
.
.
2013-02-06 10:12 . 2013-02-06 10:12	--------	d-----w-	c:\windows\LastGood
2013-02-05 21:28 . 2013-02-05 21:28	--------	d-sh--w-	c:\documents and settings\User\IETldCache
2013-02-05 21:19 . 2013-02-05 21:24	--------	dc-h--w-	c:\windows\ie8
2013-02-05 19:28 . 2009-10-20 16:20	265728	-c----w-	c:\windows\system32\dllcache\http.sys
2013-02-05 06:57 . 2013-02-05 06:57	1324	----a-w-	c:\documents and settings\User\Local Settings\Application Data\d3d9caps.tmp
2013-02-04 23:54 . 2013-02-06 10:12	--------	d--h--w-	c:\windows\$hf_mig$
2013-02-04 23:40 . 2011-07-15 13:29	457856	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2013-02-04 23:38 . 2009-11-27 17:25	17920	-c----w-	c:\windows\system32\dllcache\msyuv.dll
2013-02-04 23:32 . 2012-06-08 14:25	8480256	-c----w-	c:\windows\system32\dllcache\shell32.dll
2013-02-04 23:26 . 2009-11-27 16:09	48128	-c----w-	c:\windows\system32\dllcache\iyuv_32.dll
2013-02-04 23:26 . 2009-11-27 16:09	8704	-c----w-	c:\windows\system32\dllcache\tsbyuv.dll
2013-02-04 23:05 . 2012-08-23 06:26	2150912	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2013-02-04 23:05 . 2012-08-23 06:26	2194816	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2013-02-04 23:05 . 2012-08-23 06:26	2029568	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2013-02-04 23:05 . 2012-08-23 09:56	2071424	-c----w-	c:\windows\system32\dllcache\ntkrnlpa.exe
2013-02-04 23:04 . 2012-01-11 19:07	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2013-02-04 23:04 . 2012-01-11 19:07	3072	------w-	c:\windows\system32\iacenc.dll
2013-02-04 22:53 . 2012-06-02 13:18	275696	----a-w-	c:\windows\system32\mucltui.dll
2013-02-04 17:25 . 2013-02-04 17:25	--------	d-----w-	c:\documents and settings\All Users\7-Zip
2013-02-04 17:25 . 2013-02-04 17:25	--------	d-----w-	c:\program files\7-Zip
2013-02-04 13:56 . 2013-02-04 13:56	--------	d-----w-	c:\program files\SRWare Iron
2013-01-21 07:14 . 2013-01-21 07:14	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\VS Revo Group
2013-01-17 12:36 . 2013-01-17 12:36	--------	d-----w-	c:\documents and settings\User\Application Data\Malwarebytes
2013-01-17 12:35 . 2013-01-17 12:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-17 10:31 . 2013-01-17 10:31	--------	d-----w-	c:\program files\ESET
2013-01-16 19:28 . 2013-01-18 20:17	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-16 19:28 . 2013-01-18 20:17	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-16 19:28 . 2013-01-16 19:28	--------	d-----w-	c:\documents and settings\User\.swt
2013-01-07 16:30 . 2013-01-07 16:30	--------	d-----w-	c:\windows\Sun
2013-01-07 16:30 . 2013-01-07 16:30	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Sun
2013-01-07 16:24 . 2013-01-07 16:23	859072	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-01-07 16:24 . 2013-01-07 16:23	779704	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-07 16:24 . 2013-01-07 16:23	93640	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-07 16:23 . 2009-05-14 14:15	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-12-16 12:23 . 2008-04-15 07:30	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-13 11:56 . 2008-06-09 20:06	1875584	----a-w-	c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 4227328B87B0FEB858E1391B4BA50A39 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\documents and settings\User\??????? ????\test.exe.exe"="c:\documents and settings\User\??????? ????\test.exe.exe" [?]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 5074384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\All Users\7-Zip
7-Zip File Manager.lnk - c:\program files\7-Zip\7zFM.exe [2010-11-18 421888]
7-Zip Help.lnk - c:\program files\7-Zip\7-zip.chm [2010-11-18 91020]
.
c:\documents and settings\All Users\Application Data\Adobe\Acrobat\11.0\Replicate\Security
directories.acrodata [2012-9-23 479]
.
c:\documents and settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}
ABCPY.INI [2012-9-24 625]
AcroRead.msi [2012-9-24 2399232]
AdbeRdrUpd11001.msp [2012-12-18 17502208]
setup.exe [2012-12-18 364816]
Setup.ini [2012-12-18 207]
.
c:\documents and settings\All Users\Application Data\Adobe\Updater\Certs
AdobeAUM_rootCert.cer [2005-3-16 1233]
AdobeUpdate.cer [2005-3-16 1262]
AdobeUpdater.cer [2005-3-16 1263]
.
c:\documents and settings\All Users\Application Data\Adobe Systems\Product licenses
B2B86000.dat [2013-1-17 5936]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus
EpfwUser.dat [2013-2-6 7697]
HipsRules.bin [2013-2-6 48359]
HipsRules.xml [2013-1-17 8999]
httpblk.dat [2013-2-3 692]
local.db [2013-2-6 5693440]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\backup
db.xml [2013-2-5 2358]
em000_32-1049.dat.bak [2013-1-17 55888]
em001_32-1501.dat.bak [2013-1-21 525018]
em001_32-1502.dat.bak [2013-2-4 525016]
em002_32-13060.dat.bak [2013-2-3 35676208]
em002_32-13068.dat.bak [2013-2-5 35736896]
em003_32-1124.dat.bak [2013-1-17 785337]
em004_32-1103.dat.bak [2013-1-17 829329]
em005_32-1067.dat.bak [2013-1-17 63607]
em006_32-1066.dat.bak [2013-1-21 112691]
em009_32-1260.dat.bak [2013-1-21 1105291]
em015_32-1007.dat.bak [2013-1-17 6274]
em017_32-1119.dat.bak [2013-1-17 1138914]
em018_32-1086.dat.bak [2013-1-21 127233]
em019_32-1053.dat.bak [2013-2-1 148287]
em022_32-1028.dat.bak [2013-1-29 242265]
em023_32-2166.dat.bak [2013-2-3 5011171]
em023_32-2170.dat.bak [2013-2-5 5051959]
em024_32-1006.dat.bak [2013-1-17 29177]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon
CACHE.NDB [2013-2-5 35629]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer
73bc.msi [2013-1-17 68651008]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs
hipslog.dat [2013-2-6 1319138]
urllog.dat [2013-1-26 8328]
virlog.dat [2013-2-3 8813]
warnlog.dat [2013-2-6 21606]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\eScan
ndl10199.dat [2013-1-26 80961]
ndl10565.dat [2013-2-6 1015]
ndl11735.dat [2013-2-1 1015]
ndl11782.dat [2013-1-27 739]
ndl1187.dat [2013-2-5 1219]
ndl11903.dat [2013-2-3 2285]
ndl12522.dat [2013-1-22 1015]
ndl1259.dat [2013-1-18 82593]
ndl12596.dat [2013-2-5 6282]
ndl12784.dat [2013-1-21 1015]
ndl12989.dat [2013-1-31 79981]
ndl13615.dat [2013-2-5 1015]
ndl14645.dat [2013-1-21 78507]
ndl14922.dat [2013-2-2 78507]
ndl15030.dat [2013-1-19 82593]
ndl15162.dat [2013-2-5 1015]
ndl1552.dat [2013-1-18 82593]
ndl15571.dat [2013-2-5 1015]
ndl15976.dat [2013-1-22 1015]
ndl16093.dat [2013-1-24 78507]
ndl16174.dat [2013-2-5 1015]
ndl16406.dat [2013-2-3 1303]
ndl16897.dat [2013-1-21 1015]
ndl16913.dat [2013-1-28 79981]
ndl16958.dat [2013-1-24 1015]
ndl17127.dat [2013-1-20 1015]
ndl17553.dat [2013-1-23 1015]
ndl18008.dat [2013-1-22 3477]
ndl1832.dat [2013-1-24 3477]
ndl18331.dat [2013-1-30 1015]
ndl18386.dat [2013-2-2 2489]
ndl18743.dat [2013-1-29 79981]
ndl18964.dat [2013-1-28 2489]
ndl1928.dat [2013-1-19 2693]
ndl19481.dat [2013-2-1 79981]
ndl19622.dat [2013-2-5 1015]
ndl19716.dat [2013-2-4 946]
ndl19986.dat [2013-1-28 79981]
ndl20018.dat [2013-2-5 1015]
ndl20526.dat [2013-1-29 1219]
ndl20679.dat [2013-1-30 78507]
ndl20924.dat [2013-2-5 1015]
ndl21333.dat [2013-2-4 78507]
ndl21561.dat [2013-1-29 79981]
ndl21599.dat [2013-1-30 1015]
ndl21959.dat [2013-2-1 78507]
ndl22357.dat [2013-1-20 1015]
ndl22364.dat [2013-1-27 79981]
ndl22368.dat [2013-2-3 78507]
ndl2238.dat [2013-1-26 4457]
ndl2253.dat [2013-1-22 1015]
ndl22641.dat [2013-2-2 79981]
ndl22749.dat [2013-1-17 739]
ndl22802.dat [2013-2-4 1015]
ndl23171.dat [2013-2-3 80411]
ndl23333.dat [2013-1-26 1015]
ndl23494.dat [2013-1-20 5101]
ndl23784.dat [2013-1-26 1015]
ndl24075.dat [2013-2-5 1015]
ndl24111.dat [2013-1-20 1015]
ndl24206.dat [2013-1-28 78507]
ndl25133.dat [2013-1-31 79981]
ndl25388.dat [2013-1-21 78507]
ndl25412.dat [2013-1-21 1015]
ndl25688.dat [2013-1-25 1015]
ndl25782.dat [2013-1-31 79981]
ndl2693.dat [2013-1-24 3477]
ndl26964.dat [2013-1-17 82036]
ndl27050.dat [2013-2-3 79981]
ndl28288.dat [2013-1-25 78507]
ndl28516.dat [2013-2-5 946]
ndl28560.dat [2013-1-27 78507]
ndl28853.dat [2013-1-23 80969]
ndl29041.dat [2013-1-29 79777]
ndl29071.dat [2013-1-19 82593]
ndl29122.dat [2013-1-31 739]
ndl29701.dat [2013-1-30 2489]
ndl29759.dat [2013-2-3 2489]
ndl3004.dat [2013-1-28 1015]
ndl30266.dat [2013-1-19 80915]
ndl30364.dat [2013-1-24 1015]
ndl30393.dat [2013-1-23 78507]
ndl30419.dat [2013-1-19 1015]
ndl30787.dat [2013-1-23 80969]
ndl30828.dat [2013-1-23 1015]
ndl30870.dat [2013-1-24 1015]
ndl31028.dat [2013-2-2 739]
ndl31038.dat [2013-2-4 2489]
ndl31597.dat [2013-1-26 2979]
ndl31655.dat [2013-1-24 1015]
ndl31682.dat [2013-1-21 3681]
ndl31993.dat [2013-2-4 3937]
ndl32196.dat [2013-1-28 1015]
ndl32292.dat [2013-2-4 1015]
ndl32402.dat [2013-2-3 1015]
ndl32471.dat [2013-1-26 78507]
ndl3382.dat [2013-1-17 1419]
ndl4246.dat [2013-2-6 739]
ndl4463.dat [2013-1-31 79981]
ndl5461.dat [2013-2-3 1015]
ndl5897.dat [2013-2-4 78507]
ndl6245.dat [2013-2-4 1015]
ndl6463.dat [2013-1-18 82593]
ndl6585.dat [2013-2-3 4000]
ndl6636.dat [2013-2-1 79981]
ndl6734.dat [2013-1-25 1015]
ndl7091.dat [2013-1-20 1015]
ndl7524.dat [2013-1-29 1015]
ndl8641.dat [2013-1-29 80695]
ndl9180.dat [2013-1-20 1015]
ndl9472.dat [2013-1-17 1015]
ndl9772.dat [2013-2-4 1015]
.
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Stats
disk200112a.dat [2002-1-1 1505]
disk200112b.dat [2002-1-1 1506]
disk200201a.dat [2011-11-8 1503]
disk200201b.dat [2011-11-8 1503]
disk200805a.dat [2008-5-31 3022]
disk200805b.dat [2008-5-31 2903]
disk200806a.dat [2009-6-21 2801]
disk200806b.dat [2009-6-21 2718]
disk200905a.dat [2009-5-14 1611]
disk200905b.dat [2009-5-14 1575]
disk200906a.dat [2009-6-30 2143]
disk200906b.dat [2009-6-30 2111]
disk200907a.dat [2009-8-1 3471]
disk200907b.dat [2009-8-1 3414]
disk200908a.dat [2009-8-31 3014]
disk200908b.dat [2009-8-31 2917]
disk200909a.dat [2009-9-30 3394]
disk200909b.dat [2009-9-30 3285]
disk200910a.dat [2009-10-31 3368]
disk200910b.dat [2009-10-31 3295]
disk200911a.dat [2009-11-30 3677]
disk200911b.dat [2009-11-30 3594]
disk200912a.dat [2009-12-29 2683]
disk200912b.dat [2009-12-29 2633]
disk201001a.dat [2010-1-31 2328]
disk201001b.dat [2010-1-31 2314]
disk201002a.dat [2010-3-1 2315]
disk201002b.dat [2010-3-1 2295]
disk201003a.dat [2010-3-31 2462]
disk201003b.dat [2010-3-31 2429]
disk201004a.dat [2010-4-29 2585]
disk201004b.dat [2010-4-29 2553]
disk201005a.dat [2010-5-30 2121]
disk201005b.dat [2010-5-30 2091]
disk201006a.dat [2010-6-29 1976]
disk201006b.dat [2010-6-29 1949]
disk201007a.dat [2010-8-1 1552]
disk201007b.dat [2010-8-1 1553]
disk201008a.dat [2010-8-23 2019]
disk201008b.dat [2010-8-23 2001]
disk201009a.dat [2010-9-27 1525]
disk201009b.dat [2010-9-27 1523]
disk201010a.dat [2010-10-2 1495]
disk201010b.dat [2010-10-2 1495]
disk201011a.dat [2010-11-20 1535]
disk201011b.dat [2010-11-20 1528]
disk201104a.dat [2011-4-26 1566]
disk201104b.dat [2011-4-26 1565]
disk201106a.dat [2011-6-4 1578]
disk201106b.dat [2011-6-4 1572]
disk201108a.dat [2011-8-2 1495]
disk201108b.dat [2011-8-2 1495]
disk201111a.dat [2011-12-1 3395]
disk201111b.dat [2011-12-1 3360]
disk201112a.dat [2011-12-30 3369]
disk201112b.dat [2011-12-30 3374]
disk201201a.dat [2012-2-1 4515]
disk201201b.dat [2012-2-1 4465]
disk201202a.dat [2012-3-1 3423]
disk201202b.dat [2012-3-1 3401]
disk201203a.dat [2012-3-31 4071]
disk201203b.dat [2012-3-31 3980]
disk201204a.dat [2012-4-19 1615]
.
c:\documents and settings\Default User\
NTUSER.DAT [2009-5-14 405504]
ntuser.dat.LOG [2013-2-4 1024]
.
c:\documents and settings\Default User\Application Data\Microsoft\Internet Explorer
brndlog.bak [2009-5-14 439]
brndlog.txt [2009-5-14 6009]
.
c:\documents and settings\Default User\Local Settings\Application Data\Microsoft\Media Player
CurrentDatabase_59R.wmdb [2009-5-14 720896]
.
c:\documents and settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0
WMSDKNS.DTD [2009-5-14 498]
WMSDKNS.XML [2009-5-14 12784]
.
c:\documents and settings\Default User\Local Settings\History\History.IE5
index.dat [2009-5-14 16384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-15 07:30	208952	-c--a-w-	c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]
2008-05-23 14:08	6210744	----a-w-	c:\program files\Mail.Ru\Agent\magent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:41	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-15 07:30	455168	-c--a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-15 07:30	455168	-c--a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"Start"=dword:00000004
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
S1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\system32\drivers\krnl_akl.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\DRIVERS\EL910N51.sys [x]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-16 20:17]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uStart Page = hxxp://my.ukrtelecom.ua/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{189530A2-4083-4693-87DC-BC9167B1706D}: NameServer = 213.179.249.135 213.179.249.136
TCP: Interfaces\{D08FDA9D-D240-4754-922D-EB72EF7089C5}: NameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-06 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-02-06  14:30:23
ComboFix-quarantined-files.txt  2013-02-06 12:30
ComboFix2.txt  2013-02-04 15:27
.
Pre-Run: 40'599'552 ???? ????????
Post-Run: 234'844'160 ???? ????????
.
- - End Of File - - 0FB15C8CEB21F4A41B8A78CE242A4405

Alt 06.02.2013, 14:23   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Bitte nun (neue) Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2013, 19:23   #12
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Gmer lief problemlos, hat aber root kit fund gemeldet.

aswMBR log file weiter unten. (habe an einer stelle gedacht der scan waere fertig und habe auf save log file geklickt, glaube aber das hat keine Auswirkungen gehabt)

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-06 19:39:28
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-00CPF0 rev.06.04G06 37.27GB
Running: gmer_2.0.18454 (1).exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxtdqpoc.sys


---- System - GMER 2.0 ----

SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwAssignProcessToJobObject [0xF708A4B0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwCreateThread [0xF708A7F0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwDebugActiveProcess [0xF708AAB0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwDuplicateObject [0xF708A5D0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwLoadDriver [0xF708A8B0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwOpenProcess [0xF708A350]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwOpenThread [0xF708A410]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwProtectVirtualMemory [0xF708A570]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwQueueApcThread [0xF708A630]
SSDT     835A7918                                                                                                                                                                                                 ZwRequestWaitReplyPort
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSetContextThread [0xF708A530]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSetInformationThread [0xF708A4F0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSetSecurityObject [0xF708A670]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSetSystemInformation [0xF708A870]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSuspendProcess [0xF708A3B0]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSuspendThread [0xF708A430]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwSystemDebugControl [0xF708A830]
SSDT     835A79E8                                                                                                                                                                                                 ZwTerminateProcess
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwTerminateThread [0xF708A470]
SSDT     \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                                         ZwWriteVirtualMemory [0xF708A5F0]

Code     8391A77C                                                                                                                                                                                                 ZwCreateKey
Code     83620774                                                                                                                                                                                                 ZwOpenKey
Code     838FB844                                                                                                                                                                                                 ZwProtectVirtualMemory
Code     839184EB                                                                                                                                                                                                 ExAcquireResourceExclusiveLite
Code     \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys                                                                                                                                                           pIofCallDriver
Code     83915DAB                                                                                                                                                                                                 MmMapViewOfSection

---- Kernel code sections - GMER 2.0 ----

.text    ntoskrnl.exe!_abnormal_termination + 440                                                                                                                                                                 804E2AAC 12 Bytes  [B0, A3, 08, F7, 30, A4, 08, ...]
.text    ntoskrnl.exe!_abnormal_termination + 450                                                                                                                                                                 804E2ABC 8 Bytes  CALL F0D1853A 
.text    ntoskrnl.exe!ExAcquireResourceExclusiveLite                                                                                                                                                              804E35E4 5 Bytes  JMP 839184F0 
PAGE     ntoskrnl.exe!ZwOpenKey                                                                                                                                                                                   80568FE8 5 Bytes  JMP 83620778 
PAGE     ntoskrnl.exe!ZwCreateKey                                                                                                                                                                                 805737EF 5 Bytes  JMP 8391A780 
PAGE     ntoskrnl.exe!ZwProtectVirtualMemory                                                                                                                                                                      80574ED8 7 Bytes  JMP 838FB848 
PAGE     ntoskrnl.exe!MmMapViewOfSection                                                                                                                                                                          8057C996 5 Bytes  JMP 83915DB0 
?        C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                                                                                               ?? ??????? ????? ????????? ????. !
?        C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys                                                                                                                                                               ?? ??????? ????? ????????? ????. !

---- User code sections - GMER 2.0 ----

.text    C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!LdrLoadDll                                                                                                                                                7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!LdrUnloadDll                                                                                                                                              7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendMessageW                                                                                                                                             7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!CallWindowProcW                                                                                                                                          7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!GetWindowTextW                                                                                                                                           7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!CallWindowProcA                                                                                                                                          7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendMessageTimeoutW                                                                                                                                      7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendMessageCallbackW                                                                                                                                     7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendMessageA                                                                                                                                             7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendMessageTimeoutA                                                                                                                                      7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!GetWindowTextA                                                                                                                                           7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!keybd_event                                                                                                                                              7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendMessageCallbackA                                                                                                                                     7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] ntdll.dll!LdrLoadDll                                                                                                                            7C91632D 5 Bytes  JMP 003826E8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] ntdll.dll!LdrUnloadDll                                                                                                                          7C9171CD 5 Bytes  JMP 00382798 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] kernel32.dll!SetUnhandledExceptionFilter                                                                                                        7C8449CD 4 Bytes  [C2, 04, 00, 00]
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!SendMessageW                                                                                                                         7E37929A 5 Bytes  JMP 003822C8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!CallWindowProcW                                                                                                                      7E37A01E 5 Bytes  JMP 00382168 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!GetWindowTextW                                                                                                                       7E37A5CD 7 Bytes  JMP 00382008 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!CallWindowProcA                                                                                                                      7E37A97D 5 Bytes  JMP 003820B8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!SendMessageTimeoutW                                                                                                                  7E37CDAA 5 Bytes  JMP 00382428 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!SendMessageCallbackW                                                                                                                 7E37D6DB 5 Bytes  JMP 00382588 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!SendMessageA                                                                                                                         7E37F3C2 5 Bytes  JMP 00382218 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!SendMessageTimeoutA                                                                                                                  7E37FB6B 5 Bytes  JMP 00382378 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!GetWindowTextA                                                                                                                       7E38216B 7 Bytes  JMP 00381F58 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!keybd_event                                                                                                                          7E3B6783 5 Bytes  JMP 00382638 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[328] USER32.dll!SendMessageCallbackA                                                                                                                 7E3BB129 5 Bytes  JMP 003824D8 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] ntdll.dll!LdrLoadDll                                                                                                                                         7C91632D 5 Bytes  JMP 003826E8 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] ntdll.dll!LdrUnloadDll                                                                                                                                       7C9171CD 5 Bytes  JMP 00382798 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!SendMessageW                                                                                                                                      7E37929A 5 Bytes  JMP 003822C8 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!CallWindowProcW                                                                                                                                   7E37A01E 5 Bytes  JMP 00382168 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!GetWindowTextW                                                                                                                                    7E37A5CD 7 Bytes  JMP 00382008 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!CallWindowProcA                                                                                                                                   7E37A97D 5 Bytes  JMP 003820B8 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!SendMessageTimeoutW                                                                                                                               7E37CDAA 5 Bytes  JMP 00382428 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!SendMessageCallbackW                                                                                                                              7E37D6DB 5 Bytes  JMP 00382588 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!SendMessageA                                                                                                                                      7E37F3C2 5 Bytes  JMP 00382218 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!SendMessageTimeoutA                                                                                                                               7E37FB6B 5 Bytes  JMP 00382378 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!GetWindowTextA                                                                                                                                    7E38216B 7 Bytes  JMP 00381F58 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!keybd_event                                                                                                                                       7E3B6783 5 Bytes  JMP 00382638 
.text    C:\Program Files\Java\jre7\bin\jqs.exe[412] USER32.dll!SendMessageCallbackA                                                                                                                              7E3BB129 5 Bytes  JMP 003824D8 
.text    C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!LdrLoadDll                                                                                                                                                7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!LdrUnloadDll                                                                                                                                              7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!SendMessageW                                                                                                                                             7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!CallWindowProcW                                                                                                                                          7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!GetWindowTextW                                                                                                                                           7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!CallWindowProcA                                                                                                                                          7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!SendMessageTimeoutW                                                                                                                                      7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!SendMessageCallbackW                                                                                                                                     7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!SendMessageA                                                                                                                                             7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!SendMessageTimeoutA                                                                                                                                      7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!GetWindowTextA                                                                                                                                           7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!keybd_event                                                                                                                                              7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[460] USER32.dll!SendMessageCallbackA                                                                                                                                     7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\WINDOWS\system32\winlogon.exe[788] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 01D726E8 
.text    C:\WINDOWS\system32\winlogon.exe[788] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 01D72798 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 01D722C8 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 01D72168 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 01D72008 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 01D720B8 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 01D72428 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 01D72588 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 01D72218 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 01D72378 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 01D71F58 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 01D72638 
.text    C:\WINDOWS\system32\winlogon.exe[788] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 01D724D8 
.text    C:\WINDOWS\system32\wuauclt.exe[928] ntdll.dll!LdrLoadDll                                                                                                                                                7C91632D 5 Bytes  JMP 002D26E8 
.text    C:\WINDOWS\system32\wuauclt.exe[928] ntdll.dll!LdrUnloadDll                                                                                                                                              7C9171CD 5 Bytes  JMP 002D2798 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!SendMessageW                                                                                                                                             7E37929A 5 Bytes  JMP 002D22C8 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!CallWindowProcW                                                                                                                                          7E37A01E 5 Bytes  JMP 002D2168 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!GetWindowTextW                                                                                                                                           7E37A5CD 7 Bytes  JMP 002D2008 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!CallWindowProcA                                                                                                                                          7E37A97D 5 Bytes  JMP 002D20B8 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!SendMessageTimeoutW                                                                                                                                      7E37CDAA 5 Bytes  JMP 002D2428 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!SendMessageCallbackW                                                                                                                                     7E37D6DB 5 Bytes  JMP 002D2588 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!SendMessageA                                                                                                                                             7E37F3C2 5 Bytes  JMP 002D2218 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!SendMessageTimeoutA                                                                                                                                      7E37FB6B 5 Bytes  JMP 002D2378 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!GetWindowTextA                                                                                                                                           7E38216B 7 Bytes  JMP 002D1F58 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!keybd_event                                                                                                                                              7E3B6783 5 Bytes  JMP 002D2638 
.text    C:\WINDOWS\system32\wuauclt.exe[928] USER32.dll!SendMessageCallbackA                                                                                                                                     7E3BB129 5 Bytes  JMP 002D24D8 
.text    C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] ntdll.dll!LdrLoadDll                                                                                                                           7C91632D 5 Bytes  JMP 003826E8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] ntdll.dll!LdrUnloadDll                                                                                                                         7C9171CD 5 Bytes  JMP 00382798 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!SendMessageW                                                                                                                        7E37929A 5 Bytes  JMP 003822C8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!CallWindowProcW                                                                                                                     7E37A01E 5 Bytes  JMP 00382168 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!GetWindowTextW                                                                                                                      7E37A5CD 7 Bytes  JMP 00382008 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!CallWindowProcA                                                                                                                     7E37A97D 5 Bytes  JMP 003820B8 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!SendMessageTimeoutW                                                                                                                 7E37CDAA 5 Bytes  JMP 00382428 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!SendMessageCallbackW                                                                                                                7E37D6DB 5 Bytes  JMP 00382588 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!SendMessageA                                                                                                                        7E37F3C2 5 Bytes  JMP 00382218 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!SendMessageTimeoutA                                                                                                                 7E37FB6B 5 Bytes  JMP 00382378 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!GetWindowTextA                                                                                                                      7E38216B 7 Bytes  JMP 00381F58 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!keybd_event                                                                                                                         7E3B6783 5 Bytes  JMP 00382638 
.text    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1152] USER32.dll!SendMessageCallbackA                                                                                                                7E3BB129 5 Bytes  JMP 003824D8 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] ntdll.dll!LdrLoadDll                                                                                                                                         7C91632D 5 Bytes  JMP 002B26E8 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] ntdll.dll!LdrUnloadDll                                                                                                                                       7C9171CD 5 Bytes  JMP 002B2798 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!SendMessageW                                                                                                                                      7E37929A 5 Bytes  JMP 002B22C8 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!CallWindowProcW                                                                                                                                   7E37A01E 5 Bytes  JMP 002B2168 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!GetWindowTextW                                                                                                                                    7E37A5CD 7 Bytes  JMP 002B2008 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!CallWindowProcA                                                                                                                                   7E37A97D 5 Bytes  JMP 002B20B8 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!SendMessageTimeoutW                                                                                                                               7E37CDAA 5 Bytes  JMP 002B2428 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!SendMessageCallbackW                                                                                                                              7E37D6DB 5 Bytes  JMP 002B2588 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!SendMessageA                                                                                                                                      7E37F3C2 5 Bytes  JMP 002B2218 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!SendMessageTimeoutA                                                                                                                               7E37FB6B 5 Bytes  JMP 002B2378 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!GetWindowTextA                                                                                                                                    7E38216B 7 Bytes  JMP 002B1F58 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!keybd_event                                                                                                                                       7E3B6783 5 Bytes  JMP 002B2638 
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[1236] USER32.dll!SendMessageCallbackA                                                                                                                              7E3BB129 5 Bytes  JMP 002B24D8 
.text    C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] ntdll.dll!LdrLoadDll                                                                                                                                                7C91632D 5 Bytes  JMP 002D26E8 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] ntdll.dll!LdrUnloadDll                                                                                                                                              7C9171CD 5 Bytes  JMP 002D2798 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!SendMessageW                                                                                                                                             7E37929A 5 Bytes  JMP 002D22C8 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!CallWindowProcW                                                                                                                                          7E37A01E 5 Bytes  JMP 002D2168 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!GetWindowTextW                                                                                                                                           7E37A5CD 7 Bytes  JMP 002D2008 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!CallWindowProcA                                                                                                                                          7E37A97D 5 Bytes  JMP 002D20B8 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!SendMessageTimeoutW                                                                                                                                      7E37CDAA 5 Bytes  JMP 002D2428 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!SendMessageCallbackW                                                                                                                                     7E37D6DB 5 Bytes  JMP 002D2588 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!SendMessageA                                                                                                                                             7E37F3C2 5 Bytes  JMP 002D2218 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!SendMessageTimeoutA                                                                                                                                      7E37FB6B 5 Bytes  JMP 002D2378 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!GetWindowTextA                                                                                                                                           7E38216B 7 Bytes  JMP 002D1F58 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!keybd_event                                                                                                                                              7E3B6783 5 Bytes  JMP 002D2638 
.text    C:\WINDOWS\system32\ctfmon.exe[1376] USER32.dll!SendMessageCallbackA                                                                                                                                     7E3BB129 5 Bytes  JMP 002D24D8 
.text    C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\WINDOWS\System32\alg.exe[1668] ntdll.dll!LdrLoadDll                                                                                                                                                   7C91632D 5 Bytes  JMP 002C26E8 
.text    C:\WINDOWS\System32\alg.exe[1668] ntdll.dll!LdrUnloadDll                                                                                                                                                 7C9171CD 5 Bytes  JMP 002C2798 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!SendMessageW                                                                                                                                                7E37929A 5 Bytes  JMP 002C22C8 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!CallWindowProcW                                                                                                                                             7E37A01E 5 Bytes  JMP 002C2168 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!GetWindowTextW                                                                                                                                              7E37A5CD 7 Bytes  JMP 002C2008 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!CallWindowProcA                                                                                                                                             7E37A97D 5 Bytes  JMP 002C20B8 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!SendMessageTimeoutW                                                                                                                                         7E37CDAA 5 Bytes  JMP 002C2428 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!SendMessageCallbackW                                                                                                                                        7E37D6DB 5 Bytes  JMP 002C2588 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!SendMessageA                                                                                                                                                7E37F3C2 5 Bytes  JMP 002C2218 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!SendMessageTimeoutA                                                                                                                                         7E37FB6B 5 Bytes  JMP 002C2378 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!GetWindowTextA                                                                                                                                              7E38216B 7 Bytes  JMP 002C1F58 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!keybd_event                                                                                                                                                 7E3B6783 5 Bytes  JMP 002C2638 
.text    C:\WINDOWS\System32\alg.exe[1668] USER32.dll!SendMessageCallbackA                                                                                                                                        7E3BB129 5 Bytes  JMP 002C24D8 
.text    C:\Documents[1696] ntdll.dll!LdrLoadDll                                                                                                                                                                  7C91632D 5 Bytes  JMP 003C26E8 
.text    C:\Documents[1696] ntdll.dll!LdrUnloadDll                                                                                                                                                                7C9171CD 5 Bytes  JMP 003C2798 
.text    C:\Documents[1696] USER32.dll!SendMessageW                                                                                                                                                               7E37929A 5 Bytes  JMP 003C22C8 
.text    C:\Documents[1696] USER32.dll!CallWindowProcW                                                                                                                                                            7E37A01E 5 Bytes  JMP 003C2168 
.text    C:\Documents[1696] USER32.dll!GetWindowTextW                                                                                                                                                             7E37A5CD 7 Bytes  JMP 003C2008 
.text    C:\Documents[1696] USER32.dll!CallWindowProcA                                                                                                                                                            7E37A97D 5 Bytes  JMP 003C20B8 
.text    C:\Documents[1696] USER32.dll!SendMessageTimeoutW                                                                                                                                                        7E37CDAA 5 Bytes  JMP 003C2428 
.text    C:\Documents[1696] USER32.dll!SendMessageCallbackW                                                                                                                                                       7E37D6DB 5 Bytes  JMP 003C2588 
.text    C:\Documents[1696] USER32.dll!SendMessageA                                                                                                                                                               7E37F3C2 5 Bytes  JMP 003C2218 
.text    C:\Documents[1696] USER32.dll!SendMessageTimeoutA                                                                                                                                                        7E37FB6B 5 Bytes  JMP 003C2378 
.text    C:\Documents[1696] USER32.dll!GetWindowTextA                                                                                                                                                             7E38216B 7 Bytes  JMP 003C1F58 
.text    C:\Documents[1696] USER32.dll!keybd_event                                                                                                                                                                7E3B6783 5 Bytes  JMP 003C2638 
.text    C:\Documents[1696] USER32.dll!SendMessageCallbackA                                                                                                                                                       7E3BB129 5 Bytes  JMP 003C24D8 
.text    C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 004026E8 
.text    C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 00402798 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 004022C8 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 00402168 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 00402008 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 004020B8 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 00402428 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 00402588 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 00402218 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 00402378 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 00401F58 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 00402638 
.text    C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 004024D8 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 002C26E8 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 002C2798 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 002C22C8 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 002C2168 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 002C2008 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 002C20B8 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 002C2428 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 002C2588 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 002C2218 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 002C2378 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 002C1F58 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 002C2638 
.text    C:\WINDOWS\system32\spoolsv.exe[1948] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 002C24D8 
.text    C:\WINDOWS\explorer.exe[3188] ntdll.dll!LdrLoadDll                                                                                                                                                       7C91632D 5 Bytes  JMP 002B26E8 
.text    C:\WINDOWS\explorer.exe[3188] ntdll.dll!LdrUnloadDll                                                                                                                                                     7C9171CD 5 Bytes  JMP 002B2798 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!SendMessageW                                                                                                                                                    7E37929A 5 Bytes  JMP 002B22C8 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!CallWindowProcW                                                                                                                                                 7E37A01E 5 Bytes  JMP 002B2168 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!GetWindowTextW                                                                                                                                                  7E37A5CD 7 Bytes  JMP 002B2008 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!CallWindowProcA                                                                                                                                                 7E37A97D 5 Bytes  JMP 002B20B8 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!SendMessageTimeoutW                                                                                                                                             7E37CDAA 5 Bytes  JMP 002B2428 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!SendMessageCallbackW                                                                                                                                            7E37D6DB 5 Bytes  JMP 002B2588 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!SendMessageA                                                                                                                                                    7E37F3C2 5 Bytes  JMP 002B2218 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!SendMessageTimeoutA                                                                                                                                             7E37FB6B 5 Bytes  JMP 002B2378 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!GetWindowTextA                                                                                                                                                  7E38216B 7 Bytes  JMP 002B1F58 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!keybd_event                                                                                                                                                     7E3B6783 5 Bytes  JMP 002B2638 
.text    C:\WINDOWS\explorer.exe[3188] USER32.dll!SendMessageCallbackA                                                                                                                                            7E3BB129 5 Bytes  JMP 002B24D8 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] ntdll.dll!LdrLoadDll                                                                                                                                         7C91632D 5 Bytes  JMP 002C26E8 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] ntdll.dll!LdrUnloadDll                                                                                                                                       7C9171CD 5 Bytes  JMP 002C2798 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!SendMessageW                                                                                                                                      7E37929A 5 Bytes  JMP 002C22C8 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!CallWindowProcW                                                                                                                                   7E37A01E 5 Bytes  JMP 002C2168 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!GetWindowTextW                                                                                                                                    7E37A5CD 7 Bytes  JMP 002C2008 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!CallWindowProcA                                                                                                                                   7E37A97D 5 Bytes  JMP 002C20B8 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!SendMessageTimeoutW                                                                                                                               7E37CDAA 5 Bytes  JMP 002C2428 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!SendMessageCallbackW                                                                                                                              7E37D6DB 5 Bytes  JMP 002C2588 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!SendMessageA                                                                                                                                      7E37F3C2 5 Bytes  JMP 002C2218 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!SendMessageTimeoutA                                                                                                                               7E37FB6B 5 Bytes  JMP 002C2378 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!GetWindowTextA                                                                                                                                    7E38216B 7 Bytes  JMP 002C1F58 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!keybd_event                                                                                                                                       7E3B6783 5 Bytes  JMP 002C2638 
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3200] USER32.dll!SendMessageCallbackA                                                                                                                              7E3BB129 5 Bytes  JMP 002C24D8 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] ntdll.dll!LdrLoadDll                                                                                                                                               7C91632D 5 Bytes  JMP 002C26E8 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] ntdll.dll!LdrUnloadDll                                                                                                                                             7C9171CD 5 Bytes  JMP 002C2798 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!SendMessageW                                                                                                                                            7E37929A 5 Bytes  JMP 002C22C8 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!CallWindowProcW                                                                                                                                         7E37A01E 5 Bytes  JMP 002C2168 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!GetWindowTextW                                                                                                                                          7E37A5CD 7 Bytes  JMP 002C2008 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!CallWindowProcA                                                                                                                                         7E37A97D 5 Bytes  JMP 002C20B8 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!SendMessageTimeoutW                                                                                                                                     7E37CDAA 5 Bytes  JMP 002C2428 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!SendMessageCallbackW                                                                                                                                    7E37D6DB 5 Bytes  JMP 002C2588 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!SendMessageA                                                                                                                                            7E37F3C2 5 Bytes  JMP 002C2218 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!SendMessageTimeoutA                                                                                                                                     7E37FB6B 5 Bytes  JMP 002C2378 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!GetWindowTextA                                                                                                                                          7E38216B 7 Bytes  JMP 002C1F58 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!keybd_event                                                                                                                                             7E3B6783 5 Bytes  JMP 002C2638 
.text    C:\WINDOWS\system32\wscntfy.exe[3496] USER32.dll!SendMessageCallbackA                                                                                                                                    7E3BB129 5 Bytes  JMP 002C24D8 
---- Processes - GMER 2.0 ----

Library  C:\Documents and Settings\User\ (*** hidden *** ) @ C:\Documents [1696]                                                                                                                                  0x00400000                                                                       

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4      1?2?3?
Reg      HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0)                                                1?
Reg      HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0)                                                  1?
Reg      HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0)                                               1?
Reg      HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4                           1?
Reg      HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0)                                                        1?
Reg      HKLM\SYSTEM\ControlSet001\Services\LanmanServer\Shares@\34\0040\4H\0040\4 \0;\48\4G\4=\4>\0045\4                                                                                                         CSCFlags=0?MaxUses=4294967295?Path=F:\???? ???????Permissions=0?Remark=?Type=0?
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                                                     
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                          C:\Program Files\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4  1?2?3?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0)                                            1?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0)                                              1?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0)                                           1?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4                       1?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0)                                                    1?
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                      C:\Program Files\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4      1?2?3?
Reg      HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0)                                                1?
Reg      HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0)                                                  1?
Reg      HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0)                                               1?
Reg      HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4                           1?
Reg      HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0)                                                        1?
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                                                     
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                          C:\Program Files\DAEMON Tools Lite\
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi@avi\xfffd\xfffd_auto_file                                                                                                          

---- EOF - GMER 2.0 ----
aswMBR.txt logfile

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-06 20:31:52
-----------------------------
20:31:52.953    OS Version: Windows 5.1.2600 Service Pack 3
20:31:52.953    Number of processors: 1 586 0x103
20:31:52.953    ComputerName: COMP  UserName: User
20:31:54.437    Initialize success
20:36:46.953    AVAST engine defs: 13020600
20:37:38.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:37:38.875    Disk 0 Vendor: WDC_WD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
20:37:38.937    Disk 0 MBR read successfully
20:37:38.984    Disk 0 MBR scan
20:37:39.140    Disk 0 Windows XP default MBR code
20:37:39.187    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         7004 MB offset 63
20:37:39.250    Disk 0 Partition - 00     0F Extended LBA             31157 MB offset 14346045
20:37:39.328    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1     7004 MB offset 14346108
20:37:39.406    Disk 0 Partition - 00     05     Extended              7004 MB offset 28692090
20:37:39.500    Disk 0 Partition 3 00     0B        FAT32 MSWIN4.1     7004 MB offset 28692153
20:37:39.562    Disk 0 Partition - 00     05     Extended              7004 MB offset 57384180
20:37:39.656    Disk 0 Partition 4 00     0B        FAT32 MSWIN4.1     7004 MB offset 43038198
20:37:39.750    Disk 0 Partition - 00     05     Extended             10142 MB offset 86076270
20:37:42.375    Disk 0 Partition 5 00     0B        FAT32 MSWIN4.1    10142 MB offset 57384243
20:37:42.578    Disk 0 scanning sectors +78156225
20:37:42.937    Disk 0 scanning C:\WINDOWS\system32\drivers
20:38:10.125    Service scanning
20:38:26.765    Service krnl_akl C:\WINDOWS\system32\drivers\krnl_akl.sys **LOCKED** 32
20:38:49.796    Modules scanning
20:39:08.343    Disk 0 trace - called modules:
20:39:08.546    ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:39:08.750    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b48ab8]
20:39:08.968    3 CLASSPNP.SYS[f776efd7] -> nt!IofCallDriver -> \Device\0000005e[0x83b91f18]
20:39:09.187    5 ACPI.sys[f76e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83b8e940]
20:39:09.875    AVAST engine scan C:\WINDOWS
20:39:24.078    AVAST engine scan C:\WINDOWS\system32
20:47:16.578    AVAST engine scan C:\WINDOWS\system32\drivers
20:47:51.937    AVAST engine scan C:\Documents and Settings\User
20:50:35.390    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\??????? ????\MBR.dat"
20:50:35.765    The log file has been saved successfully to "C:\Documents and Settings\User\??????? ????\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-06 20:31:52
-----------------------------
20:31:52.953    OS Version: Windows 5.1.2600 Service Pack 3
20:31:52.953    Number of processors: 1 586 0x103
20:31:52.953    ComputerName: COMP  UserName: User
20:31:54.437    Initialize success
20:36:46.953    AVAST engine defs: 13020600
20:37:38.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:37:38.875    Disk 0 Vendor: WDC_WD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
20:37:38.937    Disk 0 MBR read successfully
20:37:38.984    Disk 0 MBR scan
20:37:39.140    Disk 0 Windows XP default MBR code
20:37:39.187    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         7004 MB offset 63
20:37:39.250    Disk 0 Partition - 00     0F Extended LBA             31157 MB offset 14346045
20:37:39.328    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1     7004 MB offset 14346108
20:37:39.406    Disk 0 Partition - 00     05     Extended              7004 MB offset 28692090
20:37:39.500    Disk 0 Partition 3 00     0B        FAT32 MSWIN4.1     7004 MB offset 28692153
20:37:39.562    Disk 0 Partition - 00     05     Extended              7004 MB offset 57384180
20:37:39.656    Disk 0 Partition 4 00     0B        FAT32 MSWIN4.1     7004 MB offset 43038198
20:37:39.750    Disk 0 Partition - 00     05     Extended             10142 MB offset 86076270
20:37:42.375    Disk 0 Partition 5 00     0B        FAT32 MSWIN4.1    10142 MB offset 57384243
20:37:42.578    Disk 0 scanning sectors +78156225
20:37:42.937    Disk 0 scanning C:\WINDOWS\system32\drivers
20:38:10.125    Service scanning
20:38:26.765    Service krnl_akl C:\WINDOWS\system32\drivers\krnl_akl.sys **LOCKED** 32
20:38:49.796    Modules scanning
20:39:08.343    Disk 0 trace - called modules:
20:39:08.546    ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:39:08.750    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b48ab8]
20:39:08.968    3 CLASSPNP.SYS[f776efd7] -> nt!IofCallDriver -> \Device\0000005e[0x83b91f18]
20:39:09.187    5 ACPI.sys[f76e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83b8e940]
20:39:09.875    AVAST engine scan C:\WINDOWS
20:39:24.078    AVAST engine scan C:\WINDOWS\system32
20:47:16.578    AVAST engine scan C:\WINDOWS\system32\drivers
20:47:51.937    AVAST engine scan C:\Documents and Settings\User
20:50:35.390    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\??????? ????\MBR.dat"
20:50:35.765    The log file has been saved successfully to "C:\Documents and Settings\User\??????? ????\aswMBR.txt"
20:52:11.859    AVAST engine scan C:\Documents and Settings\All Users
20:53:09.390    Scan finished successfully
20:54:28.562    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\??????? ????\MBR.dat"
20:54:28.640    The log file has been saved successfully to "C:\Documents and Settings\User\??????? ????\aswMBR.txt"
Geändert von mark24 (06.02.2013 um 19:58 Uhr) Grund: 2. log file

Alt 06.02.2013, 21:43   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2013, 22:30   #14
mark24
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


hat geklappt, hier das log>

Code:
ATTFilter
23:21:05.0296 2188  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:21:05.0781 2188  ============================================================
23:21:05.0781 2188  Current date / time: 2013/02/06 23:21:05.0781
23:21:05.0781 2188  SystemInfo:
23:21:05.0781 2188  
23:21:05.0781 2188  OS Version: 5.1.2600 ServicePack: 3.0
23:21:05.0781 2188  Product type: Workstation
23:21:05.0781 2188  ComputerName: COMP
23:21:05.0796 2188  UserName: User
23:21:05.0796 2188  Windows directory: C:\WINDOWS
23:21:05.0796 2188  System windows directory: C:\WINDOWS
23:21:05.0796 2188  Processor architecture: Intel x86
23:21:05.0796 2188  Number of processors: 1
23:21:05.0796 2188  Page size: 0x1000
23:21:05.0796 2188  Boot type: Normal boot
23:21:05.0796 2188  ============================================================
23:21:08.0046 2188  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:21:08.0140 2188  Drive \Device\Harddisk1\DR6 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:21:08.0156 2188  ============================================================
23:21:08.0156 2188  \Device\Harddisk0\DR0:
23:21:08.0156 2188  MBR partitions:
23:21:08.0156 2188  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDAE6FE
23:21:08.0171 2188  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xDAE77C, BlocksNum 0xDAE6FE
23:21:08.0187 2188  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x1B5CEB9, BlocksNum 0xDAE6FE
23:21:08.0296 2188  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x290B5F6, BlocksNum 0xDAE6FE
23:21:08.0343 2188  \Device\Harddisk0\DR0\Partition5: MBR, Type 0xB, StartLBA 0x36B9D33, BlocksNum 0x13CF48E
23:21:08.0343 2188  \Device\Harddisk1\DR6:
23:21:08.0343 2188  MBR partitions:
23:21:08.0343 2188  \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x1B8, BlocksNum 0x1E0648
23:21:08.0343 2188  ============================================================
23:21:08.0703 2188  C: <-> \Device\Harddisk0\DR0\Partition1
23:21:08.0718 2188  D: <-> \Device\Harddisk0\DR0\Partition2
23:21:08.0890 2188  E: <-> \Device\Harddisk0\DR0\Partition3
23:21:08.0906 2188  F: <-> \Device\Harddisk0\DR0\Partition4
23:21:08.0921 2188  G: <-> \Device\Harddisk0\DR0\Partition5
23:21:08.0921 2188  ============================================================
23:21:08.0921 2188  Initialize success
23:21:08.0921 2188  ============================================================
23:21:42.0796 0640  ============================================================
23:21:42.0796 0640  Scan started
23:21:42.0796 0640  Mode: Manual; SigCheck; TDLFS; 
23:21:42.0796 0640  ============================================================
23:21:43.0078 0640  ================ Scan system memory ========================
23:21:43.0078 0640  System memory - ok
23:21:43.0109 0640  ================ Scan services =============================
23:21:43.0375 0640  Abiosdsk - ok
23:21:43.0437 0640  abp480n5 - ok
23:21:43.0515 0640  [ E28AFA761D7ECAA705A00B4A86F68DA9 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:21:44.0687 0640  ACPI - ok
23:21:44.0750 0640  [ CEA8D1DA7696ACBFC69A3823BCF1C738 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:21:45.0031 0640  ACPIEC - ok
23:21:45.0156 0640  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:21:45.0203 0640  AdobeFlashPlayerUpdateSvc - ok
23:21:45.0265 0640  adpu160m - ok
23:21:45.0359 0640  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:21:45.0640 0640  aec - ok
23:21:45.0734 0640  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:21:45.0843 0640  AFD - ok
23:21:45.0906 0640  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
23:21:46.0187 0640  agp440 - ok
23:21:46.0218 0640  Aha154x - ok
23:21:46.0281 0640  aic78u2 - ok
23:21:46.0343 0640  aic78xx - ok
23:21:46.0578 0640  [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:21:47.0250 0640  ALCXWDM - ok
23:21:47.0296 0640  [ 4BDC19B678E140C900E6973ACEF7182C ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:21:47.0546 0640  Alerter - ok
23:21:47.0609 0640  [ 1F559252E6D787B9B48463BB2C8CEAC2 ] ALG             C:\WINDOWS\System32\alg.exe
23:21:47.0765 0640  ALG - ok
23:21:47.0796 0640  AliIde - ok
23:21:47.0859 0640  amsint - ok
23:21:47.0921 0640  ApfiltrService - ok
23:21:48.0000 0640  [ 49CD07F6A6D14430D773D83E7E60BB07 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:21:48.0140 0640  AppMgmt - ok
23:21:48.0171 0640  asc - ok
23:21:48.0234 0640  asc3350p - ok
23:21:48.0265 0640  asc3550 - ok
23:21:48.0484 0640  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:21:48.0546 0640  aspnet_state - ok
23:21:48.0625 0640  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:21:48.0890 0640  AsyncMac - ok
23:21:48.0968 0640  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:21:49.0250 0640  atapi - ok
23:21:49.0281 0640  Atdisk - ok
23:21:49.0328 0640  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:21:49.0625 0640  Atmarpc - ok
23:21:49.0671 0640  [ BE9255E19AA4CCEC236824C034B0F968 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:21:49.0968 0640  AudioSrv - ok
23:21:50.0046 0640  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:21:50.0328 0640  audstub - ok
23:21:50.0437 0640  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:21:50.0718 0640  Beep - ok
23:21:50.0796 0640  [ 2110EC6988CEDFEB9B520AF9BEB3AF7F ] BITS            C:\WINDOWS\system32\qmgr.dll
23:21:51.0140 0640  BITS - ok
23:21:51.0218 0640  [ AAB407B6D935E2F50BD09851DDB4DD6A ] Browser         C:\WINDOWS\System32\browser.dll
23:21:51.0343 0640  Browser - ok
23:21:51.0453 0640  catchme - ok
23:21:51.0546 0640  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:21:51.0828 0640  cbidf2k - ok
23:21:51.0875 0640  cd20xrnt - ok
23:21:51.0953 0640  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:21:52.0265 0640  Cdaudio - ok
23:21:52.0328 0640  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:21:52.0640 0640  Cdfs - ok
23:21:52.0718 0640  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:21:52.0812 0640  Cdrom - ok
23:21:52.0843 0640  Changer - ok
23:21:52.0906 0640  [ FB0DE648D9F0FBD13FB2BE4D5A4332B5 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:21:53.0187 0640  CiSvc - ok
23:21:53.0234 0640  [ 090A713C88805F83D72F315DE2AB247F ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:21:53.0531 0640  ClipSrv - ok
23:21:53.0625 0640  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:21:53.0656 0640  clr_optimization_v2.0.50727_32 - ok
23:21:53.0734 0640  CmdIde - ok
23:21:53.0796 0640  COMSysApp - ok
23:21:53.0921 0640  Cpqarray - ok
23:21:54.0015 0640  [ 31C42002B8560E7767B4A99B5EF8D4CB ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:21:54.0296 0640  CryptSvc - ok
23:21:54.0359 0640  dac2w2k - ok
23:21:54.0421 0640  dac960nt - ok
23:21:54.0515 0640  [ 293D96B9A523C8D3A5F3EE448405388E ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:21:54.0625 0640  DcomLaunch - ok
23:21:54.0718 0640  [ 3B6537AD7D31A89C3D5CED4AC1213A46 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:21:55.0000 0640  Dhcp - ok
23:21:55.0062 0640  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:21:55.0156 0640  Disk - ok
23:21:55.0187 0640  dmadmin - ok
23:21:55.0312 0640  [ D71BE7C02B8B147E85456238D0660478 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:21:55.0625 0640  dmboot - ok
23:21:55.0703 0640  [ 5F25DE6F05C986DCC36ADAF532C3CE0D ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:21:55.0984 0640  dmio - ok
23:21:56.0046 0640  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:21:56.0359 0640  dmload - ok
23:21:56.0453 0640  [ FE2A378DEF73F20165194F90A8938792 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:21:56.0750 0640  dmserver - ok
23:21:56.0875 0640  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:21:57.0156 0640  DMusic - ok
23:21:57.0203 0640  [ 3224A00763DBE8F356C77A38FD8E82C3 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:21:57.0343 0640  Dnscache - ok
23:21:57.0406 0640  [ 949A1B177B633A7C66C2B57FE73F53AA ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:21:57.0703 0640  Dot3svc - ok
23:21:57.0734 0640  dpti2o - ok
23:21:57.0812 0640  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:21:58.0109 0640  drmkaud - ok
23:21:58.0171 0640  dwshd - ok
23:21:58.0265 0640  [ 63A53BB2A85DD22A5E8D6C5CB6273043 ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
23:21:58.0437 0640  eamon - ok
23:21:58.0484 0640  [ 05A36B2B002944BBE47D9DD375142543 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:21:58.0796 0640  EapHost - ok
23:21:58.0843 0640  [ 4F72DD48A2ED63A57C1210228A472020 ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:21:58.0937 0640  ehdrv - ok
23:21:59.0093 0640  [ E95AB781773870BD68ABE1AE1B57A8AC ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:21:59.0250 0640  ekrn - ok
23:21:59.0328 0640  [ 1AB278025D2137AF9E66FF90EC96D389 ] EL910           C:\WINDOWS\system32\DRIVERS\EL910N51.sys
23:21:59.0343 0640  EL910 ( UnsignedFile.Multi.Generic ) - warning
23:21:59.0343 0640  EL910 - detected UnsignedFile.Multi.Generic (1)
23:21:59.0437 0640  [ 1079517E33044BFA7FF3C1B9A86F05BF ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:21:59.0500 0640  epfwtdir - ok
23:21:59.0609 0640  [ 5FEA86EAFEB2985444E924510707C8F4 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:21:59.0906 0640  ERSvc - ok
23:21:59.0968 0640  [ 94824EEFEBE244036335E644EB5FF3AC ] Eventlog        C:\WINDOWS\system32\services.exe
23:22:00.0062 0640  Eventlog - ok
23:22:00.0140 0640  [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem     C:\WINDOWS\system32\es.dll
23:22:00.0250 0640  EventSystem - ok
23:22:00.0328 0640  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:22:00.0609 0640  Fastfat - ok
23:22:00.0671 0640  [ 4833467D7268A5BF34FCC5E66A331EA6 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:22:00.0750 0640  FastUserSwitchingCompatibility - ok
23:22:00.0828 0640  [ 87D7F5059A26099C020934B1022BC2CB ] Fax             C:\WINDOWS\system32\fxssvc.exe
23:22:01.0156 0640  Fax - ok
23:22:01.0203 0640  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:22:01.0500 0640  Fdc - ok
23:22:01.0546 0640  [ 1541A3A7A460DECD6A2221065794A0DE ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:22:01.0875 0640  Fips - ok
23:22:01.0921 0640  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:22:02.0234 0640  Flpydisk - ok
23:22:02.0312 0640  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:22:02.0609 0640  FltMgr - ok
23:22:02.0718 0640  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:22:02.0765 0640  FontCache3.0.0.0 - ok
23:22:02.0812 0640  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:22:03.0125 0640  Fs_Rec - ok
23:22:03.0171 0640  [ FDD9E4CF0C558F64A58115CB2FC197AC ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:22:03.0718 0640  Ftdisk - ok
23:22:03.0796 0640  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:22:04.0078 0640  gameenum - ok
23:22:04.0125 0640  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:22:04.0421 0640  Gpc - ok
23:22:04.0546 0640  [ 01E26BF2718EF2FE403ADE932C91C096 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:22:04.0796 0640  helpsvc - ok
23:22:04.0843 0640  HidServ - ok
23:22:04.0921 0640  [ FC69696DDEF5EF99036A2CAD69A0A4ED ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:22:05.0203 0640  hkmsvc - ok
23:22:05.0234 0640  hpn - ok
23:22:05.0343 0640  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:22:05.0437 0640  HTTP - ok
23:22:05.0500 0640  [ 62520B6B40283B593B87849D0AADDA1D ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:22:05.0781 0640  HTTPFilter - ok
23:22:05.0812 0640  i2omgmt - ok
23:22:05.0875 0640  i2omp - ok
23:22:05.0953 0640  [ F9850BDD47DFFD2797E984FE60C8B3B6 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:22:06.0265 0640  i8042prt - ok
23:22:06.0390 0640  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:22:06.0515 0640  idsvc - ok
23:22:06.0562 0640  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:22:06.0875 0640  Imapi - ok
23:22:06.0937 0640  [ 883597BB9DEED9D68732668F1702B504 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:22:07.0218 0640  ImapiService - ok
23:22:07.0312 0640  ini910u - ok
23:22:07.0390 0640  IntelIde - ok
23:22:07.0500 0640  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:22:07.0796 0640  Ip6Fw - ok
23:22:07.0890 0640  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:22:08.0187 0640  IpFilterDriver - ok
23:22:08.0265 0640  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:22:08.0531 0640  IpInIp - ok
23:22:08.0609 0640  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:22:08.0937 0640  IpNat - ok
23:22:08.0984 0640  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:22:09.0265 0640  IPSec - ok
23:22:09.0328 0640  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:22:09.0484 0640  IRENUM - ok
23:22:09.0562 0640  [ 1C93959977CAD7168B4C816E8B29FE9B ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:22:09.0859 0640  isapnp - ok
23:22:10.0031 0640  [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:22:10.0078 0640  JavaQuickStarterService - ok
23:22:10.0171 0640  [ 2B0018DE01BFB628D0A49A301F34B46F ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:22:10.0453 0640  Kbdclass - ok
23:22:10.0515 0640  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:22:10.0828 0640  kmixer - ok
23:22:10.0937 0640  [ 92E9DCA9625AECFAB6B7578107EF4C5E ] krnl_akl        C:\WINDOWS\system32\drivers\krnl_akl.sys
23:22:11.0015 0640  krnl_akl - ok
23:22:11.0078 0640  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:22:11.0203 0640  KSecDD - ok
23:22:11.0265 0640  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23:22:11.0312 0640  L8042Kbd - ok
23:22:11.0390 0640  [ 00E83005D0CF2FAD89A3A4B30287AC29 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
23:22:11.0468 0640  LanmanServer - ok
23:22:11.0531 0640  [ 7D67C5591352F3F759AA3D5AE0DC728B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:22:11.0625 0640  lanmanworkstation - ok
23:22:11.0656 0640  lbrtfdc - ok
23:22:11.0796 0640  [ 17FF4DC871D53168D9C628835EB727F1 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:22:12.0093 0640  LmHosts - ok
23:22:12.0171 0640  [ 1CEA42E9B7DC30FC313C8277EBDC8FCF ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:22:12.0500 0640  Messenger - ok
23:22:12.0531 0640  mnmdd - ok
23:22:12.0640 0640  [ 5BCED2C68331A18534AB8DBAE71D93FC ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:22:12.0953 0640  Modem - ok
23:22:13.0000 0640  [ CBB891FDA0C5EC9F557ABBA86CA5CB76 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:22:13.0343 0640  Mouclass - ok
23:22:13.0406 0640  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:22:13.0718 0640  MountMgr - ok
23:22:13.0781 0640  mraid35x - ok
23:22:13.0875 0640  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:22:14.0156 0640  MRxDAV - ok
23:22:14.0250 0640  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:22:14.0375 0640  MRxSmb - ok
23:22:14.0437 0640  [ C06B2B7C7CC4DC1060924021BCA25B97 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:22:14.0734 0640  MSDTC - ok
23:22:14.0812 0640  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:22:15.0093 0640  Msfs - ok
23:22:15.0156 0640  MSIServer - ok
23:22:15.0250 0640  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:22:15.0531 0640  MSKSSRV - ok
23:22:15.0578 0640  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:22:15.0875 0640  MSPCLOCK - ok
23:22:15.0906 0640  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:22:16.0203 0640  MSPQM - ok
23:22:16.0265 0640  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:22:16.0578 0640  mssmbios - ok
23:22:16.0640 0640  [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401       C:\WINDOWS\system32\drivers\msmpu401.sys
23:22:16.0921 0640  ms_mpu401 - ok
23:22:16.0984 0640  [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:22:17.0078 0640  Mup - ok
23:22:17.0140 0640  [ AF7EE86468A06C98CB30E61735179BE1 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:22:17.0468 0640  napagent - ok
23:22:17.0515 0640  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:22:17.0875 0640  NDIS - ok
23:22:17.0921 0640  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:22:18.0000 0640  NdisTapi - ok
23:22:18.0062 0640  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:22:18.0359 0640  Ndisuio - ok
23:22:18.0453 0640  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:22:18.0750 0640  NdisWan - ok
23:22:18.0859 0640  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:22:18.0953 0640  NDProxy - ok
23:22:19.0000 0640  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:22:19.0296 0640  NetBIOS - ok
23:22:19.0343 0640  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:22:19.0656 0640  NetBT - ok
23:22:19.0750 0640  [ 860714EE75C888265F483DE3D8C61F1D ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:22:20.0031 0640  NetDDE - ok
23:22:20.0062 0640  [ 860714EE75C888265F483DE3D8C61F1D ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:22:20.0375 0640  NetDDEdsdm - ok
23:22:20.0437 0640  [ 17C1AC326238EFADF17A0612AFD822AD ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:22:20.0750 0640  Netlogon - ok
23:22:20.0812 0640  [ E6FD229CFE63179917C7E4FAB088CFE5 ] Netman          C:\WINDOWS\System32\netman.dll
23:22:21.0109 0640  Netman - ok
23:22:21.0171 0640  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:22:21.0250 0640  NetTcpPortSharing - ok
23:22:21.0328 0640  [ 63E4C6002CF30E755BD622CC0AADAC59 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:22:21.0375 0640  Nla - ok
23:22:21.0421 0640  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:22:21.0765 0640  Npfs - ok
23:22:21.0859 0640  [ A0857C97770034FD2AF17DC4014B5ABD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:22:22.0000 0640  Ntfs - ok
23:22:22.0078 0640  [ 17C1AC326238EFADF17A0612AFD822AD ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:22:22.0343 0640  NtLmSsp - ok
23:22:22.0421 0640  [ 8E6A3AAC5A889AD59479A05A990E8ED3 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:22:22.0781 0640  NtmsSvc - ok
23:22:22.0875 0640  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:22:23.0156 0640  Null - ok
23:22:23.0203 0640  [ D509EF6E99D1B55887FDC0CB61FD5A42 ] nvmpu401        C:\WINDOWS\system32\drivers\nvmpu401.sys
23:22:23.0328 0640  nvmpu401 - ok
23:22:23.0375 0640  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:22:23.0671 0640  NwlnkFlt - ok
23:22:23.0750 0640  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:22:24.0046 0640  NwlnkFwd - ok
23:22:24.0187 0640  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:22:24.0234 0640  ose - ok
23:22:24.0328 0640  [ FA3A44ADE1D355BE8E29D3B6BF0BA702 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:22:24.0671 0640  Parport - ok
23:22:24.0750 0640  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:22:25.0031 0640  PartMgr - ok
23:22:25.0093 0640  [ F6167F46184C50A9BC2FEB87067D1B97 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:22:25.0375 0640  ParVdm - ok
23:22:25.0437 0640  [ F9B93D158C4D9F54FBDF1A9C807A1A5A ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:22:25.0703 0640  PCI - ok
23:22:25.0734 0640  PCIDump - ok
23:22:25.0812 0640  [ 0D5EA82E0B16FA4C162635FA78E2DDC3 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:22:26.0109 0640  PCIIde - ok
23:22:26.0171 0640  [ B266A636C370476F25D307B30894D990 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:22:26.0453 0640  Pcmcia - ok
23:22:26.0484 0640  PDCOMP - ok
23:22:26.0546 0640  PDFRAME - ok
23:22:26.0609 0640  PDRELI - ok
23:22:26.0640 0640  PDRFRAME - ok
23:22:26.0703 0640  perc2 - ok
23:22:26.0765 0640  perc2hib - ok
23:22:26.0921 0640  [ 94824EEFEBE244036335E644EB5FF3AC ] PlugPlay        C:\WINDOWS\system32\services.exe
23:22:26.0984 0640  PlugPlay - ok
23:22:27.0046 0640  [ DCDF0421A1C14F2923E298A30FD7636D ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
23:22:27.0125 0640  Point32 - ok
23:22:27.0171 0640  [ 17C1AC326238EFADF17A0612AFD822AD ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:22:27.0453 0640  PolicyAgent - ok
23:22:27.0515 0640  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:22:27.0843 0640  PptpMiniport - ok
23:22:27.0921 0640  [ 1C0B6883250B95CF889A6421483C1201 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
23:22:28.0203 0640  Processor - ok
23:22:28.0312 0640  [ 17C1AC326238EFADF17A0612AFD822AD ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:22:28.0609 0640  ProtectedStorage - ok
23:22:28.0671 0640  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:22:28.0953 0640  PSched - ok
23:22:29.0000 0640  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:22:29.0296 0640  Ptilink - ok
23:22:29.0390 0640  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:22:29.0437 0640  PxHelp20 - ok
23:22:29.0468 0640  ql1080 - ok
23:22:29.0531 0640  Ql10wnt - ok
23:22:29.0593 0640  ql12160 - ok
23:22:29.0640 0640  ql1240 - ok
23:22:29.0671 0640  ql1280 - ok
23:22:29.0765 0640  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:22:30.0031 0640  RasAcd - ok
23:22:30.0140 0640  [ C7F1C27D7CD10B86079CB62800974880 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:22:30.0406 0640  RasAuto - ok
23:22:30.0515 0640  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:22:30.0781 0640  Rasl2tp - ok
23:22:30.0828 0640  [ B82B8EF94DF80F3EFD83720519E44DA3 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:22:31.0125 0640  RasMan - ok
23:22:31.0171 0640  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:22:31.0484 0640  RasPppoe - ok
23:22:31.0531 0640  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:22:31.0859 0640  Raspti - ok
23:22:31.0906 0640  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:22:32.0187 0640  Rdbss - ok
23:22:32.0265 0640  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:22:32.0531 0640  RDPCDD - ok
23:22:32.0703 0640  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:22:33.0015 0640  rdpdr - ok
23:22:33.0125 0640  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:22:33.0218 0640  RDPWD - ok
23:22:33.0312 0640  [ 79CAAA94E8598CFABB06025AD5476E3B ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:22:33.0578 0640  RDSessMgr - ok
23:22:33.0656 0640  [ 868C8DE05325F3B250F806666DE18F0D ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:22:33.0968 0640  redbook - ok
23:22:34.0046 0640  [ F9CB60B29EFD582EE92CD32FC8CC2BB9 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:22:34.0328 0640  RemoteAccess - ok
23:22:34.0375 0640  [ 7AE94A5CEDB2916F20A2811E14DDFD7E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:22:34.0687 0640  RemoteRegistry - ok
23:22:34.0796 0640  [ DB0A7358ED55A40A84DAFEC6459D62DD ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:22:35.0062 0640  RpcLocator - ok
23:22:35.0171 0640  [ 293D96B9A523C8D3A5F3EE448405388E ] RpcSs           C:\WINDOWS\System32\rpcss.dll
23:22:35.0218 0640  RpcSs - ok
23:22:35.0281 0640  [ 743D7D59767073A617B1DCC6C546F234 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
23:22:35.0343 0640  rspndr ( UnsignedFile.Multi.Generic ) - warning
23:22:35.0343 0640  rspndr - detected UnsignedFile.Multi.Generic (1)
23:22:35.0406 0640  [ 5B7CB4CC88A53A90C6F56D92ED5D55CE ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:22:35.0671 0640  RSVP - ok
23:22:35.0734 0640  [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:22:35.0906 0640  RTL8023xp - ok
23:22:35.0953 0640  [ 17C1AC326238EFADF17A0612AFD822AD ] SamSs           C:\WINDOWS\system32\lsass.exe
23:22:36.0234 0640  SamSs - ok
23:22:36.0296 0640  [ F896E628BDEA97E323773D604473D1E9 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:22:36.0578 0640  SCardSvr - ok
23:22:36.0640 0640  [ 962E76142BFE6AA160855326A488E778 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:22:36.0953 0640  Schedule - ok
23:22:37.0031 0640  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:22:37.0156 0640  Secdrv - ok
23:22:37.0218 0640  [ 90C86F09AFBF236076955B92B8F09DDA ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:22:37.0515 0640  seclogon - ok
23:22:37.0593 0640  [ 0D1DA74BE08251FE76E911DC3F1A7774 ] SENS            C:\WINDOWS\system32\sens.dll
23:22:37.0875 0640  SENS - ok
23:22:37.0937 0640  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:22:38.0234 0640  serenum - ok
23:22:38.0312 0640  [ 27645AE9DCC60BE467F3C92DDABED1B0 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:22:38.0609 0640  Serial - ok
23:22:38.0734 0640  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:22:39.0015 0640  Sfloppy - ok
23:22:39.0078 0640  [ B501E9B7C84B370BFE84A3035CCEABAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:22:39.0218 0640  SharedAccess - ok
23:22:39.0296 0640  [ 4833467D7268A5BF34FCC5E66A331EA6 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:22:39.0343 0640  ShellHWDetection - ok
23:22:39.0375 0640  Simbad - ok
23:22:39.0453 0640  Sparrow - ok
23:22:39.0500 0640  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:22:39.0796 0640  splitter - ok
23:22:39.0859 0640  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:22:39.0937 0640  Spooler - ok
23:22:40.0093 0640  [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
23:22:40.0171 0640  sptd - ok
23:22:40.0218 0640  [ 4A7B3B22C87F0897A68821734AFE9528 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:22:40.0390 0640  sr - ok
23:22:40.0453 0640  [ 44DFD21576643453C1CB3A03D655BF7B ] srservice       C:\WINDOWS\system32\srsvc.dll
23:22:40.0625 0640  srservice - ok
23:22:40.0718 0640  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:22:40.0875 0640  Srv - ok
23:22:40.0921 0640  [ 1F6A48B6EE85A23764CAC6466F164009 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:22:41.0093 0640  SSDPSRV - ok
23:22:41.0187 0640  [ 7BF256F38E77B02DFEB0CCE6A5D39611 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:22:41.0484 0640  stisvc - ok
23:22:41.0531 0640  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:22:41.0843 0640  swenum - ok
23:22:41.0890 0640  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:22:42.0187 0640  swmidi - ok
23:22:42.0250 0640  SwPrv - ok
23:22:42.0328 0640  symc810 - ok
23:22:42.0406 0640  symc8xx - ok
23:22:42.0468 0640  sym_hi - ok
23:22:42.0531 0640  sym_u3 - ok
23:22:42.0625 0640  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:22:42.0906 0640  sysaudio - ok
23:22:42.0984 0640  [ 046964A82253FE8F5097E127C563D505 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:22:43.0265 0640  SysmonLog - ok
23:22:43.0328 0640  [ B2918C85EFDEBE5CBC5FC930A4E4635C ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:22:43.0625 0640  TapiSrv - ok
23:22:43.0734 0640  [ AD978A1B783B5719720CFF204B666C8E ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:22:43.0828 0640  Tcpip - ok
23:22:43.0890 0640  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:22:44.0171 0640  TDPIPE - ok
23:22:44.0234 0640  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:22:44.0515 0640  TDTCP - ok
23:22:44.0656 0640  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:22:44.0937 0640  TermDD - ok
23:22:45.0015 0640  [ 804A741E1806E8C33C8C642781896C0D ] TermService     C:\WINDOWS\System32\termsrv.dll
23:22:45.0296 0640  TermService - ok
23:22:45.0343 0640  [ 4833467D7268A5BF34FCC5E66A331EA6 ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:22:45.0421 0640  Themes - ok
23:22:45.0500 0640  [ 111D0582E34BC10E7DDDC014F1E4E352 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:22:45.0656 0640  TlntSvr - ok
23:22:45.0703 0640  TosIde - ok
23:22:45.0781 0640  [ 7291C77298D55136DAEA2BFBEA702B93 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:22:46.0046 0640  TrkWks - ok
23:22:46.0140 0640  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:22:46.0437 0640  Udfs - ok
23:22:46.0468 0640  ultra - ok
23:22:46.0578 0640  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:22:46.0890 0640  Update - ok
23:22:46.0953 0640  [ 973E83B801CE31FDC76378B826364DBB ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:22:47.0125 0640  upnphost - ok
23:22:47.0171 0640  [ 55100F548265F1A9932122CB64359245 ] UPS             C:\WINDOWS\System32\ups.exe
23:22:47.0484 0640  UPS - ok
23:22:47.0562 0640  [ 9419FAAC6552A51542DBBA02971C841C ] usbbus          C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
23:22:47.0687 0640  usbbus - ok
23:22:47.0750 0640  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:22:48.0046 0640  usbccgp - ok
23:22:48.0109 0640  [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag         C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
23:22:48.0187 0640  UsbDiag - ok
23:22:48.0281 0640  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:22:48.0546 0640  usbehci - ok
23:22:48.0609 0640  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:22:48.0937 0640  usbhub - ok
23:22:49.0015 0640  [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem        C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
23:22:49.0078 0640  USBModem - ok
23:22:49.0171 0640  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:22:49.0421 0640  usbscan - ok
23:22:49.0484 0640  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:22:49.0750 0640  USBSTOR - ok
23:22:49.0828 0640  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:22:50.0093 0640  usbuhci - ok
23:22:50.0171 0640  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:22:50.0453 0640  VgaSave - ok
23:22:50.0515 0640  ViaIde - ok
23:22:50.0593 0640  [ 2E11190F37F0499CCA53CC1F92C5A3F7 ] vmmouse         C:\WINDOWS\system32\DRIVERS\vmmouse.sys
23:22:50.0625 0640  vmmouse - ok
23:22:50.0734 0640  [ A79D899DFD0467C4DF29AF19902ECD18 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:22:51.0000 0640  VolSnap - ok
23:22:51.0093 0640  [ 65DDE548AC8D7A5C55FC6352865D80FC ] VSS             C:\WINDOWS\System32\vssvc.exe
23:22:51.0281 0640  VSS - ok
23:22:51.0343 0640  [ 9B1BD39B85C7C79B2FD694571F77FDF3 ] W32Time         C:\WINDOWS\system32\w32time.dll
23:22:51.0437 0640  W32Time - ok
23:22:51.0531 0640  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:22:51.0843 0640  Wanarp - ok
23:22:51.0968 0640  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
23:22:52.0031 0640  Wdf01000 - ok
23:22:52.0062 0640  WDICA - ok
23:22:52.0109 0640  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:22:52.0406 0640  wdmaud - ok
23:22:52.0468 0640  [ 1D4E8123E7A78D1D7684BA0260FC8827 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:22:52.0750 0640  WebClient - ok
23:22:52.0890 0640  [ B053995E60DECE511BB600645CE3022B ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:22:53.0156 0640  winmgmt - ok
23:22:53.0312 0640  [ 7FAC509F7F817CF0912F81302435EBC0 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
23:22:53.0578 0640  WmdmPmSN - ok
23:22:53.0718 0640  [ E124D0064CAA770F75191F9C6B83B481 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:22:53.0796 0640  Wmi - ok
23:22:53.0890 0640  [ C537B70D8EDE999A81E8F7C56F07B665 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:22:54.0171 0640  WmiApSrv - ok
23:22:54.0250 0640  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:22:54.0484 0640  WS2IFSL - ok
23:22:54.0562 0640  [ DA6423C36F766C6EA41DCF147869B407 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:22:54.0828 0640  wscsvc - ok
23:22:54.0890 0640  [ 727F02F3B19BAB3639E9358FFDD295E0 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:22:54.0937 0640  wuauserv - ok
23:22:55.0015 0640  [ 7F572B42A68F54E4D8F17BBDAF3686C0 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:22:55.0343 0640  WZCSVC - ok
23:22:55.0406 0640  [ D490B2F1C26D4D038012EA7F3E22B314 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:22:55.0687 0640  xmlprov - ok
23:22:55.0750 0640  ================ Scan global ===============================
23:22:55.0781 0640  [ F488BF3DDCB4A2CCE993DDC7969886CF ] C:\WINDOWS\system32\basesrv.dll
23:22:55.0843 0640  [ 7B9D5B5CFF0CB9E1652936B9118C5266 ] C:\WINDOWS\system32\winsrv.dll
23:22:55.0921 0640  [ 7B9D5B5CFF0CB9E1652936B9118C5266 ] C:\WINDOWS\system32\winsrv.dll
23:22:55.0968 0640  [ 94824EEFEBE244036335E644EB5FF3AC ] C:\WINDOWS\system32\services.exe
23:22:55.0968 0640  [Global] - ok
23:22:55.0984 0640  ================ Scan MBR ==================================
23:22:56.0015 0640  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:22:56.0390 0640  \Device\Harddisk0\DR0 - ok
23:22:56.0437 0640  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR6
23:22:56.0703 0640  \Device\Harddisk1\DR6 - ok
23:22:56.0734 0640  ================ Scan VBR ==================================
23:22:56.0765 0640  [ 919F3CEDAB7F8D9E01DBACD87142C1B6 ] \Device\Harddisk0\DR0\Partition1
23:22:56.0765 0640  \Device\Harddisk0\DR0\Partition1 - ok
23:22:56.0828 0640  [ C4AC14E1D3896A150F8D455CE49FFEF5 ] \Device\Harddisk0\DR0\Partition2
23:22:56.0828 0640  \Device\Harddisk0\DR0\Partition2 - ok
23:22:56.0906 0640  [ A9EC134F8AD950B05742FC55CC0ACF09 ] \Device\Harddisk0\DR0\Partition3
23:22:56.0906 0640  \Device\Harddisk0\DR0\Partition3 - ok
23:22:57.0000 0640  [ 1645A93E34EE8626487087E83231A538 ] \Device\Harddisk0\DR0\Partition4
23:22:57.0000 0640  \Device\Harddisk0\DR0\Partition4 - ok
23:22:57.0078 0640  [ E36A73564EA0805D1DB340FDC87EE867 ] \Device\Harddisk0\DR0\Partition5
23:22:57.0078 0640  \Device\Harddisk0\DR0\Partition5 - ok
23:22:57.0140 0640  [ 6E02B50400236CAE2F14B497B18E9C1E ] \Device\Harddisk1\DR6\Partition1
23:22:57.0140 0640  \Device\Harddisk1\DR6\Partition1 - ok
23:22:57.0171 0640  ============================================================
23:22:57.0171 0640  Scan finished
23:22:57.0171 0640  ============================================================
23:22:57.0343 4076  Detected object count: 2
23:22:57.0343 4076  Actual detected object count: 2
23:25:16.0578 4076  EL910 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:16.0578 4076  EL910 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:16.0578 4076  rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:16.0578 4076  rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 07.02.2013, 00:25   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Standard

Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 2 1 2

Themen zu Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?
computer, dateien, desktop, erkannt, format, funktioniert, gen, gmer, installation, leer, logfile, neustart, nod32, online, online banking, programm, programme, rechner, rechtsklick, root kit, rootkit, starten, trojaner, ukraine, usb, verseucht, viren, xp prof sp3


« Fehler in C:\Windows\SysWOW64\rundll32.exe. Folgender Eintrag fehlt: FQ10, Spyware.Zeus, Trojan.Ransom.Gen | Firefox leitet Links an falsche Webseiten um »


Ähnliche Themen: Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?


  1. Pc Performer läßt sich nicht deinstallieren. Eventuell noch mehr Malware oder Viren auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (14)
  2. Virus LyricsPal.exe gefunden und mit Avira entfernt. Ist der Rechner jetzt wieder sauber oder noch verseucht?
    Log-Analyse und Auswertung - 22.09.2013 (13)
  3. Software.Updater.ui.exe nun auf dem Rechner meiner Freundin nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  4. Nach GVU Trojaner (bereits entfernt durch euch), möglicherweise noch Rootkit auf meinem Rechner?
    Log-Analyse und Auswertung - 10.01.2013 (11)
  5. [doppelt] Pc mit Viren verseucht
    Mülltonne - 31.01.2012 (2)
  6. Neuinstallation nach TR/Cryptet.xpack.gen2 und Rootkit Viren, Schädlinge immer noch vorhanden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (13)
  7. Rechner noch verseucht?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2010 (46)
  8. msa.exe noch verseucht?
    Log-Analyse und Auswertung - 17.12.2009 (5)
  9. ROOTKIT/MBR.Sinowal. alles verseucht
    Plagegeister aller Art und deren Bekämpfung - 02.06.2009 (1)
  10. PC noch verseucht?
    Log-Analyse und Auswertung - 20.05.2009 (2)
  11. PC mit Viren verseucht?
    Log-Analyse und Auswertung - 27.04.2009 (1)
  12. PC mit viren verseucht
    Log-Analyse und Auswertung - 24.03.2009 (19)
  13. Mit VIren verseucht
    Log-Analyse und Auswertung - 21.03.2008 (1)
  14. mein rechner wird immer noch langsamer /31 viren angezeigt / brauche hilfe
    Log-Analyse und Auswertung - 26.10.2007 (1)
  15. Ist mein Pc noch verseucht ?
    Log-Analyse und Auswertung - 05.06.2007 (4)
  16. Newbiefrage - Noch verseucht?
    Log-Analyse und Auswertung - 10.04.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? - Gruss an alle Experten aus der Ukraine! Bin hier gerade bei meiner Freundin zu Besuch und muss ihren Computer nutzen. Der lief bisher mit XP ohne jeglichen Schutz. Es war - Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch?...
Archiv
Du betrachtest: Rechner von Freundin in Ukraine verseucht> rootkit, viren, und was noch? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19