| |
| |||||||
Log-Analyse und Auswertung: Jemand ist in meinem NetzwerkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.12.2011, 19:18
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Jemand ist in meinem Netzwerk Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 20:18
| #17 |
 | Jemand ist in meinem Netzwerk 20:11:24.0149 3136 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
__________________20:11:24.0309 3136 ============================================================ 20:11:24.0309 3136 Current date / time: 2011/12/21 20:11:24.0309 20:11:24.0309 3136 SystemInfo: 20:11:24.0310 3136 20:11:24.0310 3136 OS Version: 6.1.7601 ServicePack: 1.0 20:11:24.0310 3136 Product type: Workstation 20:11:24.0310 3136 ComputerName: CHRISRA-PC 20:11:24.0310 3136 UserName: chrisra 20:11:24.0310 3136 Windows directory: C:\Windows 20:11:24.0310 3136 System windows directory: C:\Windows 20:11:24.0310 3136 Processor architecture: Intel x86 20:11:24.0310 3136 Number of processors: 4 20:11:24.0310 3136 Page size: 0x1000 20:11:24.0310 3136 Boot type: Normal boot 20:11:24.0310 3136 ============================================================ 20:11:32.0998 3136 Initialize success 20:12:07.0396 2952 ============================================================ 20:12:07.0397 2952 Scan started 20:12:07.0397 2952 Mode: Manual; SigCheck; TDLFS; 20:12:07.0397 2952 ============================================================ 20:12:08.0290 2952 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 20:12:08.0464 2952 1394ohci - ok 20:12:08.0487 2952 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys 20:12:08.0525 2952 acedrv11 - ok 20:12:08.0543 2952 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 20:12:08.0565 2952 ACPI - ok 20:12:08.0583 2952 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 20:12:08.0661 2952 AcpiPmi - ok 20:12:08.0699 2952 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 20:12:08.0730 2952 adp94xx - ok 20:12:08.0750 2952 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 20:12:08.0779 2952 adpahci - ok 20:12:08.0790 2952 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 20:12:08.0814 2952 adpu320 - ok 20:12:08.0856 2952 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 20:12:08.0918 2952 AFD - ok 20:12:08.0934 2952 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 20:12:08.0954 2952 agp440 - ok 20:12:08.0973 2952 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 20:12:08.0996 2952 aic78xx - ok 20:12:09.0007 2952 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 20:12:09.0028 2952 aliide - ok 20:12:09.0043 2952 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 20:12:09.0064 2952 amdagp - ok 20:12:09.0072 2952 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 20:12:09.0092 2952 amdide - ok 20:12:09.0109 2952 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 20:12:09.0173 2952 AmdK8 - ok 20:12:09.0182 2952 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 20:12:09.0241 2952 AmdPPM - ok 20:12:09.0249 2952 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 20:12:09.0269 2952 amdsata - ok 20:12:09.0279 2952 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 20:12:09.0306 2952 amdsbs - ok 20:12:09.0315 2952 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 20:12:09.0335 2952 amdxata - ok 20:12:09.0372 2952 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 20:12:09.0456 2952 AppID - ok 20:12:09.0475 2952 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 20:12:09.0499 2952 arc - ok 20:12:09.0508 2952 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 20:12:09.0532 2952 arcsas - ok 20:12:09.0551 2952 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 20:12:09.0692 2952 AsyncMac - ok 20:12:09.0701 2952 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 20:12:09.0721 2952 atapi - ok 20:12:09.0767 2952 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 20:12:09.0818 2952 b06bdrv - ok 20:12:09.0837 2952 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 20:12:09.0866 2952 b57nd60x - ok 20:12:09.0887 2952 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 20:12:09.0945 2952 Beep - ok 20:12:09.0958 2952 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 20:12:10.0011 2952 blbdrive - ok 20:12:10.0050 2952 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 20:12:10.0084 2952 bowser - ok 20:12:10.0109 2952 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:12:10.0191 2952 BrFiltLo - ok 20:12:10.0223 2952 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:12:10.0262 2952 BrFiltUp - ok 20:12:10.0278 2952 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 20:12:10.0319 2952 Brserid - ok 20:12:10.0344 2952 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 20:12:10.0373 2952 BrSerWdm - ok 20:12:10.0391 2952 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:12:10.0442 2952 BrUsbMdm - ok 20:12:10.0451 2952 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 20:12:10.0486 2952 BrUsbSer - ok 20:12:10.0511 2952 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 20:12:10.0555 2952 BTHMODEM - ok 20:12:10.0571 2952 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 20:12:10.0609 2952 cdfs - ok 20:12:10.0627 2952 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 20:12:10.0651 2952 cdrom - ok 20:12:10.0663 2952 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 20:12:10.0705 2952 circlass - ok 20:12:10.0737 2952 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 20:12:10.0760 2952 CLFS - ok 20:12:10.0775 2952 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 20:12:10.0801 2952 CmBatt - ok 20:12:10.0811 2952 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 20:12:10.0831 2952 cmdide - ok 20:12:10.0850 2952 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 20:12:10.0879 2952 CNG - ok 20:12:10.0896 2952 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 20:12:10.0918 2952 Compbatt - ok 20:12:10.0929 2952 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 20:12:10.0968 2952 CompositeBus - ok 20:12:10.0995 2952 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 20:12:11.0017 2952 crcdisk - ok 20:12:11.0048 2952 cxbu0wdm (b93f0125b1f47a8393938f3919a6565f) C:\Windows\system32\DRIVERS\cxbu0wdm.sys 20:12:11.0090 2952 cxbu0wdm - ok 20:12:11.0113 2952 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 20:12:11.0149 2952 DfsC - ok 20:12:11.0161 2952 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 20:12:11.0206 2952 discache - ok 20:12:11.0215 2952 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 20:12:11.0235 2952 Disk - ok 20:12:11.0281 2952 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 20:12:11.0339 2952 Dot4 - ok 20:12:11.0359 2952 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys 20:12:11.0395 2952 Dot4Print - ok 20:12:11.0427 2952 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 20:12:11.0471 2952 dot4usb - ok 20:12:11.0514 2952 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 20:12:11.0557 2952 drmkaud - ok 20:12:11.0614 2952 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 20:12:11.0671 2952 DXGKrnl - ok 20:12:11.0741 2952 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 20:12:11.0838 2952 ebdrv - ok 20:12:11.0863 2952 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 20:12:11.0894 2952 elxstor - ok 20:12:11.0903 2952 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 20:12:11.0928 2952 ErrDev - ok 20:12:11.0968 2952 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 20:12:12.0022 2952 exfat - ok 20:12:12.0056 2952 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 20:12:12.0098 2952 fastfat - ok 20:12:12.0122 2952 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 20:12:12.0161 2952 fdc - ok 20:12:12.0176 2952 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 20:12:12.0196 2952 FileInfo - ok 20:12:12.0206 2952 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 20:12:12.0271 2952 Filetrace - ok 20:12:12.0280 2952 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 20:12:12.0306 2952 flpydisk - ok 20:12:12.0317 2952 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 20:12:12.0340 2952 FltMgr - ok 20:12:12.0357 2952 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 20:12:12.0377 2952 FsDepends - ok 20:12:12.0395 2952 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 20:12:12.0414 2952 Fs_Rec - ok 20:12:12.0435 2952 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 20:12:12.0458 2952 fvevol - ok 20:12:12.0481 2952 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:12:12.0503 2952 gagp30kx - ok 20:12:12.0543 2952 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 20:12:12.0608 2952 hcw85cir - ok 20:12:12.0626 2952 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 20:12:12.0670 2952 HdAudAddService - ok 20:12:12.0697 2952 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 20:12:12.0725 2952 HDAudBus - ok 20:12:12.0734 2952 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 20:12:12.0775 2952 HidBatt - ok 20:12:12.0785 2952 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 20:12:12.0836 2952 HidBth - ok 20:12:12.0846 2952 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 20:12:12.0902 2952 HidIr - ok 20:12:12.0914 2952 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 20:12:12.0971 2952 HidUsb - ok 20:12:12.0995 2952 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 20:12:13.0016 2952 HpSAMD - ok 20:12:13.0047 2952 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 20:12:13.0096 2952 HTTP - ok 20:12:13.0121 2952 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 20:12:13.0138 2952 hwpolicy - ok 20:12:13.0161 2952 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 20:12:13.0196 2952 i8042prt - ok 20:12:13.0221 2952 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 20:12:13.0244 2952 iaStorV - ok 20:12:13.0257 2952 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 20:12:13.0279 2952 iirsp - ok 20:12:13.0380 2952 IntcAzAudAddService (cd08b2dad1ed85bc4bfaf82099fda604) C:\Windows\system32\drivers\RTKVHDA.sys 20:12:13.0517 2952 IntcAzAudAddService - ok 20:12:13.0529 2952 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 20:12:13.0551 2952 intelide - ok 20:12:13.0560 2952 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 20:12:13.0595 2952 intelppm - ok 20:12:13.0611 2952 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:12:13.0658 2952 IpFilterDriver - ok 20:12:13.0679 2952 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 20:12:13.0704 2952 IPMIDRV - ok 20:12:13.0717 2952 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 20:12:13.0757 2952 IPNAT - ok 20:12:13.0775 2952 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 20:12:13.0826 2952 IRENUM - ok 20:12:13.0845 2952 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 20:12:13.0866 2952 isapnp - ok 20:12:13.0880 2952 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 20:12:13.0903 2952 iScsiPrt - ok 20:12:13.0914 2952 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 20:12:13.0935 2952 kbdclass - ok 20:12:13.0956 2952 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 20:12:13.0994 2952 kbdhid - ok 20:12:14.0027 2952 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys 20:12:14.0045 2952 KL1 - ok 20:12:14.0066 2952 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys 20:12:14.0083 2952 kl2 - ok 20:12:14.0132 2952 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys 20:12:14.0160 2952 KLIF - ok 20:12:14.0174 2952 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys 20:12:14.0190 2952 KLIM6 - ok 20:12:14.0213 2952 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 20:12:14.0230 2952 klmouflt - ok 20:12:14.0250 2952 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 20:12:14.0269 2952 KSecDD - ok 20:12:14.0280 2952 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 20:12:14.0302 2952 KSecPkg - ok 20:12:14.0426 2952 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 20:12:14.0443 2952 Lavasoft Kernexplorer - ok 20:12:14.0468 2952 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 20:12:14.0486 2952 Lbd - ok 20:12:14.0499 2952 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 20:12:14.0549 2952 lltdio - ok 20:12:14.0581 2952 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:12:14.0604 2952 LSI_FC - ok 20:12:14.0614 2952 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:12:14.0637 2952 LSI_SAS - ok 20:12:14.0648 2952 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:12:14.0672 2952 LSI_SAS2 - ok 20:12:14.0803 2952 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:12:14.0834 2952 LSI_SCSI - ok 20:12:14.0845 2952 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 20:12:14.0883 2952 luafv - ok 20:12:14.0917 2952 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 20:12:14.0936 2952 MBAMProtector - ok 20:12:14.0949 2952 MBAMSwissArmy - ok 20:12:14.0963 2952 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 20:12:14.0987 2952 megasas - ok 20:12:14.0998 2952 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 20:12:15.0023 2952 MegaSR - ok 20:12:15.0035 2952 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 20:12:15.0085 2952 Modem - ok 20:12:15.0110 2952 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 20:12:15.0144 2952 monitor - ok 20:12:15.0157 2952 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 20:12:15.0181 2952 mouclass - ok 20:12:15.0190 2952 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 20:12:15.0220 2952 mouhid - ok 20:12:15.0229 2952 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 20:12:15.0249 2952 mountmgr - ok 20:12:15.0259 2952 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 20:12:15.0279 2952 mpio - ok 20:12:15.0308 2952 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 20:12:15.0372 2952 mpsdrv - ok 20:12:15.0396 2952 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 20:12:15.0449 2952 MRxDAV - ok 20:12:15.0471 2952 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:12:15.0525 2952 mrxsmb - ok 20:12:15.0540 2952 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:12:15.0578 2952 mrxsmb10 - ok 20:12:15.0613 2952 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:12:15.0637 2952 mrxsmb20 - ok 20:12:15.0655 2952 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 20:12:15.0686 2952 msahci - ok 20:12:15.0697 2952 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 20:12:15.0721 2952 msdsm - ok 20:12:15.0747 2952 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 20:12:15.0791 2952 Msfs - ok 20:12:15.0822 2952 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 20:12:15.0868 2952 mshidkmdf - ok 20:12:15.0889 2952 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 20:12:15.0910 2952 msisadrv - ok 20:12:15.0936 2952 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 20:12:15.0982 2952 MSKSSRV - ok 20:12:16.0000 2952 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 20:12:16.0035 2952 MSPCLOCK - ok 20:12:16.0055 2952 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 20:12:16.0089 2952 MSPQM - ok 20:12:16.0100 2952 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 20:12:16.0122 2952 MsRPC - ok 20:12:16.0134 2952 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 20:12:16.0156 2952 mssmbios - ok 20:12:16.0169 2952 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 20:12:16.0204 2952 MSTEE - ok 20:12:16.0228 2952 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 20:12:16.0254 2952 MTConfig - ok 20:12:16.0263 2952 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 20:12:16.0283 2952 Mup - ok 20:12:16.0307 2952 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 20:12:16.0336 2952 NativeWifiP - ok 20:12:16.0365 2952 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 20:12:16.0397 2952 NDIS - ok 20:12:16.0407 2952 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 20:12:16.0443 2952 NdisCap - ok 20:12:16.0462 2952 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 20:12:16.0509 2952 NdisTapi - ok 20:12:16.0529 2952 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 20:12:16.0562 2952 Ndisuio - ok 20:12:16.0593 2952 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 20:12:16.0638 2952 NdisWan - ok 20:12:16.0656 2952 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 20:12:16.0703 2952 NDProxy - ok 20:12:16.0716 2952 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 20:12:16.0757 2952 NetBIOS - ok 20:12:16.0786 2952 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 20:12:16.0823 2952 NetBT - ok 20:12:16.0843 2952 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 20:12:16.0866 2952 nfrd960 - ok 20:12:16.0878 2952 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 20:12:16.0932 2952 Npfs - ok 20:12:16.0952 2952 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 20:12:16.0987 2952 nsiproxy - ok 20:12:17.0048 2952 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 20:12:17.0184 2952 Ntfs - ok 20:12:17.0360 2952 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 20:12:17.0397 2952 Null - ok 20:12:17.0431 2952 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 20:12:17.0464 2952 NVENETFD - ok 20:12:17.0505 2952 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys 20:12:17.0522 2952 NVHDA - ok 20:12:17.0727 2952 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:12:18.0007 2952 nvlddmkm - ok 20:12:18.0048 2952 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys 20:12:18.0070 2952 NVNET - ok 20:12:18.0095 2952 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 20:12:18.0117 2952 nvraid - ok 20:12:18.0134 2952 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys 20:12:18.0185 2952 nvsmu - ok 20:12:18.0204 2952 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 20:12:18.0228 2952 nvstor - ok 20:12:18.0250 2952 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys 20:12:18.0267 2952 nvstor32 - ok 20:12:18.0292 2952 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 20:12:18.0313 2952 nv_agp - ok 20:12:18.0373 2952 NxpCap (6abc0333409e7ab86ba610bcf5bddf7b) C:\Windows\system32\DRIVERS\NxpCap.sys 20:12:18.0423 2952 NxpCap - ok 20:12:18.0439 2952 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 20:12:18.0475 2952 ohci1394 - ok 20:12:18.0492 2952 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 20:12:18.0522 2952 Parport - ok 20:12:18.0540 2952 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 20:12:18.0559 2952 partmgr - ok 20:12:18.0573 2952 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 20:12:18.0606 2952 Parvdm - ok 20:12:18.0636 2952 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 20:12:18.0658 2952 pci - ok 20:12:18.0676 2952 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 20:12:18.0712 2952 pciide - ok 20:12:18.0734 2952 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 20:12:18.0797 2952 pcmcia - ok 20:12:18.0808 2952 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 20:12:18.0836 2952 pcw - ok 20:12:18.0851 2952 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 20:12:18.0910 2952 PEAUTH - ok 20:12:18.0971 2952 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 20:12:19.0016 2952 PptpMiniport - ok 20:12:19.0025 2952 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 20:12:19.0058 2952 Processor - ok 20:12:19.0074 2952 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 20:12:19.0111 2952 Psched - ok 20:12:19.0154 2952 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 20:12:19.0200 2952 ql2300 - ok 20:12:19.0222 2952 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 20:12:19.0245 2952 ql40xx - ok 20:12:19.0257 2952 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 20:12:19.0283 2952 QWAVEdrv - ok 20:12:19.0293 2952 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 20:12:19.0332 2952 RasAcd - ok 20:12:19.0350 2952 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:12:19.0395 2952 RasAgileVpn - ok 20:12:19.0408 2952 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:12:19.0445 2952 Rasl2tp - ok 20:12:19.0457 2952 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 20:12:19.0501 2952 RasPppoe - ok 20:12:19.0511 2952 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 20:12:19.0546 2952 RasSstp - ok 20:12:19.0578 2952 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 20:12:19.0613 2952 rdbss - ok 20:12:19.0633 2952 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 20:12:19.0660 2952 rdpbus - ok 20:12:19.0689 2952 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:12:19.0737 2952 RDPCDD - ok 20:12:19.0757 2952 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 20:12:19.0790 2952 RDPENCDD - ok 20:12:19.0811 2952 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 20:12:19.0843 2952 RDPREFMP - ok 20:12:19.0868 2952 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 20:12:19.0903 2952 RDPWD - ok 20:12:19.0927 2952 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 20:12:19.0948 2952 rdyboost - ok 20:12:19.0974 2952 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 20:12:20.0011 2952 rspndr - ok 20:12:20.0060 2952 RTL8192su (9ce8deffaffccbf473015d76ae8ee514) C:\Windows\system32\DRIVERS\RTL8192su.sys 20:12:20.0088 2952 RTL8192su - ok 20:12:20.0118 2952 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys 20:12:20.0140 2952 sbapifs - ok 20:12:20.0159 2952 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 20:12:20.0179 2952 sbp2port - ok 20:12:20.0202 2952 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 20:12:20.0252 2952 scfilter - ok 20:12:20.0283 2952 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:12:20.0338 2952 secdrv - ok 20:12:20.0367 2952 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 20:12:20.0392 2952 Serenum - ok 20:12:20.0410 2952 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 20:12:20.0437 2952 Serial - ok 20:12:20.0446 2952 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 20:12:20.0483 2952 sermouse - ok 20:12:20.0515 2952 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 20:12:20.0548 2952 sffdisk - ok 20:12:20.0557 2952 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 20:12:20.0581 2952 sffp_mmc - ok 20:12:20.0591 2952 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 20:12:20.0632 2952 sffp_sd - ok 20:12:20.0641 2952 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 20:12:20.0668 2952 sfloppy - ok 20:12:20.0714 2952 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 20:12:20.0737 2952 sisagp - ok 20:12:20.0747 2952 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:12:20.0769 2952 SiSRaid2 - ok 20:12:20.0779 2952 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 20:12:20.0803 2952 SiSRaid4 - ok 20:12:20.0838 2952 SLEE_17_DRIVER (eaca11d07d7e74d72b913089b75b1416) C:\Windows\system32\drivers\Sleen17.sys 20:12:20.0855 2952 SLEE_17_DRIVER - ok 20:12:20.0868 2952 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 20:12:20.0904 2952 Smb - ok 20:12:20.0926 2952 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 20:12:20.0946 2952 spldr - ok 20:12:20.0991 2952 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 20:12:21.0047 2952 srv - ok 20:12:21.0071 2952 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 20:12:21.0098 2952 srv2 - ok 20:12:21.0134 2952 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 20:12:21.0162 2952 srvnet - ok 20:12:21.0197 2952 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 20:12:21.0222 2952 stexstor - ok 20:12:21.0272 2952 STGMFEngine32 (e5d761276cbf76155bebef33a9da0590) C:\Windows\system32\drivers\STGMFEngine32.sys 20:12:21.0281 2952 STGMFEngine32 ( UnsignedFile.Multi.Generic ) - warning 20:12:21.0281 2952 STGMFEngine32 - detected UnsignedFile.Multi.Generic (1) 20:12:21.0309 2952 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 20:12:21.0352 2952 StillCam - ok 20:12:21.0366 2952 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 20:12:21.0389 2952 swenum - ok 20:12:21.0463 2952 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys 20:12:21.0497 2952 tap0901 - ok 20:12:21.0573 2952 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 20:12:21.0624 2952 Tcpip - ok 20:12:21.0659 2952 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 20:12:21.0695 2952 TCPIP6 - ok 20:12:21.0739 2952 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 20:12:21.0795 2952 tcpipreg - ok 20:12:21.0832 2952 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 20:12:21.0879 2952 TDPIPE - ok 20:12:21.0889 2952 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 20:12:21.0929 2952 TDTCP - ok 20:12:21.0968 2952 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 20:12:22.0002 2952 tdx - ok 20:12:22.0022 2952 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 20:12:22.0043 2952 TermDD - ok 20:12:22.0083 2952 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:12:22.0124 2952 tssecsrv - ok 20:12:22.0165 2952 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 20:12:22.0201 2952 TsUsbFlt - ok 20:12:22.0231 2952 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 20:12:22.0277 2952 tunnel - ok 20:12:22.0300 2952 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 20:12:22.0324 2952 uagp35 - ok 20:12:22.0389 2952 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 20:12:22.0428 2952 udfs - ok 20:12:22.0459 2952 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 20:12:22.0480 2952 uliagpkx - ok 20:12:22.0493 2952 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 20:12:22.0516 2952 umbus - ok 20:12:22.0525 2952 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 20:12:22.0569 2952 UmPass - ok 20:12:22.0582 2952 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 20:12:22.0617 2952 usbccgp - ok 20:12:22.0637 2952 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 20:12:22.0664 2952 usbcir - ok 20:12:22.0674 2952 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 20:12:22.0714 2952 usbehci - ok 20:12:22.0736 2952 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 20:12:22.0761 2952 usbhub - ok 20:12:22.0770 2952 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys 20:12:22.0802 2952 usbohci - ok 20:12:22.0822 2952 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 20:12:22.0849 2952 usbprint - ok 20:12:22.0879 2952 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 20:12:22.0903 2952 usbscan - ok 20:12:22.0915 2952 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:12:22.0946 2952 USBSTOR - ok 20:12:22.0969 2952 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 20:12:22.0991 2952 usbuhci - ok 20:12:23.0007 2952 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 20:12:23.0029 2952 vdrvroot - ok 20:12:23.0041 2952 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 20:12:23.0067 2952 vga - ok 20:12:23.0090 2952 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 20:12:23.0124 2952 VgaSave - ok 20:12:23.0148 2952 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 20:12:23.0171 2952 vhdmp - ok 20:12:23.0181 2952 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 20:12:23.0203 2952 viaagp - ok 20:12:23.0213 2952 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 20:12:23.0257 2952 ViaC7 - ok 20:12:23.0277 2952 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 20:12:23.0296 2952 viaide - ok 20:12:23.0336 2952 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 20:12:23.0356 2952 volmgr - ok 20:12:23.0369 2952 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 20:12:23.0394 2952 volmgrx - ok 20:12:23.0415 2952 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 20:12:23.0439 2952 volsnap - ok 20:12:23.0451 2952 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 20:12:23.0476 2952 vsmraid - ok 20:12:23.0497 2952 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 20:12:23.0540 2952 vwifibus - ok 20:12:23.0550 2952 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 20:12:23.0579 2952 vwififlt - ok 20:12:23.0600 2952 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 20:12:23.0639 2952 vwifimp - ok 20:12:23.0657 2952 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 20:12:23.0683 2952 WacomPen - ok 20:12:23.0719 2952 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 20:12:23.0761 2952 WANARP - ok 20:12:23.0766 2952 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 20:12:23.0799 2952 Wanarpv6 - ok 20:12:23.0837 2952 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 20:12:23.0859 2952 Wd - ok 20:12:23.0875 2952 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 20:12:23.0903 2952 Wdf01000 - ok 20:12:23.0938 2952 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 20:12:23.0973 2952 WfpLwf - ok 20:12:23.0983 2952 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 20:12:24.0003 2952 WIMMount - ok 20:12:24.0045 2952 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.sys 20:12:24.0070 2952 WinUsb - ok 20:12:24.0088 2952 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 20:12:24.0123 2952 WmiAcpi - ok 20:12:24.0161 2952 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 20:12:24.0196 2952 ws2ifsl - ok 20:12:24.0233 2952 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 20:12:24.0259 2952 WSDPrintDevice - ok 20:12:24.0302 2952 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 20:12:24.0336 2952 WudfPf - ok 20:12:24.0356 2952 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:12:24.0389 2952 WUDFRd - ok 20:12:24.0421 2952 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\system32\Drivers\x10hid.sys 20:12:24.0437 2952 X10Hid - ok 20:12:24.0474 2952 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\system32\Drivers\x10ufx2.sys 20:12:24.0491 2952 XUIF - ok 20:12:24.0506 2952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 20:12:24.0624 2952 \Device\Harddisk0\DR0 - ok 20:12:24.0628 2952 Boot (0x1200) (d3fa4e1c541a333610499e31148cd881) \Device\Harddisk0\DR0\Partition0 20:12:24.0629 2952 \Device\Harddisk0\DR0\Partition0 - ok 20:12:24.0655 2952 Boot (0x1200) (d564620f3af6315a714ea374949e3080) \Device\Harddisk0\DR0\Partition1 20:12:24.0656 2952 \Device\Harddisk0\DR0\Partition1 - ok 20:12:24.0680 2952 Boot (0x1200) (adaab3f3891a478ba66817ab90fd121e) \Device\Harddisk0\DR0\Partition2 20:12:24.0680 2952 \Device\Harddisk0\DR0\Partition2 - ok 20:12:24.0681 2952 ============================================================ 20:12:24.0681 2952 Scan finished 20:12:24.0681 2952 ============================================================ 20:12:24.0703 5584 Detected object count: 1 20:12:24.0703 5584 Actual detected object count: 1 20:12:57.0461 5584 STGMFEngine32 ( UnsignedFile.Multi.Generic ) - skipped by user 20:12:57.0461 5584 STGMFEngine32 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
21.12.2011, 20:49
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jemand ist in meinem Netzwerk Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
22.12.2011, 10:13
| #19 |
| | Jemand ist in meinem Netzwerk Combofix Logfile: Code:
ATTFilter ComboFix 11-12-22.01 - chrisra 22.12.2011 9:37.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3071.1641 [GMT 1:00]
ausgeführt von:: c:\users\chrisra\Downloads\ComboFix.exe
AV: Kaspersky Security Suite CBE 11 *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: Kaspersky Security Suite CBE 11 *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Security Suite CBE 11 *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\A1
c:\program files\A1\A1 Webassistent\A1Breitband.chm
c:\program files\A1\A1 Webassistent\A1Breitband.exe
c:\program files\A1\A1 Webassistent\A1CMDTool.exe
c:\program files\A1\A1 Webassistent\A1Mailboxen.exe
c:\program files\A1\A1 Webassistent\A1Modemkonfigurator.exe
c:\program files\A1\A1 Webassistent\A1Webassistent.chm
c:\program files\A1\A1 Webassistent\A1Webassistent.exe
c:\program files\A1\A1 Webassistent\A1WLANAssistent.exe
c:\program files\A1\A1 Webassistent\inifiles.dat
c:\program files\A1\A1 Webassistent\ipworks6.dll
c:\program files\A1\A1 Webassistent\KCO.exe
c:\program files\A1\A1 Webassistent\M2Updater.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\system32
c:\windows\system32\system32\msxml3.dll
c:\windows\system32\system32\msxml3r.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-22 bis 2011-12-22 ))))))))))))))))))))))))))))))
.
.
2011-12-22 08:50 . 2011-12-22 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 16:07 . 2011-12-22 08:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB0603F6-9502-4564-A5F9-725A623AA451}\offreg.dll
2011-12-21 10:15 . 2011-12-21 10:15 -------- d-----w- c:\programdata\TamoSoft
2011-12-21 10:14 . 2011-12-21 10:15 -------- d-----w- c:\program files\CountryWhois
2011-12-21 10:09 . 2011-12-21 10:09 -------- d-----w- c:\program files\CallerIP
2011-12-21 10:04 . 2011-12-21 16:03 -------- d-----w- c:\program files\10-Strike Connection Monitor
2011-12-21 09:08 . 2011-12-21 09:08 -------- d-----w- c:\program files\Advanced IP Scanner
2011-12-21 08:59 . 2011-12-21 08:59 -------- d-----w- c:\program files\Competent Software
2011-12-20 10:02 . 2011-12-08 13:31 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB0603F6-9502-4564-A5F9-725A623AA451}\mpengine.dll
2011-12-19 08:38 . 2011-12-19 08:38 -------- d-----w- c:\program files\ESET
2011-12-18 09:51 . 2011-12-18 09:51 -------- d-----w- c:\programdata\Malwarebytes
2011-12-18 09:51 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 09:51 . 2011-12-18 09:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-13 18:34 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 18:34 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 18:34 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 18:34 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 18:34 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 18:34 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 08:55 . 2011-12-13 08:55 -------- d-----w- c:\program files\Common Files\Java
2011-12-13 08:47 . 2011-12-21 17:55 -------- d-----w- c:\windows\Patches
2011-12-13 08:39 . 2011-12-19 08:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-12-13 08:39 . 2011-12-19 08:51 916304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-13 08:28 . 2011-12-13 08:37 -------- d-----w- c:\program files\GFI
2011-12-13 08:28 . 2011-12-13 08:28 -------- d-----w- c:\programdata\GFI
2011-12-11 21:04 . 2011-12-11 18:43 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-12-11 10:00 . 2010-02-25 15:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-12-11 08:23 . 2011-12-11 08:23 -------- dc----w- c:\programdata\{B18BFA88-48D6-4325-AA5D-C9C0BD672D77}
2011-12-10 15:49 . 2011-12-10 15:49 -------- d-----w- c:\programdata\DATA BECKER Downloads
2011-12-10 15:47 . 2011-12-10 15:47 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2011-12-10 15:46 . 2011-12-10 15:46 -------- d-----w- c:\program files\DATA BECKER
2011-12-10 13:21 . 2011-12-10 13:21 -------- d-----w- c:\windows\system32\SPReview
2011-12-10 13:19 . 2011-12-10 13:19 -------- d-----w- c:\windows\system32\EventProviders
2011-12-10 13:18 . 2011-12-10 13:18 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-10 12:44 . 2011-12-09 19:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-10 09:07 . 2010-11-20 12:18 1154048 ----a-w- c:\windows\system32\crypt32.dll
2011-12-10 09:06 . 2010-11-20 12:21 416768 ----a-w- c:\windows\system32\wiadefui.dll
2011-12-10 09:05 . 2010-11-20 12:20 8192 ----a-w- c:\windows\system32\spwmp.dll
2011-12-10 09:04 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-12-10 09:04 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-10 09:04 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-10 09:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-10 08:17 . 2011-12-10 08:17 -------- d-----w- c:\program files\MSXML 4.0
2011-12-09 19:12 . 2011-12-09 19:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-09 19:08 . 2011-10-28 18:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-09 17:58 . 2011-12-09 17:58 640720 ----a-w- c:\windows\system32\ipworks6.dll
2011-12-09 17:55 . 2011-12-09 17:55 -------- d-----w- c:\programdata\m2backup
2011-12-09 17:53 . 2011-12-09 17:55 -------- d-----w- c:\programdata\mquadr.at
2011-12-09 17:52 . 2011-12-09 17:52 -------- dc-h--w- c:\programdata\{5AB81122-EBF9-4531-A9E9-D57960778847}
2011-12-09 13:08 . 2011-12-09 13:08 -------- d-----w- c:\windows\PCHEALTH
2011-12-09 13:07 . 2011-12-09 13:10 -------- d-----w- c:\program files\Windows Live
2011-12-09 13:01 . 2011-12-09 13:01 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-09 12:57 . 2011-12-09 12:57 -------- d-----w- c:\programdata\WEBREG
2011-12-09 12:28 . 2011-12-09 12:28 -------- d-----w- c:\programdata\HP Product Assistant
2011-12-09 12:27 . 2011-12-09 12:27 -------- d-----w- c:\program files\Common Files\HP
2011-12-09 11:23 . 2011-12-09 11:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-09 10:19 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-12-09 10:19 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-12-09 10:19 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-12-09 10:19 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-09 10:19 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-12-09 10:19 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-12-09 10:19 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-12-09 10:18 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-09 10:18 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-09 10:18 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-09 10:18 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-12-09 10:18 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-09 10:18 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-09 10:18 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-09 10:18 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-09 10:18 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-12-09 08:32 . 2011-12-09 08:32 -------- d-----w- c:\program files\Common Files\Steganos
2011-12-09 08:32 . 2011-12-09 08:32 -------- d-----w- c:\program files\Steganos Privacy Suite 12
2011-12-09 08:24 . 2011-12-09 08:24 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-12-09 08:17 . 2009-04-16 11:42 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2011-12-09 08:12 . 2011-12-09 08:12 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-12-09 08:09 . 2009-04-15 21:53 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-12-09 08:09 . 2009-04-16 11:42 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2011-12-09 08:09 . 2009-03-31 16:21 713728 ----a-w- c:\windows\system32\hposwia_d02d.dll
2011-12-09 08:09 . 2009-03-31 16:21 589824 ----a-w- c:\windows\system32\hpost_d02d.dll
2011-12-09 08:09 . 2009-03-31 16:21 315392 ----a-w- c:\windows\system32\hposc_d02a.dll
2011-12-09 08:05 . 2011-12-09 12:54 -------- d-----w- c:\program files\HP
2011-12-09 07:57 . 2011-12-09 12:59 -------- d-----w- c:\programdata\HP
2011-12-08 20:11 . 2011-12-08 20:12 -------- d-----w- c:\program files\TS-Shutdown-Manager
2011-12-08 20:11 . 2011-12-08 20:11 290816 ------w- c:\windows\Setup1.exe
2011-12-08 20:11 . 2011-12-08 20:11 74752 ----a-w- c:\windows\ST6UNST.EXE
2011-12-08 20:07 . 2011-12-08 20:08 -------- d-----w- c:\program files\Tyrann-Studios
2011-12-08 20:00 . 2011-12-08 20:00 -------- d-----w- c:\program files\AntiBrowserSpy
2011-12-08 19:34 . 2011-12-10 08:22 -------- d-----w- c:\program files\Microsoft Works
2011-12-08 19:19 . 2011-12-08 19:19 -------- d-----w- c:\programdata\A-Trust GmbH
2011-12-08 19:19 . 2011-12-08 19:20 -------- d-----w- c:\program files\A-Trust GmbH
2011-12-08 19:15 . 2011-12-08 19:16 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-08 19:10 . 2011-12-13 08:54 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 19:10 . 2011-12-13 08:54 -------- d-----w- c:\program files\Java
2011-12-08 19:06 . 2011-12-08 19:06 -------- d-----w- c:\programdata\CyberLink
2011-12-08 19:05 . 2011-12-08 19:05 -------- d-----w- c:\program files\Microsoft.NET
2011-12-08 19:03 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-12-08 18:43 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-08 18:43 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-08 18:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-08 18:34 . 2011-12-08 18:34 -------- d-----w- c:\program files\PlayReady
2011-12-08 18:23 . 2011-12-08 18:23 -------- d-----w- c:\windows\system32\wbem\en-US
2011-12-08 18:22 . 2011-12-08 18:22 -------- d-----w- c:\windows\system32\Wat
2011-12-08 18:18 . 2011-12-22 08:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-12-08 18:18 . 2011-12-22 08:28 916304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-08 17:54 . 2011-12-13 19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-08 17:54 . 2011-12-08 18:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-08 17:51 . 2011-12-08 17:51 -------- d-----w- c:\program files\Protector Suite
2011-12-08 17:51 . 2011-12-08 17:51 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-08 17:50 . 2011-12-09 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-08 17:50 . 2011-12-08 17:50 -------- d-----w- c:\programdata\Lavasoft
2011-12-08 17:50 . 2011-12-08 17:50 -------- d-----w- c:\program files\Lavasoft
2011-12-08 17:45 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-12-08 17:39 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-08 17:36 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-08 17:36 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-08 17:36 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-08 17:36 . 2010-11-20 12:16 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-08 17:36 . 2010-11-20 12:16 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-08 17:36 . 2010-11-20 12:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-12-08 17:36 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-12-08 17:36 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-08 17:36 . 2010-11-20 12:29 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-12-08 17:34 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 13:35 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-09 13:07 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"acSecurityLayer"="c:\program files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe" [2011-11-03 3556512]
"BrowserMask"="c:\program files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2011-08-15 101280]
"SSS12 Browser Monitor"="c:\program files\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe" [2011-09-30 57344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"WLan Watcher"="c:\program files\Competent Software\WLan Watcher\WWatcher.exe" [2010-08-15 4990976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" [2011-04-13 387696]
"SSS12 File Redirection Starter"="c:\program files\Steganos Privacy Suite 12\fredirstarter.exe" [2011-09-30 17408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\users\chrisra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Connection Monitor.lnk - c:\program files\10-Strike Connection Monitor\connmon.exe [2011-12-21 738816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files\A-Trust GmbH\a.sign Client\acLauncher.exe [2010-7-6 1008800]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1343400]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [2011-09-12 13:28 94560]
S1 STGMFEngine32;Steganos RAM Disk Engine [Driver];c:\windows\system32\drivers\STGMFEngine32.sys [2011-09-12 13:30 16384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files\GFI\LanGuard 10 Agent\lnssatt.exe [2011-11-25 115568]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-12-11 74968]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler32.exe [2011-09-12 349184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 cxbu0wdm;OMNIKEY 3821;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2011-09-06 119040]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-10-22 1488096]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1501850769-1321405005-1929293569-1000Core.job
- c:\users\chrisra\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 17:31]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1501850769-1321405005-1929293569-1000UA.job
- c:\users\chrisra\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1501850769-1321405005-1929293569-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1501850769-1321405005-1929293569-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-22 10:02:49
ComboFix-quarantined-files.txt 2011-12-22 09:02
.
Vor Suchlauf: 12 Verzeichnis(se), 224.317.235.200 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 224.194.801.664 Bytes frei
.
- - End Of File - - 0FFFB2C5E0CB8C13E1CE1713586CE81E
|
|
22.12.2011, 13:59
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jemand ist in meinem Netzwerk Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2011, 18:49
| #21 |
| | Jemand ist in meinem Netzwerk OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:48:04 on 23.12.2011 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Google Inc. Google Chrome 16.0.912.63 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1501850769-1321405005-1929293569-1000Core.job" - "Google Inc." - C:\Users\chrisra\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1501850769-1321405005-1929293569-1000UA.job" - "Google Inc." - C:\Users\chrisra\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "catchme" (catchme) - ? - C:\Users\chrisra\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys (File not found) "sbapifs" (sbapifs) - "Sunbelt Software" - C:\Windows\System32\DRIVERS\sbapifs.sys "Steganos Live Encryption Engine 17 [Driver]" (SLEE_17_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt - " - C:\Windows\system32\drivers\Sleen17.sys "Steganos RAM Disk Engine [Driver]" (STGMFEngine32) - "Softwareentwicklung Remus - ArchiCrypt.com" - C:\Windows\system32\drivers\STGMFEngine32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Program Files\Steganos Privacy Suite 12\ShellExtension.dll (File found, but it contains no detailed information) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.1.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {9C65D12D-CF9D-454d-8049-61965D8C6FFF} "Steganos Password Manager" - "Steganos Software GmbH" - C:\Program Files\Steganos Privacy Suite 12\SPMIEToolbar.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} "StartSearchToolBar" - "StartSearch Inc." - C:\Program Files\StartSearch plugin\ssBarLcher.dll <binary data> "Steganos Password Manager Toolbar" - "Steganos Software GmbH" - C:\Program Files\Steganos Privacy Suite 12\SPMIEToolbar.dll {c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} "IE5BarLauncherBHO Class" - "StartSearch Inc." - C:\Program Files\StartSearch plugin\ssBarLcher.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Connection Monitor.lnk" - "10-Strike Software" - C:\Program Files\10-Strike Connection Monitor\connmon.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\chrisra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "a.sign Client.lnk" - "A-Trust GmbH" - C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "acSecurityLayer" - "A-Trust GmbH" - C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe "BrowserMask" - "Microsoft" - "C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" -delayed "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "SSS12 Browser Monitor" - "Steganos Software GmbH" - "C:\Program Files\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe" "uTorrent" - "BitTorrent, Inc." - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED "WLan Watcher" - "Competent Software" - "C:\Program Files\Competent Software\WLan Watcher\WWatcher.exe" -min -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "SSS12 File Redirection Starter" - "Steganos Software GmbH" - "C:\Program Files\Steganos Privacy Suite 12\fredirstarter.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "ForceWare Intelligent Application Manager (IAM)" (ForceWare Intelligent Application Manager (IAM)) - ? - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe "ForceWare IP service" (nSvcIp) - ? - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe "GFI LanGuard 10 Attendant Service" (gfi_lanss10_attservice) - "GFI Software Development Ltd." - C:\Program Files\GFI\LanGuard 10 Agent\lnssatt.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Kaspersky Security Suite CBE 11 Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "Steganos Volatile Disk" (Steganos Volatile Disk) - "Softwareentwicklung Remus - ArchiCrypt" - C:\Windows\system32\STGRAMDiskHandler32.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll "ScCertProp" - ? - wlnotify.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
23.12.2011, 19:02
| #22 |
| | Jemand ist in meinem Netzwerk aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-23 18:50:21 ----------------------------- 18:50:21.158 OS Version: Windows 6.1.7601 Service Pack 1 18:50:21.158 Number of processors: 4 586 0x170A 18:50:21.161 ComputerName: CHRISRA-PC UserName: chrisra 18:50:32.268 Initialize success 18:52:02.873 AVAST engine defs: 11122300 18:52:44.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063 18:52:44.836 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3 18:52:46.843 Disk 0 MBR read successfully 18:52:46.847 Disk 0 MBR scan 18:52:46.852 Disk 0 Windows 7 default MBR code 18:52:46.855 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:52:46.869 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 512422 MB offset 206848 18:52:46.876 Disk 0 Partition - 00 05 Extended 440320 MB offset 1049647104 18:52:46.905 Disk 0 Partition 3 00 12 Compaq diag NTFS 1025 MB offset 1951422464 18:52:46.939 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 419838 MB offset 1049649152 18:52:46.949 Disk 0 scanning sectors +1953521664 18:52:47.035 Disk 0 scanning C:\Windows\system32\drivers 18:52:56.540 Service scanning 18:52:57.824 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 18:52:57.830 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 18:52:57.839 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 18:52:57.847 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 18:52:58.520 Modules scanning 18:53:02.842 Disk 0 trace - called modules: 18:53:02.865 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys 18:53:02.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d74a00] 18:53:02.878 3 CLASSPNP.SYS[8c79959e] -> nt!IofCallDriver -> [0x86713930] 18:53:02.883 5 ACPI.sys[8bac73d4] -> nt!IofCallDriver -> \Device\00000063[0x86be55e0] 18:53:05.810 AVAST engine scan C:\Windows 18:53:12.832 AVAST engine scan C:\Windows\system32 18:55:50.152 AVAST engine scan C:\Windows\system32\drivers 18:56:03.670 AVAST engine scan C:\Users\chrisra 18:57:36.990 File: C:\Users\chrisra\Downloads\wlan-watcher-2.0.exe.exe **INFECTED** Win32:Malware-gen 18:57:38.911 AVAST engine scan C:\ProgramData 19:00:03.711 Scan finished successfully 19:00:48.692 Disk 0 MBR has been saved successfully to "C:\Users\chrisra\Documents\MBR.dat" 19:00:48.700 The log file has been saved successfully to "C:\Users\chrisra\Documents\aswMBR.txt" |
|
23.12.2011, 19:48
| #23 |
| | Jemand ist in meinem Netzwerk Mit dem DVD Laufwerk habe ich seit diesen Scans ein Problem. Wenn ich vorher die Computerbild DVD einlegte, hat er mir die cobi.exe angeboten u. direkt gestartet. Jetzt bietet er mir das nicht mehr an. Ich muss den Windows Explorer öffnen u. alle Programme manuell auswählen. Jetzt will er immer den DVD Film wiedergeben oder den Ordner öffnen. Was ist da passiert? Geändert von chrisra66 (23.12.2011 um 20:19 Uhr) |
|
23.12.2011, 21:13
| #24 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jemand ist in meinem NetzwerkZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2011, 21:50
| #25 |
| | Jemand ist in meinem Netzwerk Habe ich bereits wieder gelöscht. Auf Bitsnoop oder so hiess die Seite. Wenn ich diesen WLAN Watcher laufen lasse, habe ich zwischendurch immer eine unbekannte MAC Adresse u. wechselnde IP drinnen. Freitag ist ihr Tag. Jetzt habe ich in der Konsole vom Router alle IP Adressen ausser die ich brauche blockiert. Seitdem ist sie nicht mehr erschienen. Ich verstehe nicht wie die rein kommt. Kein Programm findet was, aber sie ist drinnen. |
|
23.12.2011, 21:52
| #26 |
| | Jemand ist in meinem Netzwerk Autorun wurde deaktiviert. Das war vorher aber besser. Wie kann ich es wieder aktivieren? |
|
24.12.2011, 14:40
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jemand ist in meinem Netzwerk Und warum das ganze? Ich habe bereits erklärt, dass Autorun eine Unsitte ist. Was ist mit GMER, ging das nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2011, 14:43
| #28 |
| | Jemand ist in meinem Netzwerk GMER kommt noch. |
|
25.12.2011, 19:52
| #29 |
| | Jemand ist in meinem Netzwerk GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-25 19:46:42
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000064 WDC_WD10 rev.80.0
Running: qrm1hwv0.exe; Driver: C:\Users\chrisra\AppData\Local\Temp\fxdiafod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x90A61DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x90A63FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x90A64262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x90A644D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x90A626BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x90A634F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x90A63A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x90A6299A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x90A63922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x90A61998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x90A637F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x90A61B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x90A63B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x90A62344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x90A62442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x90A64722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x90A6388C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x90A6524A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x90A62E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x90A66458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x90A62C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x90A6533C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x90A65AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x90A63AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x90A62740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x90A639B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x90A61FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x90A6583E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x90A63BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x90A61ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x90A647DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x90A65DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x90A656D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x90A60652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x90A63F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x90A63E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x90A64FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x90A609CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x90A662FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x90A605EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x90A63238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x90A62560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x90A6487E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x90A654DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x90A65F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x90A66020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x90A6615A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x90A6516E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x90A6218E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x90A620E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x90A65C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x90A6227A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83259369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83292D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83299D8C 4 Bytes [AA, 1D, A6, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83299DB4 8 Bytes CALL E5BA43F8
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83299DF8 4 Bytes [D8, 44, A6, 90] {FADD DWORD [ESI-0x70]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83299E24 4 Bytes [BE, 26, A6, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83299E48 4 Bytes [F2, 34, A6, 90]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9F97069D]
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] USER32.dll!NotifyWinEvent + 6AE 75B1D66C 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] USER32.dll!NotifyWinEvent + 6AE 75B1D66C 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 004F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 004F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 004F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 004F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77530550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 775305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77530710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 005A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77530780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 005A0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 005A0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 775307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77530860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77530E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77530EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77530F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77620320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 776407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77640860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 776408D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 776204E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77640940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 776409B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 77620B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 77620B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 77620BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 77620C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77640E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 77620CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77640E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77640EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77640F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 005B0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 77620D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 77620DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005B0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 005B00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 005B0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 005B01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 005101D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 005102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 005C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 005C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 005C0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 005C05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 005108D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00510940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 005109B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00510A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77620160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77640240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77640160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 77640010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 776400F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77620010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 77640080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 77640010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 776400F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77640160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[1844] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77640240
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74042437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74025600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740256BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740424B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74038514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74034CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7403506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74035144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74036671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7403826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740387BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7403E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74034BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00230240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002302B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00230320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00230390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77530550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 775305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77530710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 002F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77530780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 002F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 002F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 002F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 775307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77530860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77530E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77530EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77530F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77620320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 776407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77640860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 776408D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 776204E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77640940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 776409B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 77620B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 77620B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 77620BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 77620C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77640E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 77620CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77640E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77640EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77640F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 01E30010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 77620D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 77620DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01E30080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 01E300F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 01E30160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 01E301D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 002601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 01E40400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01E40470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01E404E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01E40550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01E405C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01E40630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00260940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe[3860] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00260A20
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0126D.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0126E.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0126F.log 1048576 bytes
File C:\Users\Public\Recorded TV\TempRec\TempSBE\{9157AE71-13F7-4BF3-BBDB-80252E5ED136}.tmp.sbf 522977280 bytes
File C:\Users\Public\Recorded TV\TempRec\TempSBE\{9FD667A7-6524-4458-8877-9DADF6CCD2AD}.tmp.sbf 522977280 bytes
---- EOF - GMER 1.0.15 ----
|
|
26.12.2011, 00:17
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jemand ist in meinem Netzwerk Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Jemand ist in meinem Netzwerk |
| adresse, backdoor, bekannte, bifrose, eingebe, entferne, entfernen, fragezeichen, fremder, gutes, hilft, längerer, mac, netzwerk, programm, router, schei, troja, trojaner, trojaner backdoor, unbekannte, wlan, wpa2, überwachen, zwischen |
Linear-Darstellung
