| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Festplattenproblem nach Avira Free Antivirus-MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.02.2012, 01:18
| #16 |
 |  Festplattenproblem nach Avira Free Antivirus-Meldung Ach ja  Ich habe jetzt die Berichte gespeichert und den Inhalt der Textdatei hier rein kopiert. Das erste ist der "Schutz-Center", das zweite sind "Erkannte Bedrohungen", hoffentlich waren das die richtigen. Tut mir leid, dass ich mich ein bisschen blöd anstelle... mfG Code:
ATTFilter Datum: Gestern (155) Kaspersky Anti-Virus dvhhccfblujqw.exe Sicherungskopie erstellt: Trojan.Win32.FakeAV.kxpe 24.02.2012 21:13:43 Kaspersky Anti-Virus dvhhccfblujqw.exe Gefunden: Trojan.Win32.FakeAV.kxpe 24.02.2012 21:12:46 Host Process for Windows Services $ObjId:$O:$INDEX_ALLOCATION Bearbeitungsfehler 24.02.2012 21:10:46 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 21:09:57 Kaspersky Anti-Virus nc.exe Gelöscht: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 21:01:58 Kaspersky Anti-Virus cryptload_1.1.8.rar Sicherungskopie erstellt: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 21:01:58 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 21:01:47 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde gestartet 24.02.2012 20:59:44 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:59:27 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:59:25 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:48:22 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:48:17 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 20:46:14 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde abgeschlossen 24.02.2012 20:44:57 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 20:42:03 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:13:41 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:13:34 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:00:44 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:00:12 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 19:59:21 Kaspersky Anti-Virus Photo.class Gelöscht: Exploit.Java.CVE-2011-3544.id 24.02.2012 19:48:39 Kaspersky Anti-Virus b194f87-4bf3fab4 Sicherungskopie erstellt: Exploit.Java.CVE-2011-3544.id 24.02.2012 19:48:39 Kaspersky Anti-Virus Photo.class Gefunden: Exploit.Java.CVE-2011-3544.id 24.02.2012 19:48:33 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 19:28:19 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde gestartet 24.02.2012 18:46:28 Kaspersky Anti-Virus Update Aufgabe wurde beendet 24.02.2012 18:41:43 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 18:41:30 Kaspersky Anti-Virus Rootkit-Suche Aufgabe wurde abgeschlossen 24.02.2012 18:37:45 Kaspersky Anti-Virus Rootkit-Suche Aufgabe wurde gestartet 24.02.2012 18:29:14 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde abgeschlossen 24.02.2012 18:27:03 Host Process for Windows Services PE_Patch Gepackt: ASProtect 24.02.2012 18:07:59 Host Process for Windows Services FileSync.exe Gepackt: PE_Patch 24.02.2012 18:07:58 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:49:05 Host Process for Windows Services $ObjId:$O:$INDEX_ALLOCATION Bearbeitungsfehler 24.02.2012 17:43:52 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:41:33 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:41:32 Host Process for Windows Services SUPER.exe Gepackt: PE_Patch.PECompact 24.02.2012 17:41:32 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:40:25 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:40:24 Host Process for Windows Services GOOGLEDESKTOPSETUP.EXE Gepackt: PE_Patch.PECompact 24.02.2012 17:40:24 Kaspersky Anti-Virus Der Schutz wurde aktiviert 24.02.2012 17:29:39 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus 24.02.2012 17:29:00 Kaspersky Anti-Virus 24.02.2012 17:29:00 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 17:28:59 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:28:59 Unbekanntes Programm amlogs Verboten 24.02.2012 17:28:52 Client Server Runtime Process avp.exe Verboten 24.02.2012 17:27:14 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:25:30 Host Process for Windows Services 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:25:30 Host Process for Windows Services BrSerId.sys Gepackt: PE_Patch 24.02.2012 17:24:11 Host Process for Windows Services BrUsbMdm.sys Gepackt: PE_Patch 24.02.2012 17:23:48 Client Server Runtime Process avp.exe Verboten 24.02.2012 17:23:31 Kaspersky Anti-Virus Aktive Bedrohungen neutralisieren Aufgabe wurde abgeschlossen 24.02.2012 17:23:14 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:22:14 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:22:05 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:22:05 Host Process for Windows Services flvdec.spk Gepackt: PE_Patch.PECompact 24.02.2012 17:22:05 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:21:55 Host Process for Windows Services 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:21:55 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:20:25 Host Process for Windows Services PE_Patch Gepackt: ASProtect 24.02.2012 17:15:38 Host Process for Windows Services FILESEARCH.EXE Gepackt: PE_Patch 24.02.2012 17:15:37 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:15:00 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:14:59 Host Process for Windows Services OTL.exe Gepackt: PE_Patch.PECompact 24.02.2012 17:14:59 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:10:30 Host Process for Windows Services 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:10:30 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:10:22 Host Process for Windows Services DVHHCCFBLUJQW.EXE Gefunden: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:10:22 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:06:57 Windows Explorer DVHHCCFBLUJQW.EXE Wird beim Neustart gelöscht: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:05:23 Windows Explorer DVHHCCFBLUJQW.EXE Sicherungskopie erstellt: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:05:23 Kaspersky Anti-Virus DvhhCCFbLujqW.exe Gelöscht 24.02.2012 17:04:57 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:04:53 Windows Explorer DVHHCCFBLUJQW.EXE Gefunden: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:04:53 Google Desktop 4FM90S4PX3HOPW.EXE Wird beim Neustart in die Quarantäne verschoben: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:46 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Wird beim Neustart gelöscht: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:26 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Verschieben in die Quarantäne unmöglich: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:26 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Wird beim Neustart in die Quarantäne verschoben: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:24 Google Desktop 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:03:38 Google Desktop 4FM90S4PX3HOPW.EXE Nicht verarbeitet: HEUR:Trojan.Win32.Generic 24.02.2012 17:01:35 Kaspersky Anti-Virus Aktive Bedrohungen neutralisieren Aufgabe wurde gestartet 24.02.2012 17:01:16 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:01:16 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Nicht verarbeitet: HEUR:Trojan.Win32.Generic 24.02.2012 17:01:16 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 16:57:44 SpeedCommander TEAMVIEWER_SETUP_DE.EXE Gepackt: UPX 24.02.2012 16:57:24 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 16:57:02 Google Desktop 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 16:57:02 SpeedCommander MxCmn50.dll Gepackt: ASProtect 24.02.2012 16:56:48 Windows Explorer PE_Patch Gepackt: ASProtect 24.02.2012 16:56:34 Windows Explorer PE_Patch Gepackt: ASProtect 24.02.2012 16:56:34 Windows Explorer SPEEDCOMMANDER.EXE Gepackt: PE_Patch 24.02.2012 16:56:33 Windows Explorer SpeedEdit.exe Gepackt: PE_Patch 24.02.2012 16:56:33 Windows Explorer PE_Patch Gepackt: ASProtect 24.02.2012 16:56:33 Windows Explorer SpeedView.exe Gepackt: PE_Patch 24.02.2012 16:56:32 Windows Explorer CmdLineExt03.dll Gepackt: Petite 24.02.2012 16:56:03 Kaspersky Anti-Virus Der Schutz wurde aktiviert 24.02.2012 16:55:01 Kaspersky Anti-Virus Der Schutz funktioniert nicht 24.02.2012 16:54:27 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus 24.02.2012 16:54:27 Kaspersky Anti-Virus 24.02.2012 16:54:27 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Der Schutz funktioniert nicht 24.02.2012 16:54:27 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Task Scheduler Engine avp.exe Verboten 24.02.2012 16:53:53 Unbekanntes Programm Kaspersky Anti-Virus 2012 Verboten 24.02.2012 16:52:04 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 24.02.2012 16:52:05 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 16:52:05 Kaspersky Anti-Virus Update Aufgabe wurde beendet 24.02.2012 16:49:48 Client Server Runtime Process avp.exe Verboten 24.02.2012 16:49:43 Client Server Runtime Process avp.exe Verboten 24.02.2012 16:49:28 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 16:49:07 Task Scheduler Engine avp.exe Verboten 24.02.2012 16:36:29 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 24.02.2012 09:42:07 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 09:42:07 Unbekanntes Programm Kaspersky Anti-Virus 2012 Verboten 24.02.2012 09:42:00 Client Server Runtime Process avp.exe Verboten 24.02.2012 09:40:15 Client Server Runtime Process avp.exe Verboten 24.02.2012 09:39:36 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus 24.02.2012 09:01:31 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus 24.02.2012 09:01:31 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 24.02.2012 09:01:31 Kaspersky Anti-Virus Der Schutz wurde aktiviert 24.02.2012 09:01:16 Kaspersky Anti-Virus Der Schutz funktioniert nicht 24.02.2012 09:01:05 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus 24.02.2012 09:01:05 Kaspersky Anti-Virus 24.02.2012 09:01:05 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Untersuchung bei Computerleerlauf Aufgabe wurde beendet 24.02.2012 08:36:53 Kaspersky Anti-Virus Untersuchung bei Computerleerlauf Aufgabe wurde gestartet 24.02.2012 08:36:49 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 08:17:38 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 08:15:40 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 02:06:03 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 02:02:44 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 00:02:32 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 00:00:53 Datum: Donnerstag (47) Kaspersky Anti-Virus Das Programm wurde nicht aktiviert 23.02.2012 21:12:48 Kaspersky Anti-Virus Der Schutz funktioniert nicht 23.02.2012 21:12:48 Kaspersky Anti-Virus Die Datenbanken sind stark veraltet 23.02.2012 21:12:48 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus 23.02.2012 21:12:48 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus 23.02.2012 21:12:48 Windows Explorer MyClubVAIO.exe Gepackt: UPX 23.02.2012 21:13:17 Kaspersky Anti-Virus Der Schutz wurde aktiviert 23.02.2012 21:14:23 Task Scheduler Engine avp.exe Verboten 23.02.2012 21:22:54 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 23.02.2012 21:23:29 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus 23.02.2012 21:23:29 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus 23.02.2012 21:23:29 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus 23.02.2012 21:23:59 Kaspersky Anti-Virus 23.02.2012 21:23:59 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Der Schutz wurde aktiviert 23.02.2012 21:24:07 Firefox imgad?id=CICAgMDOnYa09wEQ0AIYmAIyCPfPT9bDYC-S Gepackt: Swf2Swc 23.02.2012 21:25:10 Firefox F17EAd01 Gepackt: Swf2Swc 23.02.2012 21:25:31 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 23.02.2012 21:26:08 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus 23.02.2012 21:26:08 Kaspersky Anti-Virus 23.02.2012 21:26:08 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:09 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde beendet 23.02.2012 21:26:12 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 23.02.2012 21:26:56 Kaspersky Anti-Virus 23.02.2012 21:59:21 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 23.02.2012 21:59:33 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 23.02.2012 23:59:58 Code:
ATTFilter Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (2)
not-a-virus:RemoteAdmin.Win32.NetCat.a Desinfiziert 24.02.2012 21:01:59
not-a-virus:RemoteAdmin.Win32.NetCat.a Gelöscht 24.02.2012 21:01:58
Typ: trojanisches Programm (7)
Trojan.Win32.FakeAV.kxpe Gelöscht 24.02.2012 21:13:43
Exploit.Java.CVE-2011-3544.id Desinfiziert 24.02.2012 19:48:39
Exploit.Java.CVE-2011-3544.id Gelöscht 24.02.2012 19:48:39
Trojan.Win32.FakeAV.kxpe Gelöscht 24.02.2012 18:27:03
Exploit.Java.CVE-2011-3544.id Gelöscht 24.02.2012 18:27:03
Packed.Win32.Krap.r Gelöscht 24.02.2012 18:27:02
Packed.Win32.Krap.r Gelöscht 24.02.2012 18:27:02
Typ: Virus (1)
HEUR:Trojan.Win32.Generic Nicht gefunden 24.02.2012 17:28:59
|
|
26.02.2012, 14:43
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Festplattenproblem nach Avira Free Antivirus-Meldung Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
26.02.2012, 17:46
| #18 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung So, hier ist das gute Stück
__________________Code:
ATTFilter OTL logfile created on: 26.02.2012 16:19:54 - Run 3 OTL by OldTimer - Version 3.2.33.2 Folder = c:\Users\****\Downloads Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,98% Memory free 6,13 Gb Paging File | 4,70 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 179,11 Gb Total Space | 10,22 Gb Free Space | 5,70% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\FileServe Manager\FSStarter.exe (FileServe Limited) PRC - C:\Programme\FileServe Manager\FileManager.exe (FileServe Limited) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC) PRC - C:\Programme\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileServe Manager\FFChromeExtHelper.dll () MOD - C:\Programme\FileServe Manager\MT.WindowsUI.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f280cfb373553c7b3ca0581a89944b91\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\System32\CmdLineExt03.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\ZipArchive.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtCore4.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtGui4.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtNetwork4.dll () MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\System32\btwhidcs.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RtkHDMIService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC) DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC) DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (jatmlano) -- C:\Users\****\AppData\Local\Temp\jatmlano.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.02.23 21:45:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.23 21:45:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.20 21:07:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.19 19:03:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.02.17 23:05:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\6pq22yl3.default\extensions [2011.12.04 16:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\DOROTHEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6PQ22YL3.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI () (No name found) -- C:\USERS\DOROTHEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6PQ22YL3.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.01.20 21:07:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.20 21:07:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.20 21:07:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.20 21:07:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.20 21:07:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.20 21:07:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.20 21:07:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll File not found O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files\FileServe Manager\FSStarter.exe (FileServe Limited) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMART Board Service] C:\Programme\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFDDF51-F6E0-4C87-ACB0-BCDD40DE25EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63642535-A480-4AE5-BDDE-F0273A585FFA}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell - "" = AutoRun O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell\AutoRun\command - "" = G:\launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.CSCD - camcodec.dll File not found Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.IPJ2 - jp2avi.dll File not found Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.LAGS - lagarith.dll File not found Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.tscc - tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - vp6vfw.dll (On2.com) Drivers32: vidc.VP70 - vp7vfw.dll File not found Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.24 08:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.24 08:55:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.02.24 08:55:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.24 08:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.23 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.23 20:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2012.02.23 20:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.02.23 20:49:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kaspersky Lab [2012.02.23 20:48:52 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.02.22 14:12:46 | 000,000,000 | -H-D | C] -- C:\Users\****\Desktop\Scans [2012.02.22 03:42:19 | 000,583,168 | -H-- | C] (OldTimer Tools) -- C:\Users\Dorothea\Desktop\OTL.exe [2012.02.22 03:36:49 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2012.02.21 23:43:34 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.02.06 00:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptload [2012.02.05 23:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.02.05 23:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.02.05 23:04:42 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2012.02.05 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012.02.05 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner ========== Files - Modified Within 30 Days ========== [2012.02.26 16:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.26 16:01:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.26 16:01:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.26 14:55:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.26 14:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.26 14:50:12 | 3186,581,504 | -HS- | M] () -- C:\hiberfil.sys [2012.02.25 02:50:21 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.24 18:46:19 | 000,001,733 | ---- | M] () -- C:\Users\Dorothea\Desktop\Vollständige Untersuchung.lnk [2012.02.24 08:55:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.23 21:13:01 | 000,017,408 | -H-- | M] () -- C:\Users\****\AppData\Local\WebpageIcons.db [2012.02.23 20:52:34 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012.02.23 20:52:34 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012.02.23 20:48:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.02.22 03:42:33 | 000,583,168 | -H-- | M] (OldTimer Tools) -- C:\Users\Dorothea\Desktop\OTL.exe [2012.02.22 03:34:03 | 000,000,846 | -H-- | M] () -- C:\Users\****\Desktop\firefox - Verknüpfung.lnk [2012.02.21 23:56:05 | 000,000,448 | -H-- | M] () -- C:\ProgramData\4FM90s4Px3hoPw [2012.02.21 23:54:45 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPw [2012.02.21 23:54:41 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPwr [2012.02.21 23:43:35 | 000,000,605 | -H-- | M] () -- C:\Users\****\Desktop\System Check.lnk [2012.02.14 18:53:59 | 000,001,751 | -H-- | M] () -- C:\Users\****\Desktop\JDownloader.lnk [2012.02.07 22:48:28 | 000,001,356 | -H-- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2012.02.06 00:03:20 | 000,000,682 | -H-- | M] () -- C:\Users\****\Desktop\CryptLoad - Verknüpfung.lnk [2012.02.05 23:04:43 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2012.01.31 22:53:46 | 000,002,631 | -H-- | M] () -- C:\Users\****\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2012.02.24 18:46:19 | 000,001,733 | ---- | C] () -- C:\Users\****\Desktop\Vollständige Untersuchung.lnk [2012.02.24 08:55:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.23 21:12:59 | 000,017,408 | -H-- | C] () -- C:\Users\****\AppData\Local\WebpageIcons.db [2012.02.23 20:52:34 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.02.23 20:52:34 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.02.22 03:34:03 | 000,000,846 | -H-- | C] () -- C:\Users\****\Desktop\firefox - Verknüpfung.lnk [2012.02.21 23:43:35 | 000,000,605 | -H-- | C] () -- C:\Users\****\Desktop\System Check.lnk [2012.02.21 23:43:35 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~4FM90s4Px3hoPw [2012.02.21 23:43:35 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~4FM90s4Px3hoPwr [2012.02.21 23:43:20 | 000,000,448 | -H-- | C] () -- C:\ProgramData\4FM90s4Px3hoPw [2012.02.14 18:53:59 | 000,001,751 | -H-- | C] () -- C:\Users\****\Desktop\JDownloader.lnk [2012.02.06 00:03:20 | 000,000,682 | -H-- | C] () -- C:\Users\****\Desktop\CryptLoad - Verknüpfung.lnk [2011.07.19 00:39:18 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2011.07.19 00:39:18 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.07.19 00:38:54 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.07.19 00:33:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.07.18 15:51:45 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.07.18 15:51:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.07.13 20:36:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.07.13 20:36:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.04.07 16:58:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2010.06.07 18:01:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll ========== LOP Check ========== [2011.07.18 15:46:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.18 12:39:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GrabPro [2012.01.22 23:31:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ [2009.05.11 17:05:10 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo [2011.07.17 17:58:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2010.07.24 15:56:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.07.19 16:29:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MiniDm [2012.02.22 22:47:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Orbit [2011.07.18 12:39:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProgSense [2010.12.08 21:54:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies [2010.12.08 19:57:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies Inc [2009.06.14 16:54:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SpeedProject [2012.02.25 02:50:21 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.20 16:08:03 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Adobe [2011.11.21 15:26:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2011.07.29 00:18:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ArcSoft [2008.06.19 13:23:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ATI [2011.07.18 15:46:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2009.06.15 15:58:40 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Google [2011.07.18 12:39:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GrabPro [2012.01.22 23:31:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ [2008.05.08 14:31:20 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Identities [2008.06.19 13:14:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InstallShield [2009.05.11 17:05:10 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo [2011.07.17 17:58:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2011.07.17 17:58:16 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Logitech [2008.06.19 13:10:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2012.02.22 03:36:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.07.24 15:56:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.08.23 22:02:51 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2011.07.19 16:29:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MiniDm [2011.09.19 19:03:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2012.02.22 22:47:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Orbit [2011.07.18 12:39:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProgSense [2011.04.07 18:28:33 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.04.07 16:58:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\skypePM [2010.12.08 21:54:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies [2010.12.08 19:57:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies Inc [2008.06.19 13:23:33 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sony Corporation [2009.06.14 16:54:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SpeedProject [2011.07.18 18:46:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2004.01.26 16:15:29 | 000,233,472 | RH-- | M] () -- C:\Users\****\AppData\Roaming\MafiaSetup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.04.03 12:00:34 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=F489A11A103A76CA3E2D42BBCF16DAAD -- C:\Program Files\Protector Suite QL\eventlog.dll < MD5 for: IASTOR.SYS > [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2012.02.23 20:48:52 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll < End of report > |
|
26.02.2012, 18:26
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell - "" = AutoRun
O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell\AutoRun\command - "" = G:\launcher.exe
[2012.02.21 23:56:05 | 000,000,448 | -H-- | M] () -- C:\ProgramData\4FM90s4Px3hoPw
[2012.02.21 23:54:45 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPw
[2012.02.21 23:54:41 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPwr
[2012.02.21 23:43:35 | 000,000,605 | -H-- | M] () -- C:\Users\****\Desktop\System Check.lnk
:Files
C:\Programme\ICQ6Toolbar
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.02.2012, 21:37
| #20 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung So, ich habe mich mal wieder blöd angestellt und versehentlich auf fix geklickt, als der alte Kram vom Scan noch drin stand. Er konnte die Befehle erwartungsgemäß nicht interpretieren, also scheint nichts passiert zu sein, ch poste das erste Log dennoch. Code:
ATTFilter Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <wininit.exe> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <netlogon.dll> in the current context!
Error: Unable to interpret <cngaudit.dll> in the current context!
Error: Unable to interpret <ws2ifsl.sys> in the current context!
Error: Unable to interpret <sceclt.dll> in the current context!
Error: Unable to interpret <ntelogon.dll> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <logevent.dll> in the current context!
Error: Unable to interpret <user32.DLL> in the current context!
Error: Unable to interpret <iaStor.sys> in the current context!
Error: Unable to interpret <nvstor.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <IdeChnDr.sys> in the current context!
Error: Unable to interpret <viasraid.sys> in the current context!
Error: Unable to interpret <AGP440.sys> in the current context!
Error: Unable to interpret <vaxscsi.sys> in the current context!
Error: Unable to interpret <nvatabus.sys> in the current context!
Error: Unable to interpret <viamraid.sys> in the current context!
Error: Unable to interpret <nvata.sys> in the current context!
Error: Unable to interpret <nvgts.sys> in the current context!
Error: Unable to interpret <iastorv.sys> in the current context!
Error: Unable to interpret <ViPrt.sys> in the current context!
Error: Unable to interpret <eNetHook.dll> in the current context!
Error: Unable to interpret <ahcix86.sys> in the current context!
Error: Unable to interpret <KR10N.sys> in the current context!
Error: Unable to interpret <nvstor32.sys> in the current context!
Error: Unable to interpret <ahcix86s.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_185405
Code:
ATTFilter All processes killed
========== OTL ==========
Process ICQ Service.exe killed successfully!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found.
File G:\launcher.exe not found.
C:\ProgramData\4FM90s4Px3hoPw moved successfully.
C:\ProgramData\~4FM90s4Px3hoPw moved successfully.
C:\ProgramData\~4FM90s4Px3hoPwr moved successfully.
File C:\Users\****\Desktop\System Check.lnk not found.
========== FILES ==========
File\Folder C:\Programme\ICQ6Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ****xxxx
User: Default
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 198 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ****
->Temp folder emptied: 814185007 bytes
->Temporary Internet Files folder emptied: 3544136077 bytes
->Java cache emptied: 2593590 bytes
->FireFox cache emptied: 70677842 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 48955 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 949790769 bytes
RecycleBin emptied: 1143 bytes
Total Files Cleaned = 5.132,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_185621
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\klsE223.tmp not found!
Registry entries deleted on Reboot...
|
|
26.02.2012, 22:15
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Festplattenproblem nach Avira Free Antivirus-Meldung |
|
29.02.2012, 20:49
| #22 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung So, er hat drei Sachen gefunden. unhide habe ich vorher auch ausgeführt. Code:
ATTFilter 20:39:09.0658 5452 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
20:39:10.0073 5452 ============================================================
20:39:10.0073 5452 Current date / time: 2012/02/29 20:39:10.0073
20:39:10.0074 5452 SystemInfo:
20:39:10.0074 5452
20:39:10.0074 5452 OS Version: 6.0.6001 ServicePack: 1.0
20:39:10.0074 5452 Product type: Workstation
20:39:10.0074 5452 ComputerName: BENNI-PC
20:39:10.0075 5452 UserName: Dorothea
20:39:10.0075 5452 Windows directory: C:\Windows
20:39:10.0075 5452 System windows directory: C:\Windows
20:39:10.0075 5452 Processor architecture: Intel x86
20:39:10.0075 5452 Number of processors: 2
20:39:10.0075 5452 Page size: 0x1000
20:39:10.0075 5452 Boot type: Normal boot
20:39:10.0075 5452 ============================================================
20:39:11.0243 5452 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:11.0255 5452 \Device\Harddisk0\DR0:
20:39:11.0256 5452 MBR used
20:39:11.0256 5452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE68800, BlocksNum 0x166361B0
20:39:11.0293 5452 Initialize success
20:39:11.0293 5452 ============================================================
20:39:32.0535 1788 ============================================================
20:39:32.0535 1788 Scan started
20:39:32.0535 1788 Mode: Manual; SigCheck; TDLFS;
20:39:32.0535 1788 ============================================================
20:39:33.0340 1788 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:39:33.0612 1788 ACPI - ok
20:39:33.0683 1788 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:39:33.0736 1788 adp94xx - ok
20:39:33.0775 1788 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:39:33.0813 1788 adpahci - ok
20:39:33.0909 1788 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:39:33.0938 1788 adpu160m - ok
20:39:33.0976 1788 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:39:34.0007 1788 adpu320 - ok
20:39:34.0086 1788 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:39:34.0182 1788 AFD - ok
20:39:34.0436 1788 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:39:34.0462 1788 agp440 - ok
20:39:34.0550 1788 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:39:34.0581 1788 aic78xx - ok
20:39:34.0615 1788 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:39:34.0639 1788 aliide - ok
20:39:34.0671 1788 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:39:34.0697 1788 amdagp - ok
20:39:34.0724 1788 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:39:34.0750 1788 amdide - ok
20:39:34.0778 1788 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:39:34.0842 1788 AmdK7 - ok
20:39:34.0871 1788 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:39:34.0962 1788 AmdK8 - ok
20:39:35.0083 1788 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:39:35.0111 1788 arc - ok
20:39:35.0190 1788 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:39:35.0217 1788 arcsas - ok
20:39:35.0301 1788 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:35.0379 1788 AsyncMac - ok
20:39:35.0411 1788 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:39:35.0435 1788 atapi - ok
20:39:35.0500 1788 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys
20:39:35.0628 1788 athr - ok
20:39:35.0835 1788 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
20:39:36.0199 1788 atikmdag - ok
20:39:36.0317 1788 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
20:39:36.0360 1788 atksgt ( UnsignedFile.Multi.Generic ) - warning
20:39:36.0361 1788 atksgt - detected UnsignedFile.Multi.Generic (1)
20:39:36.0440 1788 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:39:36.0529 1788 Beep - ok
20:39:36.0594 1788 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:39:36.0668 1788 blbdrive - ok
20:39:36.0785 1788 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:39:36.0861 1788 bowser - ok
20:39:36.0906 1788 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:39:37.0052 1788 BrFiltLo - ok
20:39:37.0217 1788 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:39:37.0302 1788 BrFiltUp - ok
20:39:37.0368 1788 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:39:37.0620 1788 Brserid - ok
20:39:37.0703 1788 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:39:37.0831 1788 BrSerWdm - ok
20:39:37.0866 1788 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:39:37.0983 1788 BrUsbMdm - ok
20:39:38.0014 1788 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:39:38.0149 1788 BrUsbSer - ok
20:39:38.0244 1788 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
20:39:38.0324 1788 BthEnum - ok
20:39:38.0434 1788 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
20:39:38.0523 1788 BTHMODEM - ok
20:39:38.0551 1788 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:39:38.0641 1788 BthPan - ok
20:39:38.0678 1788 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys
20:39:38.0730 1788 BTHPORT - ok
20:39:38.0768 1788 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys
20:39:38.0819 1788 BTHUSB - ok
20:39:38.0872 1788 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
20:39:39.0876 1788 btwaudio - ok
20:39:39.0957 1788 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
20:39:39.0978 1788 btwavdt - ok
20:39:40.0000 1788 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:39:40.0020 1788 btwl2cap - ok
20:39:40.0038 1788 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
20:39:40.0057 1788 btwrchid - ok
20:39:40.0103 1788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:39:40.0197 1788 cdfs - ok
20:39:40.0257 1788 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:39:40.0338 1788 cdrom - ok
20:39:40.0372 1788 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:39:40.0452 1788 circlass - ok
20:39:40.0544 1788 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:39:40.0580 1788 CLFS - ok
20:39:40.0665 1788 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:39:40.0726 1788 CmBatt - ok
20:39:40.0757 1788 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:39:40.0782 1788 cmdide - ok
20:39:40.0797 1788 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:39:40.0822 1788 Compbatt - ok
20:39:40.0845 1788 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:39:40.0870 1788 crcdisk - ok
20:39:40.0901 1788 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:39:40.0999 1788 Crusoe - ok
20:39:41.0101 1788 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
20:39:41.0203 1788 CSC - ok
20:39:41.0279 1788 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:39:41.0362 1788 DfsC - ok
20:39:41.0449 1788 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:39:41.0476 1788 disk - ok
20:39:41.0532 1788 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
20:39:41.0556 1788 DMICall - ok
20:39:41.0681 1788 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:39:41.0750 1788 drmkaud - ok
20:39:41.0829 1788 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:39:41.0857 1788 dtsoftbus01 - ok
20:39:41.0940 1788 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:42.0067 1788 DXGKrnl - ok
20:39:42.0189 1788 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:39:42.0293 1788 E1G60 - ok
20:39:42.0353 1788 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:39:42.0384 1788 Ecache - ok
20:39:42.0486 1788 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:39:42.0547 1788 elxstor - ok
20:39:42.0660 1788 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:39:42.0737 1788 ErrDev - ok
20:39:42.0820 1788 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:39:42.0897 1788 exfat - ok
20:39:42.0930 1788 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:39:43.0011 1788 fastfat - ok
20:39:43.0083 1788 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:39:43.0176 1788 fdc - ok
20:39:43.0562 1788 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:39:43.0588 1788 FileInfo - ok
20:39:43.0613 1788 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:39:43.0694 1788 Filetrace - ok
20:39:43.0772 1788 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:43.0840 1788 flpydisk - ok
20:39:43.0947 1788 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:39:43.0988 1788 FltMgr - ok
20:39:44.0083 1788 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:44.0161 1788 Fs_Rec - ok
20:39:44.0204 1788 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:39:44.0229 1788 gagp30kx - ok
20:39:44.0271 1788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:39:44.0290 1788 GEARAspiWDM - ok
20:39:44.0432 1788 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:39:44.0604 1788 HdAudAddService - ok
20:39:44.0690 1788 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:39:44.0772 1788 HDAudBus - ok
20:39:44.0814 1788 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:39:44.0953 1788 HidBth - ok
20:39:44.0989 1788 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:39:45.0098 1788 HidIr - ok
20:39:45.0187 1788 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:39:45.0275 1788 HidUsb - ok
20:39:45.0337 1788 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:39:45.0364 1788 HpCISSs - ok
20:39:45.0445 1788 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:39:45.0524 1788 HSFHWAZL - ok
20:39:45.0659 1788 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:39:45.0801 1788 HSF_DPV - ok
20:39:45.0848 1788 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:39:45.0907 1788 HSXHWAZL - ok
20:39:46.0023 1788 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
20:39:46.0138 1788 HTTP - ok
20:39:46.0178 1788 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:39:46.0207 1788 i2omp - ok
20:39:46.0259 1788 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:39:46.0327 1788 i8042prt - ok
20:39:46.0407 1788 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
20:39:46.0436 1788 iaStor - ok
20:39:46.0525 1788 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:39:46.0569 1788 iaStorV - ok
20:39:46.0590 1788 igfx - ok
20:39:46.0638 1788 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:39:46.0662 1788 iirsp - ok
20:39:46.0778 1788 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
20:39:46.0925 1788 IntcAzAudAddService - ok
20:39:47.0029 1788 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:39:47.0053 1788 intelide - ok
20:39:47.0133 1788 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:47.0214 1788 intelppm - ok
20:39:47.0265 1788 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:47.0350 1788 IpFilterDriver - ok
20:39:47.0373 1788 IpInIp - ok
20:39:47.0415 1788 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:39:47.0479 1788 IPMIDRV - ok
20:39:47.0569 1788 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:39:47.0699 1788 IPNAT - ok
20:39:48.0002 1788 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:39:48.0092 1788 IRENUM - ok
20:39:48.0121 1788 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:39:48.0147 1788 isapnp - ok
20:39:48.0197 1788 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:39:48.0250 1788 iScsiPrt - ok
20:39:48.0282 1788 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:39:48.0306 1788 iteatapi - ok
20:39:48.0331 1788 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:39:48.0355 1788 iteraid - ok
20:39:48.0456 1788 jatmlano - ok
20:39:48.0551 1788 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:48.0575 1788 kbdclass - ok
20:39:48.0607 1788 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:39:48.0688 1788 kbdhid - ok
20:39:48.0756 1788 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
20:39:48.0781 1788 KL1 - ok
20:39:48.0803 1788 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
20:39:48.0820 1788 kl2 - ok
20:39:48.0918 1788 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
20:39:49.0070 1788 KLIF - ok
20:39:49.0168 1788 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
20:39:49.0189 1788 KLIM6 - ok
20:39:49.0257 1788 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
20:39:49.0276 1788 klmouflt - ok
20:39:49.0337 1788 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:39:49.0390 1788 KSecDD - ok
20:39:49.0475 1788 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:39:49.0496 1788 LHidFilt - ok
20:39:49.0558 1788 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
20:39:49.0569 1788 lirsgt ( UnsignedFile.Multi.Generic ) - warning
20:39:49.0569 1788 lirsgt - detected UnsignedFile.Multi.Generic (1)
20:39:49.0671 1788 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:49.0769 1788 lltdio - ok
20:39:49.0815 1788 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:39:49.0834 1788 LMouFilt - ok
20:39:49.0876 1788 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:39:49.0903 1788 LSI_FC - ok
20:39:49.0945 1788 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:39:49.0987 1788 LSI_SAS - ok
20:39:50.0062 1788 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:39:50.0090 1788 LSI_SCSI - ok
20:39:50.0358 1788 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:39:50.0444 1788 luafv - ok
20:39:50.0504 1788 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
20:39:50.0523 1788 LUsbFilt - ok
20:39:50.0561 1788 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:39:50.0609 1788 mdmxsdk - ok
20:39:50.0654 1788 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:39:50.0679 1788 megasas - ok
20:39:50.0717 1788 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:39:50.0795 1788 MegaSR - ok
20:39:50.0898 1788 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:39:50.0988 1788 Modem - ok
20:39:51.0018 1788 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:39:51.0103 1788 monitor - ok
20:39:51.0138 1788 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:39:51.0163 1788 mouclass - ok
20:39:51.0187 1788 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:51.0273 1788 mouhid - ok
20:39:51.0321 1788 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:39:51.0365 1788 MountMgr - ok
20:39:51.0502 1788 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:39:51.0530 1788 mpio - ok
20:39:51.0567 1788 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:39:51.0618 1788 mpsdrv - ok
20:39:51.0682 1788 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:39:51.0706 1788 Mraid35x - ok
20:39:51.0753 1788 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:39:51.0833 1788 MRxDAV - ok
20:39:51.0871 1788 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:51.0948 1788 mrxsmb - ok
20:39:52.0029 1788 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:52.0091 1788 mrxsmb10 - ok
20:39:52.0135 1788 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:52.0187 1788 mrxsmb20 - ok
20:39:52.0234 1788 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:39:52.0261 1788 msahci - ok
20:39:52.0307 1788 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:39:52.0347 1788 msdsm - ok
20:39:52.0503 1788 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:39:52.0585 1788 Msfs - ok
20:39:52.0660 1788 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:39:52.0684 1788 msisadrv - ok
20:39:52.0748 1788 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:52.0812 1788 MSKSSRV - ok
20:39:52.0836 1788 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:52.0911 1788 MSPCLOCK - ok
20:39:52.0942 1788 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:39:53.0020 1788 MSPQM - ok
20:39:53.0059 1788 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:39:53.0090 1788 MsRPC - ok
20:39:53.0138 1788 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:39:53.0162 1788 mssmbios - ok
20:39:53.0214 1788 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:39:53.0304 1788 MSTEE - ok
20:39:53.0521 1788 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:39:53.0547 1788 Mup - ok
20:39:53.0632 1788 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:53.0705 1788 NativeWifiP - ok
20:39:53.0776 1788 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:39:53.0868 1788 NDIS - ok
20:39:53.0963 1788 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:54.0038 1788 NdisTapi - ok
20:39:54.0075 1788 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:54.0153 1788 Ndisuio - ok
20:39:54.0192 1788 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:54.0259 1788 NdisWan - ok
20:39:54.0289 1788 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:39:54.0362 1788 NDProxy - ok
20:39:54.0400 1788 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:39:54.0489 1788 NetBIOS - ok
20:39:54.0527 1788 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:39:54.0616 1788 netbt - ok
20:39:54.0883 1788 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
20:39:55.0161 1788 NETw5v32 - ok
20:39:55.0301 1788 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:39:55.0325 1788 nfrd960 - ok
20:39:55.0354 1788 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:39:55.0433 1788 Npfs - ok
20:39:55.0477 1788 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:39:55.0574 1788 nsiproxy - ok
20:39:55.0670 1788 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:39:55.0756 1788 Ntfs - ok
20:39:55.0821 1788 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:39:55.0940 1788 ntrigdigi - ok
20:39:55.0972 1788 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:39:56.0033 1788 Null - ok
20:39:56.0072 1788 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:39:56.0101 1788 nvraid - ok
20:39:56.0136 1788 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:39:56.0161 1788 nvstor - ok
20:39:56.0198 1788 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:39:56.0226 1788 nv_agp - ok
20:39:56.0250 1788 NwlnkFlt - ok
20:39:56.0277 1788 NwlnkFwd - ok
20:39:56.0332 1788 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:39:56.0415 1788 ohci1394 - ok
20:39:56.0509 1788 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:39:56.0636 1788 Parport - ok
20:39:56.0675 1788 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:39:56.0701 1788 partmgr - ok
20:39:56.0738 1788 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:39:56.0862 1788 Parvdm - ok
20:39:56.0888 1788 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:39:56.0918 1788 pci - ok
20:39:56.0947 1788 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:39:56.0971 1788 pciide - ok
20:39:57.0004 1788 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:39:57.0034 1788 pcmcia - ok
20:39:57.0121 1788 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:39:57.0355 1788 PEAUTH - ok
20:39:57.0518 1788 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:57.0603 1788 PptpMiniport - ok
20:39:57.0632 1788 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:39:57.0704 1788 Processor - ok
20:39:57.0787 1788 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:39:57.0862 1788 PSched - ok
20:39:57.0903 1788 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
20:39:57.0924 1788 PxHelp20 - ok
20:39:58.0005 1788 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:39:58.0109 1788 ql2300 - ok
20:39:58.0229 1788 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:39:58.0256 1788 ql40xx - ok
20:39:58.0317 1788 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:39:58.0375 1788 QWAVEdrv - ok
20:39:58.0414 1788 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:58.0500 1788 RasAcd - ok
20:39:58.0558 1788 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:58.0643 1788 Rasl2tp - ok
20:39:58.0674 1788 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:58.0745 1788 RasPppoe - ok
20:39:58.0784 1788 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:58.0868 1788 RasSstp - ok
20:39:58.0939 1788 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:59.0046 1788 rdbss - ok
20:39:59.0116 1788 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:59.0214 1788 RDPCDD - ok
20:39:59.0273 1788 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
20:39:59.0369 1788 rdpdr - ok
20:39:59.0386 1788 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:39:59.0448 1788 RDPENCDD - ok
20:39:59.0490 1788 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:39:59.0559 1788 RDPWD - ok
20:39:59.0601 1788 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:39:59.0620 1788 regi - ok
20:39:59.0676 1788 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
20:39:59.0757 1788 RFCOMM - ok
20:39:59.0816 1788 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:39:59.0880 1788 rimsptsk - ok
20:39:59.0915 1788 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
20:39:59.0962 1788 risdptsk - ok
20:40:00.0023 1788 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:40:00.0087 1788 rspndr - ok
20:40:00.0135 1788 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\Windows\system32\DRIVERS\rt25usbap.sys
20:40:00.0173 1788 RT25USBAP ( UnsignedFile.Multi.Generic ) - warning
20:40:00.0173 1788 RT25USBAP - detected UnsignedFile.Multi.Generic (1)
20:40:00.0357 1788 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:40:00.0383 1788 sbp2port - ok
20:40:00.0485 1788 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:40:00.0577 1788 sdbus - ok
20:40:00.0623 1788 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:40:00.0753 1788 secdrv - ok
20:40:00.0797 1788 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:40:00.0919 1788 Serenum - ok
20:40:00.0953 1788 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:40:01.0064 1788 Serial - ok
20:40:01.0107 1788 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:40:01.0201 1788 sermouse - ok
20:40:01.0350 1788 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
20:40:01.0387 1788 SFEP - ok
20:40:01.0442 1788 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:40:01.0506 1788 sffdisk - ok
20:40:01.0538 1788 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:40:01.0613 1788 sffp_mmc - ok
20:40:01.0657 1788 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:40:01.0734 1788 sffp_sd - ok
20:40:01.0780 1788 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:01.0844 1788 sfloppy - ok
20:40:01.0895 1788 shpf (fd165f1309e8da2a969fbbb16635e459) C:\Windows\system32\DRIVERS\shpf.sys
20:40:01.0915 1788 shpf - ok
20:40:02.0003 1788 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:40:02.0028 1788 sisagp - ok
20:40:02.0077 1788 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:40:02.0102 1788 SiSRaid2 - ok
20:40:02.0140 1788 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:40:02.0167 1788 SiSRaid4 - ok
20:40:02.0262 1788 SMARTMouseFilterx86 (9d819137bbdee71f4241706acf80fbe1) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
20:40:02.0281 1788 SMARTMouseFilterx86 - ok
20:40:02.0316 1788 SMARTVHidMini2000x86 (2d362731fac8440e9d3a43f5d1dae280) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
20:40:02.0336 1788 SMARTVHidMini2000x86 - ok
20:40:02.0386 1788 SMARTVTabletPCx86 (cb07b494d60a0f31b12b01dee0fb251f) C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
20:40:02.0470 1788 SMARTVTabletPCx86 - ok
20:40:02.0507 1788 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:40:02.0592 1788 Smb - ok
20:40:02.0691 1788 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:40:02.0715 1788 spldr - ok
20:40:02.0802 1788 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:40:02.0880 1788 srv - ok
20:40:02.0914 1788 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:40:02.0963 1788 srv2 - ok
20:40:03.0008 1788 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:40:03.0063 1788 srvnet - ok
20:40:03.0154 1788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:40:03.0175 1788 ssmdrv - ok
20:40:03.0243 1788 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:40:03.0287 1788 swenum - ok
20:40:03.0439 1788 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:40:03.0464 1788 Symc8xx - ok
20:40:03.0507 1788 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:40:03.0531 1788 Sym_hi - ok
20:40:03.0564 1788 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:40:03.0589 1788 Sym_u3 - ok
20:40:03.0631 1788 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
20:40:03.0659 1788 SynTP - ok
20:40:03.0788 1788 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:40:03.0868 1788 Tcpip - ok
20:40:03.0965 1788 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:40:04.0034 1788 Tcpip6 - ok
20:40:04.0074 1788 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:40:04.0138 1788 tcpipreg - ok
20:40:04.0198 1788 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
20:40:04.0219 1788 TcUsb - ok
20:40:04.0246 1788 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:40:04.0327 1788 TDPIPE - ok
20:40:04.0369 1788 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:40:04.0454 1788 TDTCP - ok
20:40:04.0541 1788 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:40:04.0608 1788 tdx - ok
20:40:04.0671 1788 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:40:04.0696 1788 TermDD - ok
20:40:04.0748 1788 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
20:40:04.0773 1788 TPM - ok
20:40:09.0338 1788 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
20:40:09.0376 1788 truecrypt - ok
20:40:09.0628 1788 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:09.0691 1788 tssecsrv - ok
20:40:09.0726 1788 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:40:09.0803 1788 tunmp - ok
20:40:09.0879 1788 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:40:09.0935 1788 tunnel - ok
20:40:09.0964 1788 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:40:09.0991 1788 uagp35 - ok
20:40:10.0044 1788 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:40:10.0148 1788 udfs - ok
20:40:10.0249 1788 UIUSys - ok
20:40:10.0292 1788 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:40:10.0318 1788 uliagpkx - ok
20:40:10.0352 1788 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:40:10.0389 1788 uliahci - ok
20:40:10.0422 1788 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:40:10.0448 1788 UlSata - ok
20:40:10.0480 1788 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:40:10.0509 1788 ulsata2 - ok
20:40:10.0547 1788 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:40:10.0624 1788 umbus - ok
20:40:10.0682 1788 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:40:10.0740 1788 USBAAPL - ok
20:40:10.0830 1788 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:10.0904 1788 usbccgp - ok
20:40:10.0936 1788 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:40:11.0045 1788 usbcir - ok
20:40:11.0088 1788 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
20:40:11.0144 1788 usbehci - ok
20:40:11.0235 1788 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
20:40:11.0309 1788 usbhub - ok
20:40:11.0502 1788 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:40:11.0639 1788 usbohci - ok
20:40:11.0720 1788 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:40:11.0830 1788 usbprint - ok
20:40:11.0871 1788 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:11.0961 1788 USBSTOR - ok
20:40:12.0047 1788 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:12.0076 1788 usbuhci - ok
20:40:12.0144 1788 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:40:12.0237 1788 usbvideo - ok
20:40:12.0337 1788 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:12.0415 1788 vga - ok
20:40:12.0455 1788 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:40:12.0552 1788 VgaSave - ok
20:40:12.0581 1788 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:40:12.0608 1788 viaagp - ok
20:40:12.0828 1788 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:40:12.0919 1788 ViaC7 - ok
20:40:12.0947 1788 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:40:12.0972 1788 viaide - ok
20:40:13.0004 1788 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:40:13.0031 1788 volmgr - ok
20:40:13.0062 1788 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:40:13.0099 1788 volmgrx - ok
20:40:13.0140 1788 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:40:13.0177 1788 volsnap - ok
20:40:13.0242 1788 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:40:13.0271 1788 vsmraid - ok
20:40:13.0322 1788 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:40:13.0446 1788 WacomPen - ok
20:40:13.0568 1788 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:13.0619 1788 Wanarp - ok
20:40:13.0629 1788 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:13.0679 1788 Wanarpv6 - ok
20:40:13.0778 1788 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:40:13.0817 1788 Wd - ok
20:40:13.0866 1788 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:40:13.0917 1788 Wdf01000 - ok
20:40:14.0064 1788 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:40:14.0093 1788 WimFltr - ok
20:40:14.0165 1788 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:40:14.0266 1788 winachsf - ok
20:40:14.0396 1788 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:40:14.0447 1788 WmiAcpi - ok
20:40:14.0547 1788 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:40:14.0610 1788 ws2ifsl - ok
20:40:14.0696 1788 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:14.0785 1788 WUDFRd - ok
20:40:14.0848 1788 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
20:40:14.0890 1788 XAudio - ok
20:40:15.0006 1788 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
20:40:15.0140 1788 xnacc - ok
20:40:15.0209 1788 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
20:40:15.0233 1788 xusb21 - ok
20:40:15.0289 1788 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
20:40:15.0372 1788 yukonwlh - ok
20:40:15.0418 1788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:40:15.0568 1788 \Device\Harddisk0\DR0 - ok
20:40:15.0576 1788 Boot (0x1200) (682b1841548126c6998432dfdadb121b) \Device\Harddisk0\DR0\Partition0
20:40:15.0579 1788 \Device\Harddisk0\DR0\Partition0 - ok
20:40:15.0584 1788 ============================================================
20:40:15.0584 1788 Scan finished
20:40:15.0584 1788 ============================================================
20:40:15.0613 4552 Detected object count: 3
20:40:15.0613 4552 Actual detected object count: 3
20:46:20.0617 4552 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:20.0617 4552 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:20.0621 4552 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:20.0621 4552 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:20.0625 4552 RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:20.0625 4552 RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.03.2012, 12:09
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2012, 22:10
| #24 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung So, hier ist das Log. Eine Fehlermeldung habe ich beim Starten von Firefox nicht erhalten, ich musste ihn nur wieder als Standardbrowser festlegen Code:
ATTFilter ComboFix 12-03-02.01 - Dorothea 02.03.2012 18:26:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.49.1031.18.3038.1786 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\****\Desktop\System Check.lnk
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\windeploy.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 17:46 . 2012-03-02 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 17:14 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{210D9088-1083-4CE4-BF41-F42713D1818F}\mpengine.dll
2012-02-26 17:54 . 2012-02-26 17:54 -------- d-----w- C:\_OTL
2012-02-24 07:55 . 2012-02-24 07:55 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 07:55 . 2012-02-24 07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 07:55 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 20:26 . 2012-02-23 20:26 -------- d-----w- c:\program files\ESET
2012-02-23 19:52 . 2012-02-23 19:52 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-23 19:52 . 2012-02-23 19:52 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-23 19:49 . 2012-02-23 19:49 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-23 19:49 . 2012-03-02 17:10 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-23 19:17 . 2012-01-29 04:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 02:36 . 2012-02-22 02:36 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2012-02-05 23:01 . 2012-02-05 23:01 -------- d-----w- c:\program files\Cryptload
2012-02-05 22:09 . 2012-02-05 22:09 -------- d-----w- c:\program files\7-Zip
2012-02-05 22:04 . 2012-02-05 22:04 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-02-05 22:03 . 2012-02-05 22:04 -------- d-----w- c:\program files\TrueCrypt
2012-02-05 21:59 . 2012-02-05 21:59 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 14:09 . 2011-09-24 00:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 20:07 . 2012-01-20 20:07 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-03 11:10 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-03 11:10 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-05-29 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-06 6111232]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-19 36864]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-03 48904]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-26 534368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-09-02 954648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-5-9 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-7-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-03 10:57 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 21:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:09]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6pq22yl3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1 - c:\program files\FileServe Manager\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-02 18:46
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2012-03-02 18:50:30
ComboFix-quarantined-files.txt 2012-03-02 17:50
.
Vor Suchlauf: 13 Verzeichnis(se), 15.136.571.392 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 14.852.784.128 Bytes frei
.
- - End Of File - - F29E413F611EB8BADB40938B55663904
|
|
05.03.2012, 11:42
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2012, 22:36
| #26 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung So, beim zweiten Versuhc hat es nach einem Neustart geklappt. Hier das Log vom GMER, die anderen folgen noch Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-06 22:33:59
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.DC4O
Running: fb3jqn5s.exe; Driver: C:\Users\****\AppData\Local\Temp\pgloqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x92AF428A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x92B0E342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x92B0E678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x92B0E9EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x92AF4D04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x92B0E02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x92AF5276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x92AF5164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x92B0E4E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x92AF4046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x92AF538E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x92AF48BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x92B0E5B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x92AF574E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x92AF4D46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x92AF6750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x92AF5840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x92AF5DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x92B0C840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x92AF5308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x92AF51F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x92AF44C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x92AF5B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x92AF5420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x92AF43B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x92AF555C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x92B0CA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x92AF60D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x92AF59E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x92B09334]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x92B0E7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x92B0E72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x92B0E848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x92B0953E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x92AF65F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x92B08E5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKeyEx [0x92B08FF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveMergedKeys [0x92B09194]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x92B0E1B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x92AF4BA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x92AF55FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x92AF6222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x92AF6316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x92AF6450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x92AF5670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x92AF4664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x92AF45BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x92AF5F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x92AF4750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x92AF4A2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x92AF54A6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 34C 82302970 4 Bytes [8A, 42, AF, 92] {MOV AL, [EDX-0x51]; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 370 82302994 8 Bytes [42, E3, B0, 92, 78, E6, B0, ...] {INC EDX; JECXZ 0xffffffffffffffb3; XCHG EDX, EAX; JS 0xffffffffffffffec; MOV AL, 0x92}
.text ntkrnlpa.exe!KeSetTimerEx + 3B4 823029D8 4 Bytes JMP AFF3BC8D
.text ntkrnlpa.exe!KeSetTimerEx + 3DC 82302A00 4 Bytes [04, 4D, AF, 92] {ADD AL, 0x4d; SCASD ; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 82302A18 4 Bytes [2A, E0, B0, 92] {SUB AH, AL; MOV AL, 0x92}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F205000, 0x1F926A, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F923300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F966300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] ntdll.dll!NtProtectVirtualMemory 776C85D8 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] USER32.dll!GetAppCompatFlags2 + 880 777B6390 4 Bytes [E0, 13, 54, 67]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] ntdll.dll!NtProtectVirtualMemory 776C85D8 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] USER32.dll!GetAppCompatFlags2 + 880 777B6390 4 Bytes [E0, 13, 54, 67]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF073C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BB8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BF9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BBB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BAFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BB7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BAEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BEB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BBBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BB0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BB06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BA71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C3D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BD7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BAE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BA697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BA69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BB2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF073C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d02af9f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b714f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7151
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b715f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7165
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b716e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7172
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3df4a216
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3df4a216@000000c90500 0x36 0x0C 0x69 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d02af9f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b714f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7151 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b715f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7165 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b716e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7172 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3df4a216 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3df4a216@000000c90500 0x36 0x0C 0x69 0x4A ...
---- EOF - GMER 1.0.15 ----
Nach erneutem Neustart jetzt OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:13:14 on 06.03.2012 OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\Users\****\AppData\Local\Temp\catchme.sys (File not found) "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Nintendo Wi-Fi USB Connector Service" (RT25USBAP) - "Ralink Technology Inc." - C:\Windows\System32\DRIVERS\rt25usbap.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? - (File not found | COM-object registry key not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Dorothea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" "FileServe Manager Task" - "FileServe Limited" - "C:\Program Files\FileServe Manager\FSStarter.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe "SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe" "XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "RtkHDMIService" (RtkHDMIService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Xave (06.03.2012 um 23:18 Uhr) |
|
06.03.2012, 23:52
| #27 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung Hmm, beim ersten OSAM war der Scanner wieder an, ich habs zur Sicherheit nochmal gemacht: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:40:36 on 06.03.2012 OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\Users\****\AppData\Local\Temp\catchme.sys (File not found) "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Nintendo Wi-Fi USB Connector Service" (RT25USBAP) - "Ralink Technology Inc." - C:\Windows\System32\DRIVERS\rt25usbap.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? - (File not found | COM-object registry key not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Dorothea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" "FileServe Manager Task" - "FileServe Limited" - "C:\Program Files\FileServe Manager\FSStarter.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe "SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe" "XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "RtkHDMIService" (RtkHDMIService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
07.03.2012, 00:32
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-MeldungZitat:
Neues Log von OSAM danach wäre gut. Außerdem brauche ich noch das Log von aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2012, 00:52
| #29 |
| | Festplattenproblem nach Avira Free Antivirus-Meldung So, hier das letzte Log (aswMBR): Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-06 23:53:21
-----------------------------
23:53:21.390 OS Version: Windows 6.0.6001 Service Pack 1
23:53:21.390 Number of processors: 2 586 0x1706
23:53:21.390 ComputerName: ****-PC UserName: ****
23:53:55.835 Initialize success
23:55:00.102 AVAST engine defs: 12030600
23:55:17.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:55:17.200 Disk 0 Vendor: Hitachi_ DC4O Size: 190782MB BusType: 3
23:55:17.200 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f
23:55:17.216 Disk 1 Vendor: RICOH 01 Size: 190782MB BusType: 0
23:55:17.216 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000070
23:55:17.231 Disk 2 Vendor: RICOH 02 Size: 190782MB BusType: 0
23:55:17.247 Disk 0 MBR read successfully
23:55:17.262 Disk 0 MBR scan
23:55:17.278 Disk 0 Windows VISTA default MBR code
23:55:17.278 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7376 MB offset 2048
23:55:17.294 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 183404 MB offset 15108096
23:55:17.309 Disk 0 scanning sectors +390719920
23:55:17.387 Disk 0 scanning C:\Windows\system32\drivers
23:55:28.931 Service scanning
23:55:39.508 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
23:55:39.586 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
23:55:39.758 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
23:55:39.773 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
23:55:57.401 Modules scanning
23:56:02.128 Disk 0 trace - called modules:
23:56:02.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys shpf.sys acpi.sys hal.dll iaStor.sys
23:56:02.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87034738]
23:56:02.175 3 CLASSPNP.SYS[8b16e745] -> nt!IofCallDriver -> [0x863d10c8]
23:56:02.190 5 shpf.sys[8ab55cdd] -> nt!IofCallDriver -> [0x85906020]
23:56:02.190 7 acpi.sys[806956a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85912028]
23:56:03.688 AVAST engine scan C:\Windows
23:56:07.744 AVAST engine scan C:\Windows\system32
23:59:42.681 AVAST engine scan C:\Windows\system32\drivers
23:59:56.440 AVAST engine scan C:\Users\Dorothea
00:14:17.017 AVAST engine scan C:\ProgramData
00:28:05.566 Scan finished successfully
00:48:48.731 Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
00:48:48.747 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"
|
|
| Themen zu Festplattenproblem nach Avira Free Antivirus-Meldung |
| antivirus, avira, bildschirm, computer, datei, entfernen, error, failed, fehlermeldungen, festplatte, free, funktioniert, laptop, neustart, ordner, problem, probleme, programme, ram, scan, schließen, surfen, system, system32, systemsteuerung, versteckte, wiederholung, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
