|
Plagegeister aller Art und deren Bekämpfung: Festplattenproblem nach Avira Free Antivirus-MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.02.2012, 01:18 | #16 |
| Festplattenproblem nach Avira Free Antivirus-Meldung Ach ja Ich habe jetzt die Berichte gespeichert und den Inhalt der Textdatei hier rein kopiert. Das erste ist der "Schutz-Center", das zweite sind "Erkannte Bedrohungen", hoffentlich waren das die richtigen. Tut mir leid, dass ich mich ein bisschen blöd anstelle... mfG Code:
ATTFilter Datum: Gestern (155) Kaspersky Anti-Virus dvhhccfblujqw.exe Sicherungskopie erstellt: Trojan.Win32.FakeAV.kxpe 24.02.2012 21:13:43 Kaspersky Anti-Virus dvhhccfblujqw.exe Gefunden: Trojan.Win32.FakeAV.kxpe 24.02.2012 21:12:46 Host Process for Windows Services $ObjId:$O:$INDEX_ALLOCATION Bearbeitungsfehler 24.02.2012 21:10:46 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 21:09:57 Kaspersky Anti-Virus nc.exe Gelöscht: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 21:01:58 Kaspersky Anti-Virus cryptload_1.1.8.rar Sicherungskopie erstellt: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 21:01:58 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 21:01:47 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde gestartet 24.02.2012 20:59:44 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:59:27 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:59:25 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:48:22 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:48:17 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 20:46:14 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde abgeschlossen 24.02.2012 20:44:57 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 20:42:03 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:13:41 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:13:34 Kaspersky Anti-Virus nc.exe Nicht desinfizierte Objekte: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:00:44 Kaspersky Anti-Virus nc.exe Gefunden: not-a-virus:RemoteAdmin.Win32.NetCat.a 24.02.2012 20:00:12 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 19:59:21 Kaspersky Anti-Virus Photo.class Gelöscht: Exploit.Java.CVE-2011-3544.id 24.02.2012 19:48:39 Kaspersky Anti-Virus b194f87-4bf3fab4 Sicherungskopie erstellt: Exploit.Java.CVE-2011-3544.id 24.02.2012 19:48:39 Kaspersky Anti-Virus Photo.class Gefunden: Exploit.Java.CVE-2011-3544.id 24.02.2012 19:48:33 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 19:28:19 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde gestartet 24.02.2012 18:46:28 Kaspersky Anti-Virus Update Aufgabe wurde beendet 24.02.2012 18:41:43 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 18:41:30 Kaspersky Anti-Virus Rootkit-Suche Aufgabe wurde abgeschlossen 24.02.2012 18:37:45 Kaspersky Anti-Virus Rootkit-Suche Aufgabe wurde gestartet 24.02.2012 18:29:14 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde abgeschlossen 24.02.2012 18:27:03 Host Process for Windows Services PE_Patch Gepackt: ASProtect 24.02.2012 18:07:59 Host Process for Windows Services FileSync.exe Gepackt: PE_Patch 24.02.2012 18:07:58 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:49:05 Host Process for Windows Services $ObjId:$O:$INDEX_ALLOCATION Bearbeitungsfehler 24.02.2012 17:43:52 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:41:33 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:41:32 Host Process for Windows Services SUPER.exe Gepackt: PE_Patch.PECompact 24.02.2012 17:41:32 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:40:25 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:40:24 Host Process for Windows Services GOOGLEDESKTOPSETUP.EXE Gepackt: PE_Patch.PECompact 24.02.2012 17:40:24 Kaspersky Anti-Virus Der Schutz wurde aktiviert 24.02.2012 17:29:39 Kaspersky Anti-Virus Vollständige Untersuchung Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus 24.02.2012 17:29:00 Kaspersky Anti-Virus 24.02.2012 17:29:00 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 24.02.2012 17:29:00 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 17:28:59 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:28:59 Unbekanntes Programm amlogs Verboten 24.02.2012 17:28:52 Client Server Runtime Process avp.exe Verboten 24.02.2012 17:27:14 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:25:30 Host Process for Windows Services 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:25:30 Host Process for Windows Services BrSerId.sys Gepackt: PE_Patch 24.02.2012 17:24:11 Host Process for Windows Services BrUsbMdm.sys Gepackt: PE_Patch 24.02.2012 17:23:48 Client Server Runtime Process avp.exe Verboten 24.02.2012 17:23:31 Kaspersky Anti-Virus Aktive Bedrohungen neutralisieren Aufgabe wurde abgeschlossen 24.02.2012 17:23:14 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:22:14 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:22:05 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:22:05 Host Process for Windows Services flvdec.spk Gepackt: PE_Patch.PECompact 24.02.2012 17:22:05 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:21:55 Host Process for Windows Services 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:21:55 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:20:25 Host Process for Windows Services PE_Patch Gepackt: ASProtect 24.02.2012 17:15:38 Host Process for Windows Services FILESEARCH.EXE Gepackt: PE_Patch 24.02.2012 17:15:37 Host Process for Windows Services PecBundle Gepackt: PECompact 24.02.2012 17:15:00 Host Process for Windows Services PE_Patch.PECompact Gepackt: PecBundle 24.02.2012 17:14:59 Host Process for Windows Services OTL.exe Gepackt: PE_Patch.PECompact 24.02.2012 17:14:59 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:10:30 Host Process for Windows Services 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:10:30 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:10:22 Host Process for Windows Services DVHHCCFBLUJQW.EXE Gefunden: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:10:22 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:06:57 Windows Explorer DVHHCCFBLUJQW.EXE Wird beim Neustart gelöscht: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:05:23 Windows Explorer DVHHCCFBLUJQW.EXE Sicherungskopie erstellt: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:05:23 Kaspersky Anti-Virus DvhhCCFbLujqW.exe Gelöscht 24.02.2012 17:04:57 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 17:04:53 Windows Explorer DVHHCCFBLUJQW.EXE Gefunden: Trojan.Win32.FakeAV.kxpe 24.02.2012 17:04:53 Google Desktop 4FM90S4PX3HOPW.EXE Wird beim Neustart in die Quarantäne verschoben: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:46 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Wird beim Neustart gelöscht: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:26 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Verschieben in die Quarantäne unmöglich: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:26 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Wird beim Neustart in die Quarantäne verschoben: HEUR:Trojan.Win32.Generic 24.02.2012 17:04:24 Google Desktop 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:03:38 Google Desktop 4FM90S4PX3HOPW.EXE Nicht verarbeitet: HEUR:Trojan.Win32.Generic 24.02.2012 17:01:35 Kaspersky Anti-Virus Aktive Bedrohungen neutralisieren Aufgabe wurde gestartet 24.02.2012 17:01:16 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 17:01:16 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Nicht verarbeitet: HEUR:Trojan.Win32.Generic 24.02.2012 17:01:16 Kaspersky Anti-Virus 4fm90s4px3hopw.exe Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 16:57:44 SpeedCommander TEAMVIEWER_SETUP_DE.EXE Gepackt: UPX 24.02.2012 16:57:24 Kaspersky Anti-Virus Es gibt unverarbeitete Objekte 24.02.2012 16:57:02 Google Desktop 4FM90S4PX3HOPW.EXE Gefunden: HEUR:Trojan.Win32.Generic 24.02.2012 16:57:02 SpeedCommander MxCmn50.dll Gepackt: ASProtect 24.02.2012 16:56:48 Windows Explorer PE_Patch Gepackt: ASProtect 24.02.2012 16:56:34 Windows Explorer PE_Patch Gepackt: ASProtect 24.02.2012 16:56:34 Windows Explorer SPEEDCOMMANDER.EXE Gepackt: PE_Patch 24.02.2012 16:56:33 Windows Explorer SpeedEdit.exe Gepackt: PE_Patch 24.02.2012 16:56:33 Windows Explorer PE_Patch Gepackt: ASProtect 24.02.2012 16:56:33 Windows Explorer SpeedView.exe Gepackt: PE_Patch 24.02.2012 16:56:32 Windows Explorer CmdLineExt03.dll Gepackt: Petite 24.02.2012 16:56:03 Kaspersky Anti-Virus Der Schutz wurde aktiviert 24.02.2012 16:55:01 Kaspersky Anti-Virus Der Schutz funktioniert nicht 24.02.2012 16:54:27 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus 24.02.2012 16:54:27 Kaspersky Anti-Virus 24.02.2012 16:54:27 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Der Schutz funktioniert nicht 24.02.2012 16:54:27 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 24.02.2012 16:54:27 Task Scheduler Engine avp.exe Verboten 24.02.2012 16:53:53 Unbekanntes Programm Kaspersky Anti-Virus 2012 Verboten 24.02.2012 16:52:04 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 24.02.2012 16:52:05 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 16:52:05 Kaspersky Anti-Virus Update Aufgabe wurde beendet 24.02.2012 16:49:48 Client Server Runtime Process avp.exe Verboten 24.02.2012 16:49:43 Client Server Runtime Process avp.exe Verboten 24.02.2012 16:49:28 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 16:49:07 Task Scheduler Engine avp.exe Verboten 24.02.2012 16:36:29 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 24.02.2012 09:42:07 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 09:42:07 Unbekanntes Programm Kaspersky Anti-Virus 2012 Verboten 24.02.2012 09:42:00 Client Server Runtime Process avp.exe Verboten 24.02.2012 09:40:15 Client Server Runtime Process avp.exe Verboten 24.02.2012 09:39:36 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus 24.02.2012 09:01:31 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus 24.02.2012 09:01:31 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde beendet 24.02.2012 09:01:31 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 24.02.2012 09:01:31 Kaspersky Anti-Virus Der Schutz wurde aktiviert 24.02.2012 09:01:16 Kaspersky Anti-Virus Der Schutz funktioniert nicht 24.02.2012 09:01:05 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus 24.02.2012 09:01:05 Kaspersky Anti-Virus 24.02.2012 09:01:05 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 24.02.2012 09:01:05 Kaspersky Anti-Virus Untersuchung bei Computerleerlauf Aufgabe wurde beendet 24.02.2012 08:36:53 Kaspersky Anti-Virus Untersuchung bei Computerleerlauf Aufgabe wurde gestartet 24.02.2012 08:36:49 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 08:17:38 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 08:15:40 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 02:06:03 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 24.02.2012 02:02:44 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 24.02.2012 00:02:32 Kaspersky Anti-Virus Es liegt eine wichtige Meldung zur Lizenz vor 24.02.2012 00:00:53 Datum: Donnerstag (47) Kaspersky Anti-Virus Das Programm wurde nicht aktiviert 23.02.2012 21:12:48 Kaspersky Anti-Virus Der Schutz funktioniert nicht 23.02.2012 21:12:48 Kaspersky Anti-Virus Die Datenbanken sind stark veraltet 23.02.2012 21:12:48 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus 23.02.2012 21:12:48 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:12:48 Kaspersky Anti-Virus 23.02.2012 21:12:48 Windows Explorer MyClubVAIO.exe Gepackt: UPX 23.02.2012 21:13:17 Kaspersky Anti-Virus Der Schutz wurde aktiviert 23.02.2012 21:14:23 Task Scheduler Engine avp.exe Verboten 23.02.2012 21:22:54 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 23.02.2012 21:23:29 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus 23.02.2012 21:23:29 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus 23.02.2012 21:23:29 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde beendet 23.02.2012 21:23:29 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus 23.02.2012 21:23:59 Kaspersky Anti-Virus 23.02.2012 21:23:59 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde gestartet 23.02.2012 21:23:59 Kaspersky Anti-Virus Der Schutz wurde aktiviert 23.02.2012 21:24:07 Firefox imgad?id=CICAgMDOnYa09wEQ0AIYmAIyCPfPT9bDYC-S Gepackt: Swf2Swc 23.02.2012 21:25:10 Firefox F17EAd01 Gepackt: Swf2Swc 23.02.2012 21:25:31 Kaspersky Anti-Virus Der Schutz wurde deaktiviert 23.02.2012 21:26:08 Kaspersky Anti-Virus Mail-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus IM-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus Aktivitätsmonitor Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus 23.02.2012 21:26:08 Kaspersky Anti-Virus 23.02.2012 21:26:08 Kaspersky Anti-Virus Web-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:08 Kaspersky Anti-Virus Datei-Anti-Virus Aufgabe wurde beendet 23.02.2012 21:26:09 Kaspersky Anti-Virus Proaktiver Schutz Aufgabe wurde beendet 23.02.2012 21:26:12 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 23.02.2012 21:26:56 Kaspersky Anti-Virus 23.02.2012 21:59:21 Kaspersky Anti-Virus Update Aufgabe wurde abgeschlossen 23.02.2012 21:59:33 Kaspersky Anti-Virus Update Aufgabe wurde gestartet 23.02.2012 23:59:58 Code:
ATTFilter Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (2) not-a-virus:RemoteAdmin.Win32.NetCat.a Desinfiziert 24.02.2012 21:01:59 not-a-virus:RemoteAdmin.Win32.NetCat.a Gelöscht 24.02.2012 21:01:58 Typ: trojanisches Programm (7) Trojan.Win32.FakeAV.kxpe Gelöscht 24.02.2012 21:13:43 Exploit.Java.CVE-2011-3544.id Desinfiziert 24.02.2012 19:48:39 Exploit.Java.CVE-2011-3544.id Gelöscht 24.02.2012 19:48:39 Trojan.Win32.FakeAV.kxpe Gelöscht 24.02.2012 18:27:03 Exploit.Java.CVE-2011-3544.id Gelöscht 24.02.2012 18:27:03 Packed.Win32.Krap.r Gelöscht 24.02.2012 18:27:02 Packed.Win32.Krap.r Gelöscht 24.02.2012 18:27:02 Typ: Virus (1) HEUR:Trojan.Win32.Generic Nicht gefunden 24.02.2012 17:28:59 |
26.02.2012, 14:43 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
26.02.2012, 17:46 | #18 |
| Festplattenproblem nach Avira Free Antivirus-Meldung So, hier ist das gute Stück
__________________Code:
ATTFilter OTL logfile created on: 26.02.2012 16:19:54 - Run 3 OTL by OldTimer - Version 3.2.33.2 Folder = c:\Users\****\Downloads Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,98% Memory free 6,13 Gb Paging File | 4,70 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 179,11 Gb Total Space | 10,22 Gb Free Space | 5,70% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\FileServe Manager\FSStarter.exe (FileServe Limited) PRC - C:\Programme\FileServe Manager\FileManager.exe (FileServe Limited) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC) PRC - C:\Programme\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileServe Manager\FFChromeExtHelper.dll () MOD - C:\Programme\FileServe Manager\MT.WindowsUI.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f280cfb373553c7b3ca0581a89944b91\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\System32\CmdLineExt03.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\ZipArchive.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtCore4.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtGui4.dll () MOD - C:\Programme\SMART Technologies\SMART Product Drivers\QtNetwork4.dll () MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\System32\btwhidcs.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RtkHDMIService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC) DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC) DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (jatmlano) -- C:\Users\****\AppData\Local\Temp\jatmlano.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.02.23 21:45:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.23 21:45:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.20 21:07:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.19 19:03:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.02.17 23:05:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\6pq22yl3.default\extensions [2011.12.04 16:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\DOROTHEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6PQ22YL3.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI () (No name found) -- C:\USERS\DOROTHEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6PQ22YL3.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.01.20 21:07:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.20 21:07:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.20 21:07:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.20 21:07:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.20 21:07:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.20 21:07:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.20 21:07:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll File not found O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files\FileServe Manager\FSStarter.exe (FileServe Limited) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMART Board Service] C:\Programme\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFDDF51-F6E0-4C87-ACB0-BCDD40DE25EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63642535-A480-4AE5-BDDE-F0273A585FFA}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell - "" = AutoRun O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell\AutoRun\command - "" = G:\launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.CSCD - camcodec.dll File not found Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.IPJ2 - jp2avi.dll File not found Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.LAGS - lagarith.dll File not found Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.tscc - tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - vp6vfw.dll (On2.com) Drivers32: vidc.VP70 - vp7vfw.dll File not found Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.24 08:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.24 08:55:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.02.24 08:55:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.24 08:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.23 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.23 20:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2012.02.23 20:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.02.23 20:49:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kaspersky Lab [2012.02.23 20:48:52 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.02.22 14:12:46 | 000,000,000 | -H-D | C] -- C:\Users\****\Desktop\Scans [2012.02.22 03:42:19 | 000,583,168 | -H-- | C] (OldTimer Tools) -- C:\Users\Dorothea\Desktop\OTL.exe [2012.02.22 03:36:49 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2012.02.21 23:43:34 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.02.06 00:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptload [2012.02.05 23:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.02.05 23:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.02.05 23:04:42 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2012.02.05 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012.02.05 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner ========== Files - Modified Within 30 Days ========== [2012.02.26 16:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.26 16:01:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.26 16:01:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.26 14:55:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.26 14:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.26 14:50:12 | 3186,581,504 | -HS- | M] () -- C:\hiberfil.sys [2012.02.25 02:50:21 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.24 18:46:19 | 000,001,733 | ---- | M] () -- C:\Users\Dorothea\Desktop\Vollständige Untersuchung.lnk [2012.02.24 08:55:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.23 21:13:01 | 000,017,408 | -H-- | M] () -- C:\Users\****\AppData\Local\WebpageIcons.db [2012.02.23 20:52:34 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012.02.23 20:52:34 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012.02.23 20:48:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.02.22 03:42:33 | 000,583,168 | -H-- | M] (OldTimer Tools) -- C:\Users\Dorothea\Desktop\OTL.exe [2012.02.22 03:34:03 | 000,000,846 | -H-- | M] () -- C:\Users\****\Desktop\firefox - Verknüpfung.lnk [2012.02.21 23:56:05 | 000,000,448 | -H-- | M] () -- C:\ProgramData\4FM90s4Px3hoPw [2012.02.21 23:54:45 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPw [2012.02.21 23:54:41 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPwr [2012.02.21 23:43:35 | 000,000,605 | -H-- | M] () -- C:\Users\****\Desktop\System Check.lnk [2012.02.14 18:53:59 | 000,001,751 | -H-- | M] () -- C:\Users\****\Desktop\JDownloader.lnk [2012.02.07 22:48:28 | 000,001,356 | -H-- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2012.02.06 00:03:20 | 000,000,682 | -H-- | M] () -- C:\Users\****\Desktop\CryptLoad - Verknüpfung.lnk [2012.02.05 23:04:43 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2012.01.31 22:53:46 | 000,002,631 | -H-- | M] () -- C:\Users\****\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2012.02.24 18:46:19 | 000,001,733 | ---- | C] () -- C:\Users\****\Desktop\Vollständige Untersuchung.lnk [2012.02.24 08:55:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.23 21:12:59 | 000,017,408 | -H-- | C] () -- C:\Users\****\AppData\Local\WebpageIcons.db [2012.02.23 20:52:34 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.02.23 20:52:34 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.02.22 03:34:03 | 000,000,846 | -H-- | C] () -- C:\Users\****\Desktop\firefox - Verknüpfung.lnk [2012.02.21 23:43:35 | 000,000,605 | -H-- | C] () -- C:\Users\****\Desktop\System Check.lnk [2012.02.21 23:43:35 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~4FM90s4Px3hoPw [2012.02.21 23:43:35 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~4FM90s4Px3hoPwr [2012.02.21 23:43:20 | 000,000,448 | -H-- | C] () -- C:\ProgramData\4FM90s4Px3hoPw [2012.02.14 18:53:59 | 000,001,751 | -H-- | C] () -- C:\Users\****\Desktop\JDownloader.lnk [2012.02.06 00:03:20 | 000,000,682 | -H-- | C] () -- C:\Users\****\Desktop\CryptLoad - Verknüpfung.lnk [2011.07.19 00:39:18 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2011.07.19 00:39:18 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.07.19 00:38:54 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.07.19 00:33:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.07.18 15:51:45 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.07.18 15:51:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.07.13 20:36:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.07.13 20:36:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.04.07 16:58:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2010.06.07 18:01:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll ========== LOP Check ========== [2011.07.18 15:46:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.18 12:39:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GrabPro [2012.01.22 23:31:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ [2009.05.11 17:05:10 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo [2011.07.17 17:58:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2010.07.24 15:56:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.07.19 16:29:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MiniDm [2012.02.22 22:47:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Orbit [2011.07.18 12:39:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProgSense [2010.12.08 21:54:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies [2010.12.08 19:57:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies Inc [2009.06.14 16:54:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SpeedProject [2012.02.25 02:50:21 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.20 16:08:03 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Adobe [2011.11.21 15:26:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2011.07.29 00:18:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ArcSoft [2008.06.19 13:23:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ATI [2011.07.18 15:46:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2009.06.15 15:58:40 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Google [2011.07.18 12:39:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GrabPro [2012.01.22 23:31:43 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ICQ [2008.05.08 14:31:20 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Identities [2008.06.19 13:14:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InstallShield [2009.05.11 17:05:10 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo [2011.07.17 17:58:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2011.07.17 17:58:16 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Logitech [2008.06.19 13:10:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2012.02.22 03:36:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.07.24 15:56:02 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.08.23 22:02:51 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2011.07.19 16:29:39 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MiniDm [2011.09.19 19:03:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2012.02.22 22:47:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Orbit [2011.07.18 12:39:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProgSense [2011.04.07 18:28:33 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.04.07 16:58:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\skypePM [2010.12.08 21:54:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies [2010.12.08 19:57:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SMART Technologies Inc [2008.06.19 13:23:33 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sony Corporation [2009.06.14 16:54:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SpeedProject [2011.07.18 18:46:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2004.01.26 16:15:29 | 000,233,472 | RH-- | M] () -- C:\Users\****\AppData\Roaming\MafiaSetup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.04.03 12:00:34 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=F489A11A103A76CA3E2D42BBCF16DAAD -- C:\Program Files\Protector Suite QL\eventlog.dll < MD5 for: IASTOR.SYS > [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2012.02.23 20:48:52 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll < End of report > |
26.02.2012, 18:26 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=92.243.163.7:3128 O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll File not found O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell - "" = AutoRun O33 - MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\Shell\AutoRun\command - "" = G:\launcher.exe [2012.02.21 23:56:05 | 000,000,448 | -H-- | M] () -- C:\ProgramData\4FM90s4Px3hoPw [2012.02.21 23:54:45 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPw [2012.02.21 23:54:41 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~4FM90s4Px3hoPwr [2012.02.21 23:43:35 | 000,000,605 | -H-- | M] () -- C:\Users\****\Desktop\System Check.lnk :Files C:\Programme\ICQ6Toolbar :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.02.2012, 21:37 | #20 |
| Festplattenproblem nach Avira Free Antivirus-Meldung So, ich habe mich mal wieder blöd angestellt und versehentlich auf fix geklickt, als der alte Kram vom Scan noch drin stand. Er konnte die Befehle erwartungsgemäß nicht interpretieren, also scheint nichts passiert zu sein, ch poste das erste Log dennoch. Code:
ATTFilter Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context! Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context! Error: Unable to interpret <%APPDATA%\*.> in the current context! Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context! Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context! Error: Unable to interpret </md5start> in the current context! Error: Unable to interpret <wininit.exe> in the current context! Error: Unable to interpret <userinit.exe> in the current context! Error: Unable to interpret <eventlog.dll> in the current context! Error: Unable to interpret <scecli.dll> in the current context! Error: Unable to interpret <netlogon.dll> in the current context! Error: Unable to interpret <cngaudit.dll> in the current context! Error: Unable to interpret <ws2ifsl.sys> in the current context! Error: Unable to interpret <sceclt.dll> in the current context! Error: Unable to interpret <ntelogon.dll> in the current context! Error: Unable to interpret <winlogon.exe> in the current context! Error: Unable to interpret <logevent.dll> in the current context! Error: Unable to interpret <user32.DLL> in the current context! Error: Unable to interpret <iaStor.sys> in the current context! Error: Unable to interpret <nvstor.sys> in the current context! Error: Unable to interpret <atapi.sys> in the current context! Error: Unable to interpret <IdeChnDr.sys> in the current context! Error: Unable to interpret <viasraid.sys> in the current context! Error: Unable to interpret <AGP440.sys> in the current context! Error: Unable to interpret <vaxscsi.sys> in the current context! Error: Unable to interpret <nvatabus.sys> in the current context! Error: Unable to interpret <viamraid.sys> in the current context! Error: Unable to interpret <nvata.sys> in the current context! Error: Unable to interpret <nvgts.sys> in the current context! Error: Unable to interpret <iastorv.sys> in the current context! Error: Unable to interpret <ViPrt.sys> in the current context! Error: Unable to interpret <eNetHook.dll> in the current context! Error: Unable to interpret <ahcix86.sys> in the current context! Error: Unable to interpret <KR10N.sys> in the current context! Error: Unable to interpret <nvstor32.sys> in the current context! Error: Unable to interpret <ahcix86s.sys> in the current context! Error: Unable to interpret </md5stop> in the current context! Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context! Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context! Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context! Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context! OTL by OldTimer - Version 3.2.33.2 log created on 02262012_185405 Code:
ATTFilter All processes killed ========== OTL ========== Process ICQ Service.exe killed successfully! Service ICQ Service stopped successfully! Service ICQ Service deleted successfully! C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKU\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found. Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully. HKU\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully. Registry value HKEY_USERS\S-1-5-21-693028979-1333035428-2070866895-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f535c700-b12f-11e0-b624-001e3df4a216}\ not found. File G:\launcher.exe not found. C:\ProgramData\4FM90s4Px3hoPw moved successfully. C:\ProgramData\~4FM90s4Px3hoPw moved successfully. C:\ProgramData\~4FM90s4Px3hoPwr moved successfully. File C:\Users\****\Desktop\System Check.lnk not found. ========== FILES ========== File\Folder C:\Programme\ICQ6Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: ****xxxx User: Default ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 198 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 814185007 bytes ->Temporary Internet Files folder emptied: 3544136077 bytes ->Java cache emptied: 2593590 bytes ->FireFox cache emptied: 70677842 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 48955 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 949790769 bytes RecycleBin emptied: 1143 bytes Total Files Cleaned = 5.132,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.2 log created on 02262012_185621 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\klsE223.tmp not found! Registry entries deleted on Reboot... |
26.02.2012, 22:15 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Festplattenproblem nach Avira Free Antivirus-Meldung |
29.02.2012, 20:49 | #22 |
| Festplattenproblem nach Avira Free Antivirus-Meldung So, er hat drei Sachen gefunden. unhide habe ich vorher auch ausgeführt. Code:
ATTFilter 20:39:09.0658 5452 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24 20:39:10.0073 5452 ============================================================ 20:39:10.0073 5452 Current date / time: 2012/02/29 20:39:10.0073 20:39:10.0074 5452 SystemInfo: 20:39:10.0074 5452 20:39:10.0074 5452 OS Version: 6.0.6001 ServicePack: 1.0 20:39:10.0074 5452 Product type: Workstation 20:39:10.0074 5452 ComputerName: BENNI-PC 20:39:10.0075 5452 UserName: Dorothea 20:39:10.0075 5452 Windows directory: C:\Windows 20:39:10.0075 5452 System windows directory: C:\Windows 20:39:10.0075 5452 Processor architecture: Intel x86 20:39:10.0075 5452 Number of processors: 2 20:39:10.0075 5452 Page size: 0x1000 20:39:10.0075 5452 Boot type: Normal boot 20:39:10.0075 5452 ============================================================ 20:39:11.0243 5452 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:39:11.0255 5452 \Device\Harddisk0\DR0: 20:39:11.0256 5452 MBR used 20:39:11.0256 5452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE68800, BlocksNum 0x166361B0 20:39:11.0293 5452 Initialize success 20:39:11.0293 5452 ============================================================ 20:39:32.0535 1788 ============================================================ 20:39:32.0535 1788 Scan started 20:39:32.0535 1788 Mode: Manual; SigCheck; TDLFS; 20:39:32.0535 1788 ============================================================ 20:39:33.0340 1788 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 20:39:33.0612 1788 ACPI - ok 20:39:33.0683 1788 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 20:39:33.0736 1788 adp94xx - ok 20:39:33.0775 1788 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 20:39:33.0813 1788 adpahci - ok 20:39:33.0909 1788 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 20:39:33.0938 1788 adpu160m - ok 20:39:33.0976 1788 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 20:39:34.0007 1788 adpu320 - ok 20:39:34.0086 1788 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys 20:39:34.0182 1788 AFD - ok 20:39:34.0436 1788 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 20:39:34.0462 1788 agp440 - ok 20:39:34.0550 1788 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:39:34.0581 1788 aic78xx - ok 20:39:34.0615 1788 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 20:39:34.0639 1788 aliide - ok 20:39:34.0671 1788 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 20:39:34.0697 1788 amdagp - ok 20:39:34.0724 1788 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 20:39:34.0750 1788 amdide - ok 20:39:34.0778 1788 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 20:39:34.0842 1788 AmdK7 - ok 20:39:34.0871 1788 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 20:39:34.0962 1788 AmdK8 - ok 20:39:35.0083 1788 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 20:39:35.0111 1788 arc - ok 20:39:35.0190 1788 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 20:39:35.0217 1788 arcsas - ok 20:39:35.0301 1788 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:39:35.0379 1788 AsyncMac - ok 20:39:35.0411 1788 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 20:39:35.0435 1788 atapi - ok 20:39:35.0500 1788 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys 20:39:35.0628 1788 athr - ok 20:39:35.0835 1788 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys 20:39:36.0199 1788 atikmdag - ok 20:39:36.0317 1788 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys 20:39:36.0360 1788 atksgt ( UnsignedFile.Multi.Generic ) - warning 20:39:36.0361 1788 atksgt - detected UnsignedFile.Multi.Generic (1) 20:39:36.0440 1788 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:39:36.0529 1788 Beep - ok 20:39:36.0594 1788 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 20:39:36.0668 1788 blbdrive - ok 20:39:36.0785 1788 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys 20:39:36.0861 1788 bowser - ok 20:39:36.0906 1788 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:39:37.0052 1788 BrFiltLo - ok 20:39:37.0217 1788 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:39:37.0302 1788 BrFiltUp - ok 20:39:37.0368 1788 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:39:37.0620 1788 Brserid - ok 20:39:37.0703 1788 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:39:37.0831 1788 BrSerWdm - ok 20:39:37.0866 1788 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:39:37.0983 1788 BrUsbMdm - ok 20:39:38.0014 1788 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:39:38.0149 1788 BrUsbSer - ok 20:39:38.0244 1788 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys 20:39:38.0324 1788 BthEnum - ok 20:39:38.0434 1788 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys 20:39:38.0523 1788 BTHMODEM - ok 20:39:38.0551 1788 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 20:39:38.0641 1788 BthPan - ok 20:39:38.0678 1788 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys 20:39:38.0730 1788 BTHPORT - ok 20:39:38.0768 1788 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys 20:39:38.0819 1788 BTHUSB - ok 20:39:38.0872 1788 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys 20:39:39.0876 1788 btwaudio - ok 20:39:39.0957 1788 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys 20:39:39.0978 1788 btwavdt - ok 20:39:40.0000 1788 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys 20:39:40.0020 1788 btwl2cap - ok 20:39:40.0038 1788 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys 20:39:40.0057 1788 btwrchid - ok 20:39:40.0103 1788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:39:40.0197 1788 cdfs - ok 20:39:40.0257 1788 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 20:39:40.0338 1788 cdrom - ok 20:39:40.0372 1788 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 20:39:40.0452 1788 circlass - ok 20:39:40.0544 1788 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 20:39:40.0580 1788 CLFS - ok 20:39:40.0665 1788 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:39:40.0726 1788 CmBatt - ok 20:39:40.0757 1788 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 20:39:40.0782 1788 cmdide - ok 20:39:40.0797 1788 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:39:40.0822 1788 Compbatt - ok 20:39:40.0845 1788 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 20:39:40.0870 1788 crcdisk - ok 20:39:40.0901 1788 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 20:39:40.0999 1788 Crusoe - ok 20:39:41.0101 1788 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys 20:39:41.0203 1788 CSC - ok 20:39:41.0279 1788 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys 20:39:41.0362 1788 DfsC - ok 20:39:41.0449 1788 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 20:39:41.0476 1788 disk - ok 20:39:41.0532 1788 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys 20:39:41.0556 1788 DMICall - ok 20:39:41.0681 1788 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 20:39:41.0750 1788 drmkaud - ok 20:39:41.0829 1788 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:39:41.0857 1788 dtsoftbus01 - ok 20:39:41.0940 1788 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 20:39:42.0067 1788 DXGKrnl - ok 20:39:42.0189 1788 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:39:42.0293 1788 E1G60 - ok 20:39:42.0353 1788 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 20:39:42.0384 1788 Ecache - ok 20:39:42.0486 1788 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 20:39:42.0547 1788 elxstor - ok 20:39:42.0660 1788 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 20:39:42.0737 1788 ErrDev - ok 20:39:42.0820 1788 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 20:39:42.0897 1788 exfat - ok 20:39:42.0930 1788 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 20:39:43.0011 1788 fastfat - ok 20:39:43.0083 1788 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 20:39:43.0176 1788 fdc - ok 20:39:43.0562 1788 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 20:39:43.0588 1788 FileInfo - ok 20:39:43.0613 1788 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 20:39:43.0694 1788 Filetrace - ok 20:39:43.0772 1788 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 20:39:43.0840 1788 flpydisk - ok 20:39:43.0947 1788 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 20:39:43.0988 1788 FltMgr - ok 20:39:44.0083 1788 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 20:39:44.0161 1788 Fs_Rec - ok 20:39:44.0204 1788 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 20:39:44.0229 1788 gagp30kx - ok 20:39:44.0271 1788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:39:44.0290 1788 GEARAspiWDM - ok 20:39:44.0432 1788 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 20:39:44.0604 1788 HdAudAddService - ok 20:39:44.0690 1788 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:39:44.0772 1788 HDAudBus - ok 20:39:44.0814 1788 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:39:44.0953 1788 HidBth - ok 20:39:44.0989 1788 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 20:39:45.0098 1788 HidIr - ok 20:39:45.0187 1788 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 20:39:45.0275 1788 HidUsb - ok 20:39:45.0337 1788 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 20:39:45.0364 1788 HpCISSs - ok 20:39:45.0445 1788 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 20:39:45.0524 1788 HSFHWAZL - ok 20:39:45.0659 1788 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys 20:39:45.0801 1788 HSF_DPV - ok 20:39:45.0848 1788 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 20:39:45.0907 1788 HSXHWAZL - ok 20:39:46.0023 1788 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 20:39:46.0138 1788 HTTP - ok 20:39:46.0178 1788 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 20:39:46.0207 1788 i2omp - ok 20:39:46.0259 1788 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 20:39:46.0327 1788 i8042prt - ok 20:39:46.0407 1788 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys 20:39:46.0436 1788 iaStor - ok 20:39:46.0525 1788 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 20:39:46.0569 1788 iaStorV - ok 20:39:46.0590 1788 igfx - ok 20:39:46.0638 1788 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:39:46.0662 1788 iirsp - ok 20:39:46.0778 1788 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys 20:39:46.0925 1788 IntcAzAudAddService - ok 20:39:47.0029 1788 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 20:39:47.0053 1788 intelide - ok 20:39:47.0133 1788 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 20:39:47.0214 1788 intelppm - ok 20:39:47.0265 1788 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:39:47.0350 1788 IpFilterDriver - ok 20:39:47.0373 1788 IpInIp - ok 20:39:47.0415 1788 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 20:39:47.0479 1788 IPMIDRV - ok 20:39:47.0569 1788 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 20:39:47.0699 1788 IPNAT - ok 20:39:48.0002 1788 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 20:39:48.0092 1788 IRENUM - ok 20:39:48.0121 1788 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 20:39:48.0147 1788 isapnp - ok 20:39:48.0197 1788 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 20:39:48.0250 1788 iScsiPrt - ok 20:39:48.0282 1788 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:39:48.0306 1788 iteatapi - ok 20:39:48.0331 1788 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:39:48.0355 1788 iteraid - ok 20:39:48.0456 1788 jatmlano - ok 20:39:48.0551 1788 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:39:48.0575 1788 kbdclass - ok 20:39:48.0607 1788 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 20:39:48.0688 1788 kbdhid - ok 20:39:48.0756 1788 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys 20:39:48.0781 1788 KL1 - ok 20:39:48.0803 1788 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys 20:39:48.0820 1788 kl2 - ok 20:39:48.0918 1788 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys 20:39:49.0070 1788 KLIF - ok 20:39:49.0168 1788 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys 20:39:49.0189 1788 KLIM6 - ok 20:39:49.0257 1788 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 20:39:49.0276 1788 klmouflt - ok 20:39:49.0337 1788 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 20:39:49.0390 1788 KSecDD - ok 20:39:49.0475 1788 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys 20:39:49.0496 1788 LHidFilt - ok 20:39:49.0558 1788 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys 20:39:49.0569 1788 lirsgt ( UnsignedFile.Multi.Generic ) - warning 20:39:49.0569 1788 lirsgt - detected UnsignedFile.Multi.Generic (1) 20:39:49.0671 1788 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 20:39:49.0769 1788 lltdio - ok 20:39:49.0815 1788 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys 20:39:49.0834 1788 LMouFilt - ok 20:39:49.0876 1788 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 20:39:49.0903 1788 LSI_FC - ok 20:39:49.0945 1788 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 20:39:49.0987 1788 LSI_SAS - ok 20:39:50.0062 1788 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 20:39:50.0090 1788 LSI_SCSI - ok 20:39:50.0358 1788 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 20:39:50.0444 1788 luafv - ok 20:39:50.0504 1788 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys 20:39:50.0523 1788 LUsbFilt - ok 20:39:50.0561 1788 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 20:39:50.0609 1788 mdmxsdk - ok 20:39:50.0654 1788 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 20:39:50.0679 1788 megasas - ok 20:39:50.0717 1788 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 20:39:50.0795 1788 MegaSR - ok 20:39:50.0898 1788 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 20:39:50.0988 1788 Modem - ok 20:39:51.0018 1788 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 20:39:51.0103 1788 monitor - ok 20:39:51.0138 1788 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 20:39:51.0163 1788 mouclass - ok 20:39:51.0187 1788 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 20:39:51.0273 1788 mouhid - ok 20:39:51.0321 1788 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 20:39:51.0365 1788 MountMgr - ok 20:39:51.0502 1788 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 20:39:51.0530 1788 mpio - ok 20:39:51.0567 1788 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 20:39:51.0618 1788 mpsdrv - ok 20:39:51.0682 1788 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:39:51.0706 1788 Mraid35x - ok 20:39:51.0753 1788 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 20:39:51.0833 1788 MRxDAV - ok 20:39:51.0871 1788 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:39:51.0948 1788 mrxsmb - ok 20:39:52.0029 1788 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:39:52.0091 1788 mrxsmb10 - ok 20:39:52.0135 1788 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:39:52.0187 1788 mrxsmb20 - ok 20:39:52.0234 1788 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 20:39:52.0261 1788 msahci - ok 20:39:52.0307 1788 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 20:39:52.0347 1788 msdsm - ok 20:39:52.0503 1788 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 20:39:52.0585 1788 Msfs - ok 20:39:52.0660 1788 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 20:39:52.0684 1788 msisadrv - ok 20:39:52.0748 1788 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 20:39:52.0812 1788 MSKSSRV - ok 20:39:52.0836 1788 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 20:39:52.0911 1788 MSPCLOCK - ok 20:39:52.0942 1788 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 20:39:53.0020 1788 MSPQM - ok 20:39:53.0059 1788 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 20:39:53.0090 1788 MsRPC - ok 20:39:53.0138 1788 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 20:39:53.0162 1788 mssmbios - ok 20:39:53.0214 1788 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 20:39:53.0304 1788 MSTEE - ok 20:39:53.0521 1788 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 20:39:53.0547 1788 Mup - ok 20:39:53.0632 1788 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 20:39:53.0705 1788 NativeWifiP - ok 20:39:53.0776 1788 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 20:39:53.0868 1788 NDIS - ok 20:39:53.0963 1788 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 20:39:54.0038 1788 NdisTapi - ok 20:39:54.0075 1788 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 20:39:54.0153 1788 Ndisuio - ok 20:39:54.0192 1788 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 20:39:54.0259 1788 NdisWan - ok 20:39:54.0289 1788 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 20:39:54.0362 1788 NDProxy - ok 20:39:54.0400 1788 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 20:39:54.0489 1788 NetBIOS - ok 20:39:54.0527 1788 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 20:39:54.0616 1788 netbt - ok 20:39:54.0883 1788 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 20:39:55.0161 1788 NETw5v32 - ok 20:39:55.0301 1788 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:39:55.0325 1788 nfrd960 - ok 20:39:55.0354 1788 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 20:39:55.0433 1788 Npfs - ok 20:39:55.0477 1788 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 20:39:55.0574 1788 nsiproxy - ok 20:39:55.0670 1788 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 20:39:55.0756 1788 Ntfs - ok 20:39:55.0821 1788 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:39:55.0940 1788 ntrigdigi - ok 20:39:55.0972 1788 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 20:39:56.0033 1788 Null - ok 20:39:56.0072 1788 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 20:39:56.0101 1788 nvraid - ok 20:39:56.0136 1788 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 20:39:56.0161 1788 nvstor - ok 20:39:56.0198 1788 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 20:39:56.0226 1788 nv_agp - ok 20:39:56.0250 1788 NwlnkFlt - ok 20:39:56.0277 1788 NwlnkFwd - ok 20:39:56.0332 1788 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 20:39:56.0415 1788 ohci1394 - ok 20:39:56.0509 1788 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:39:56.0636 1788 Parport - ok 20:39:56.0675 1788 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 20:39:56.0701 1788 partmgr - ok 20:39:56.0738 1788 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:39:56.0862 1788 Parvdm - ok 20:39:56.0888 1788 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 20:39:56.0918 1788 pci - ok 20:39:56.0947 1788 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 20:39:56.0971 1788 pciide - ok 20:39:57.0004 1788 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 20:39:57.0034 1788 pcmcia - ok 20:39:57.0121 1788 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:39:57.0355 1788 PEAUTH - ok 20:39:57.0518 1788 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 20:39:57.0603 1788 PptpMiniport - ok 20:39:57.0632 1788 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 20:39:57.0704 1788 Processor - ok 20:39:57.0787 1788 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 20:39:57.0862 1788 PSched - ok 20:39:57.0903 1788 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys 20:39:57.0924 1788 PxHelp20 - ok 20:39:58.0005 1788 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 20:39:58.0109 1788 ql2300 - ok 20:39:58.0229 1788 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:39:58.0256 1788 ql40xx - ok 20:39:58.0317 1788 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 20:39:58.0375 1788 QWAVEdrv - ok 20:39:58.0414 1788 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 20:39:58.0500 1788 RasAcd - ok 20:39:58.0558 1788 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:39:58.0643 1788 Rasl2tp - ok 20:39:58.0674 1788 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 20:39:58.0745 1788 RasPppoe - ok 20:39:58.0784 1788 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 20:39:58.0868 1788 RasSstp - ok 20:39:58.0939 1788 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 20:39:59.0046 1788 rdbss - ok 20:39:59.0116 1788 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:39:59.0214 1788 RDPCDD - ok 20:39:59.0273 1788 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys 20:39:59.0369 1788 rdpdr - ok 20:39:59.0386 1788 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 20:39:59.0448 1788 RDPENCDD - ok 20:39:59.0490 1788 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 20:39:59.0559 1788 RDPWD - ok 20:39:59.0601 1788 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 20:39:59.0620 1788 regi - ok 20:39:59.0676 1788 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys 20:39:59.0757 1788 RFCOMM - ok 20:39:59.0816 1788 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys 20:39:59.0880 1788 rimsptsk - ok 20:39:59.0915 1788 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys 20:39:59.0962 1788 risdptsk - ok 20:40:00.0023 1788 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 20:40:00.0087 1788 rspndr - ok 20:40:00.0135 1788 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\Windows\system32\DRIVERS\rt25usbap.sys 20:40:00.0173 1788 RT25USBAP ( UnsignedFile.Multi.Generic ) - warning 20:40:00.0173 1788 RT25USBAP - detected UnsignedFile.Multi.Generic (1) 20:40:00.0357 1788 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:40:00.0383 1788 sbp2port - ok 20:40:00.0485 1788 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 20:40:00.0577 1788 sdbus - ok 20:40:00.0623 1788 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:40:00.0753 1788 secdrv - ok 20:40:00.0797 1788 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:40:00.0919 1788 Serenum - ok 20:40:00.0953 1788 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:40:01.0064 1788 Serial - ok 20:40:01.0107 1788 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 20:40:01.0201 1788 sermouse - ok 20:40:01.0350 1788 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys 20:40:01.0387 1788 SFEP - ok 20:40:01.0442 1788 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 20:40:01.0506 1788 sffdisk - ok 20:40:01.0538 1788 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 20:40:01.0613 1788 sffp_mmc - ok 20:40:01.0657 1788 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 20:40:01.0734 1788 sffp_sd - ok 20:40:01.0780 1788 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 20:40:01.0844 1788 sfloppy - ok 20:40:01.0895 1788 shpf (fd165f1309e8da2a969fbbb16635e459) C:\Windows\system32\DRIVERS\shpf.sys 20:40:01.0915 1788 shpf - ok 20:40:02.0003 1788 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 20:40:02.0028 1788 sisagp - ok 20:40:02.0077 1788 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 20:40:02.0102 1788 SiSRaid2 - ok 20:40:02.0140 1788 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 20:40:02.0167 1788 SiSRaid4 - ok 20:40:02.0262 1788 SMARTMouseFilterx86 (9d819137bbdee71f4241706acf80fbe1) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys 20:40:02.0281 1788 SMARTMouseFilterx86 - ok 20:40:02.0316 1788 SMARTVHidMini2000x86 (2d362731fac8440e9d3a43f5d1dae280) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys 20:40:02.0336 1788 SMARTVHidMini2000x86 - ok 20:40:02.0386 1788 SMARTVTabletPCx86 (cb07b494d60a0f31b12b01dee0fb251f) C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys 20:40:02.0470 1788 SMARTVTabletPCx86 - ok 20:40:02.0507 1788 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 20:40:02.0592 1788 Smb - ok 20:40:02.0691 1788 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 20:40:02.0715 1788 spldr - ok 20:40:02.0802 1788 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys 20:40:02.0880 1788 srv - ok 20:40:02.0914 1788 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys 20:40:02.0963 1788 srv2 - ok 20:40:03.0008 1788 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys 20:40:03.0063 1788 srvnet - ok 20:40:03.0154 1788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:40:03.0175 1788 ssmdrv - ok 20:40:03.0243 1788 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 20:40:03.0287 1788 swenum - ok 20:40:03.0439 1788 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:40:03.0464 1788 Symc8xx - ok 20:40:03.0507 1788 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:40:03.0531 1788 Sym_hi - ok 20:40:03.0564 1788 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:40:03.0589 1788 Sym_u3 - ok 20:40:03.0631 1788 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys 20:40:03.0659 1788 SynTP - ok 20:40:03.0788 1788 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 20:40:03.0868 1788 Tcpip - ok 20:40:03.0965 1788 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 20:40:04.0034 1788 Tcpip6 - ok 20:40:04.0074 1788 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 20:40:04.0138 1788 tcpipreg - ok 20:40:04.0198 1788 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys 20:40:04.0219 1788 TcUsb - ok 20:40:04.0246 1788 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 20:40:04.0327 1788 TDPIPE - ok 20:40:04.0369 1788 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 20:40:04.0454 1788 TDTCP - ok 20:40:04.0541 1788 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 20:40:04.0608 1788 tdx - ok 20:40:04.0671 1788 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 20:40:04.0696 1788 TermDD - ok 20:40:04.0748 1788 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys 20:40:04.0773 1788 TPM - ok 20:40:09.0338 1788 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys 20:40:09.0376 1788 truecrypt - ok 20:40:09.0628 1788 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:40:09.0691 1788 tssecsrv - ok 20:40:09.0726 1788 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 20:40:09.0803 1788 tunmp - ok 20:40:09.0879 1788 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 20:40:09.0935 1788 tunnel - ok 20:40:09.0964 1788 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 20:40:09.0991 1788 uagp35 - ok 20:40:10.0044 1788 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 20:40:10.0148 1788 udfs - ok 20:40:10.0249 1788 UIUSys - ok 20:40:10.0292 1788 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 20:40:10.0318 1788 uliagpkx - ok 20:40:10.0352 1788 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 20:40:10.0389 1788 uliahci - ok 20:40:10.0422 1788 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:40:10.0448 1788 UlSata - ok 20:40:10.0480 1788 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:40:10.0509 1788 ulsata2 - ok 20:40:10.0547 1788 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 20:40:10.0624 1788 umbus - ok 20:40:10.0682 1788 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 20:40:10.0740 1788 USBAAPL - ok 20:40:10.0830 1788 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys 20:40:10.0904 1788 usbccgp - ok 20:40:10.0936 1788 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:40:11.0045 1788 usbcir - ok 20:40:11.0088 1788 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys 20:40:11.0144 1788 usbehci - ok 20:40:11.0235 1788 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys 20:40:11.0309 1788 usbhub - ok 20:40:11.0502 1788 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 20:40:11.0639 1788 usbohci - ok 20:40:11.0720 1788 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 20:40:11.0830 1788 usbprint - ok 20:40:11.0871 1788 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:40:11.0961 1788 USBSTOR - ok 20:40:12.0047 1788 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys 20:40:12.0076 1788 usbuhci - ok 20:40:12.0144 1788 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 20:40:12.0237 1788 usbvideo - ok 20:40:12.0337 1788 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 20:40:12.0415 1788 vga - ok 20:40:12.0455 1788 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 20:40:12.0552 1788 VgaSave - ok 20:40:12.0581 1788 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 20:40:12.0608 1788 viaagp - ok 20:40:12.0828 1788 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 20:40:12.0919 1788 ViaC7 - ok 20:40:12.0947 1788 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 20:40:12.0972 1788 viaide - ok 20:40:13.0004 1788 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 20:40:13.0031 1788 volmgr - ok 20:40:13.0062 1788 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 20:40:13.0099 1788 volmgrx - ok 20:40:13.0140 1788 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 20:40:13.0177 1788 volsnap - ok 20:40:13.0242 1788 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 20:40:13.0271 1788 vsmraid - ok 20:40:13.0322 1788 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:40:13.0446 1788 WacomPen - ok 20:40:13.0568 1788 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:40:13.0619 1788 Wanarp - ok 20:40:13.0629 1788 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:40:13.0679 1788 Wanarpv6 - ok 20:40:13.0778 1788 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 20:40:13.0817 1788 Wd - ok 20:40:13.0866 1788 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 20:40:13.0917 1788 Wdf01000 - ok 20:40:14.0064 1788 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 20:40:14.0093 1788 WimFltr - ok 20:40:14.0165 1788 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 20:40:14.0266 1788 winachsf - ok 20:40:14.0396 1788 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 20:40:14.0447 1788 WmiAcpi - ok 20:40:14.0547 1788 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 20:40:14.0610 1788 ws2ifsl - ok 20:40:14.0696 1788 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:40:14.0785 1788 WUDFRd - ok 20:40:14.0848 1788 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 20:40:14.0890 1788 XAudio - ok 20:40:15.0006 1788 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys 20:40:15.0140 1788 xnacc - ok 20:40:15.0209 1788 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys 20:40:15.0233 1788 xusb21 - ok 20:40:15.0289 1788 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys 20:40:15.0372 1788 yukonwlh - ok 20:40:15.0418 1788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 20:40:15.0568 1788 \Device\Harddisk0\DR0 - ok 20:40:15.0576 1788 Boot (0x1200) (682b1841548126c6998432dfdadb121b) \Device\Harddisk0\DR0\Partition0 20:40:15.0579 1788 \Device\Harddisk0\DR0\Partition0 - ok 20:40:15.0584 1788 ============================================================ 20:40:15.0584 1788 Scan finished 20:40:15.0584 1788 ============================================================ 20:40:15.0613 4552 Detected object count: 3 20:40:15.0613 4552 Actual detected object count: 3 20:46:20.0617 4552 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:20.0617 4552 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:20.0621 4552 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:20.0621 4552 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:46:20.0625 4552 RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user 20:46:20.0625 4552 RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip |
01.03.2012, 12:09 | #23 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.03.2012, 22:10 | #24 |
| Festplattenproblem nach Avira Free Antivirus-Meldung So, hier ist das Log. Eine Fehlermeldung habe ich beim Starten von Firefox nicht erhalten, ich musste ihn nur wieder als Standardbrowser festlegen Code:
ATTFilter ComboFix 12-03-02.01 - Dorothea 02.03.2012 18:26:57.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.49.1031.18.3038.1786 [GMT 1:00] ausgeführt von:: c:\users\****\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk c:\users\****\Desktop\System Check.lnk c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\oobe\audit.exe c:\windows\system32\oobe\msoobe.exe c:\windows\system32\oobe\oobeldr.exe c:\windows\system32\oobe\Setup.exe c:\windows\system32\oobe\windeploy.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 )))))))))))))))))))))))))))))) . . 2012-03-02 17:46 . 2012-03-02 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-02 17:14 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{210D9088-1083-4CE4-BF41-F42713D1818F}\mpengine.dll 2012-02-26 17:54 . 2012-02-26 17:54 -------- d-----w- C:\_OTL 2012-02-24 07:55 . 2012-02-24 07:55 -------- d-----w- c:\programdata\Malwarebytes 2012-02-24 07:55 . 2012-02-24 07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-24 07:55 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-23 20:26 . 2012-02-23 20:26 -------- d-----w- c:\program files\ESET 2012-02-23 19:52 . 2012-02-23 19:52 97961 ----a-w- c:\windows\system32\drivers\klick.dat 2012-02-23 19:52 . 2012-02-23 19:52 115369 ----a-w- c:\windows\system32\drivers\klin.dat 2012-02-23 19:49 . 2012-02-23 19:49 -------- d-----w- c:\program files\Kaspersky Lab 2012-02-23 19:49 . 2012-03-02 17:10 -------- d-----w- c:\programdata\Kaspersky Lab 2012-02-23 19:17 . 2012-01-29 04:10 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 02:36 . 2012-02-22 02:36 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes 2012-02-05 23:01 . 2012-02-05 23:01 -------- d-----w- c:\program files\Cryptload 2012-02-05 22:09 . 2012-02-05 22:09 -------- d-----w- c:\program files\7-Zip 2012-02-05 22:04 . 2012-02-05 22:04 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2012-02-05 22:03 . 2012-02-05 22:04 -------- d-----w- c:\program files\TrueCrypt 2012-02-05 21:59 . 2012-02-05 21:59 -------- d-----w- c:\program files\CCleaner . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-05 14:09 . 2011-09-24 00:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-20 20:07 . 2012-01-20 20:07 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll 2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2008-04-03 11:10 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2008-04-03 11:10 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-05-29 262144] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "RtHDVCpl"="RtHDVCpl.exe" [2008-06-06 6111232] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-19 36864] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-03 48904] "VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-26 534368] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288] "SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688] "FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-09-02 954648] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-5-9 295606] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-7-17 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "disableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-04-03 10:57 90112 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-05-12 21:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:09] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:09] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6pq22yl3.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1 - c:\program files\FileServe Manager\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-03-02 18:46 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(880) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infra.dll . Zeit der Fertigstellung: 2012-03-02 18:50:30 ComboFix-quarantined-files.txt 2012-03-02 17:50 . Vor Suchlauf: 13 Verzeichnis(se), 15.136.571.392 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 14.852.784.128 Bytes frei . - - End Of File - - F29E413F611EB8BADB40938B55663904 |
05.03.2012, 11:42 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-Meldung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
06.03.2012, 22:36 | #26 |
| Festplattenproblem nach Avira Free Antivirus-Meldung So, beim zweiten Versuhc hat es nach einem Neustart geklappt. Hier das Log vom GMER, die anderen folgen noch Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-03-06 22:33:59 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.DC4O Running: fb3jqn5s.exe; Driver: C:\Users\****\AppData\Local\Temp\pgloqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x92AF428A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x92B0E342] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x92B0E678] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x92B0E9EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x92AF4D04] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x92B0E02A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x92AF5276] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x92AF5164] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x92B0E4E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x92AF4046] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x92AF538E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x92AF48BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x92B0E5B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x92AF574E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x92AF4D46] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x92AF6750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x92AF5840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x92AF5DAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x92B0C840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x92AF5308] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x92AF51F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x92AF44C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x92AF5B90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x92AF5420] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x92AF43B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x92AF555C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x92B0CA38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x92AF60D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x92AF59E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x92B09334] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x92B0E7DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x92B0E72A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x92B0E848] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x92B0953E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x92AF65F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x92B08E5A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKeyEx [0x92B08FF4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveMergedKeys [0x92B09194] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x92B0E1B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x92AF4BA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x92AF55FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x92AF6222] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x92AF6316] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x92AF6450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x92AF5670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x92AF4664] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x92AF45BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x92AF5F8A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x92AF4750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x92AF4A2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x92AF54A6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 34C 82302970 4 Bytes [8A, 42, AF, 92] {MOV AL, [EDX-0x51]; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetTimerEx + 370 82302994 8 Bytes [42, E3, B0, 92, 78, E6, B0, ...] {INC EDX; JECXZ 0xffffffffffffffb3; XCHG EDX, EAX; JS 0xffffffffffffffec; MOV AL, 0x92} .text ntkrnlpa.exe!KeSetTimerEx + 3B4 823029D8 4 Bytes JMP AFF3BC8D .text ntkrnlpa.exe!KeSetTimerEx + 3DC 82302A00 4 Bytes [04, 4D, AF, 92] {ADD AL, 0x4d; SCASD ; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetTimerEx + 3F4 82302A18 4 Bytes [2A, E0, B0, 92] {SUB AH, AL; MOV AL, 0x92} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F205000, 0x1F926A, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F923300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F966300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] C:\Windows\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] ntdll.dll!NtProtectVirtualMemory 776C85D8 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] USER32.dll!GetAppCompatFlags2 + 880 777B6390 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] C:\Windows\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] ntdll.dll!NtProtectVirtualMemory 776C85D8 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] USER32.dll!GetAppCompatFlags2 + 880 777B6390 4 Bytes [E0, 13, 54, 67] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF073C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[2428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BB8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BF9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BBB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BAFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BB7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BAEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BEB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BBBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BB0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BB06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BA71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C3D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BD7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BAE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BA697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BA69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BB2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF073C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[5304] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d02af9f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b714f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7151 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b715f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7165 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b716e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7172 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3df4a216 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3df4a216@000000c90500 0x36 0x0C 0x69 0x4A ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d02af9f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b714f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7151 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b715f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7165 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b716e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b7172 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3df4a216 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3df4a216@000000c90500 0x36 0x0C 0x69 0x4A ... ---- EOF - GMER 1.0.15 ---- Nach erneutem Neustart jetzt OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:13:14 on 06.03.2012 OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\Users\****\AppData\Local\Temp\catchme.sys (File not found) "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Nintendo Wi-Fi USB Connector Service" (RT25USBAP) - "Ralink Technology Inc." - C:\Windows\System32\DRIVERS\rt25usbap.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? - (File not found | COM-object registry key not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Dorothea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" "FileServe Manager Task" - "FileServe Limited" - "C:\Program Files\FileServe Manager\FSStarter.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe "SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe" "XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "RtkHDMIService" (RtkHDMIService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Xave (06.03.2012 um 23:18 Uhr) |
06.03.2012, 23:52 | #27 |
| Festplattenproblem nach Avira Free Antivirus-Meldung Hmm, beim ersten OSAM war der Scanner wieder an, ich habs zur Sicherheit nochmal gemacht: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:40:36 on 06.03.2012 OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "SMARTBoardCPL" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\Users\****\AppData\Local\Temp\catchme.sys (File not found) "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "jatmlano" (jatmlano) - ? - C:\Users\****\AppData\Local\Temp\jatmlano.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Nintendo Wi-Fi USB Connector Service" (RT25USBAP) - "Ralink Technology Inc." - C:\Windows\System32\DRIVERS\rt25usbap.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? - (File not found | COM-object registry key not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {CD275D4E-791A-4993-9D4D-6A071EDD2709} "IE7Pro Grab and Drag" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7Pro Preferences" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {67BCF957-85FC-4036-8DC4-D4D80E00A77B} "CIEDownload Object" - "SMART Technologies ULC." - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {00011268-E188-40DF-A514-835FCD78B1BF} "IE7Pro BHO" - "IE7Pro.com" - C:\Program Files\IEPro\iepro.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Dorothea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" "FileServe Manager Task" - "FileServe Limited" - "C:\Program Files\FileServe Manager\FSStarter.exe" "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SMART Board Service" - "SMART Technologies" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe "SMART SNMP Agent" - "SMART Technologies ULC" - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe" "XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "SMART Local Port" - "SMART Technologies ULC" - C:\Windows\system32\smrtlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "RtkHDMIService" (RtkHDMIService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
07.03.2012, 00:32 | #28 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Festplattenproblem nach Avira Free Antivirus-MeldungZitat:
Neues Log von OSAM danach wäre gut. Außerdem brauche ich noch das Log von aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
07.03.2012, 00:52 | #29 |
| Festplattenproblem nach Avira Free Antivirus-Meldung So, hier das letzte Log (aswMBR): Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software Run date: 2012-03-06 23:53:21 ----------------------------- 23:53:21.390 OS Version: Windows 6.0.6001 Service Pack 1 23:53:21.390 Number of processors: 2 586 0x1706 23:53:21.390 ComputerName: ****-PC UserName: **** 23:53:55.835 Initialize success 23:55:00.102 AVAST engine defs: 12030600 23:55:17.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:55:17.200 Disk 0 Vendor: Hitachi_ DC4O Size: 190782MB BusType: 3 23:55:17.200 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f 23:55:17.216 Disk 1 Vendor: RICOH 01 Size: 190782MB BusType: 0 23:55:17.216 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000070 23:55:17.231 Disk 2 Vendor: RICOH 02 Size: 190782MB BusType: 0 23:55:17.247 Disk 0 MBR read successfully 23:55:17.262 Disk 0 MBR scan 23:55:17.278 Disk 0 Windows VISTA default MBR code 23:55:17.278 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7376 MB offset 2048 23:55:17.294 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 183404 MB offset 15108096 23:55:17.309 Disk 0 scanning sectors +390719920 23:55:17.387 Disk 0 scanning C:\Windows\system32\drivers 23:55:28.931 Service scanning 23:55:39.508 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 23:55:39.586 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 23:55:39.758 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 23:55:39.773 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 23:55:57.401 Modules scanning 23:56:02.128 Disk 0 trace - called modules: 23:56:02.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys shpf.sys acpi.sys hal.dll iaStor.sys 23:56:02.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87034738] 23:56:02.175 3 CLASSPNP.SYS[8b16e745] -> nt!IofCallDriver -> [0x863d10c8] 23:56:02.190 5 shpf.sys[8ab55cdd] -> nt!IofCallDriver -> [0x85906020] 23:56:02.190 7 acpi.sys[806956a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85912028] 23:56:03.688 AVAST engine scan C:\Windows 23:56:07.744 AVAST engine scan C:\Windows\system32 23:59:42.681 AVAST engine scan C:\Windows\system32\drivers 23:59:56.440 AVAST engine scan C:\Users\Dorothea 00:14:17.017 AVAST engine scan C:\ProgramData 00:28:05.566 Scan finished successfully 00:48:48.731 Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat" 00:48:48.747 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt" |
Themen zu Festplattenproblem nach Avira Free Antivirus-Meldung |
antivirus, avira, bildschirm, computer, datei, entfernen, error, failed, fehlermeldungen, festplatte, free, funktioniert, laptop, neustart, ordner, problem, probleme, programme, ram, scan, schließen, surfen, system, system32, systemsteuerung, versteckte, wiederholung, windows |